Change log for F5_DCS
| Date | Changes |
|---|---|
| 2025-04-25 | Enhancement:
- Added a conditional check before mapping "latitude" to "event.idm.read_only_udm.principal.location.region_latitude". - Added a conditional check before mapping "longitude" to "event.idm.read_only_udm.principal.location.region_longitude". - Added a conditional check before mapping "user_id" to "event.idm.read_only_udm.principal.user.userid". - Added a "on_error" check where "namespace" is mapped to "event.idm.read_only_udm.target.namespace". - Removed "has_target" flag used in conditional check before mapping "NETWORK"CONNECTION" event_type. |
| 2025-04-03 | Enhancement:
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped "policy_hit.malicious_user_mitigate_action" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.security_result.about.resource.attribute.labels: Newly mapped "policy_hit.policy" raw log field with "event.idm.read_only_udm.security_result.about.resource.attribute.labels" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "policy_hit.policy_namespace" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.security_result.rule_name: Newly mapped "policy_hit.policy_rule" raw log field with "event.idm.read_only_udm.security_result.rule_name" UDM field. - event.idm.read_only_udm.security_result.description: Newly mapped "policy_hit.policy_rule_description" raw log field with "event.idm.read_only_udm.security_result.description" UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped "policy_hit.policy_set" raw log field with "event.idm.read_only_udm.target.resource.name" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "policy_hit.result" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - Added Grok pattern match on "x_forwarded_for" raw log field to extract "ip" and mapped with "event.idm.read_only_udm.intermediary.ip". Non ip values are mapped to "event.idm.read_only_udm.security_result.about.resource.attribute.labels". - Renamed "event1" to "event" to parse "hostname" raw log field with "event.idm.read_only_udm.principal.hostname". - Added Grok pattern match on "user" raw log field to extract ip and mapped it to "event.idm.read_only_udm.target.ip" and "event.idm.read_only_udm.target.asset.ip". - Added "NULL" and empty condition check before mapping "event.idm.read_only_udm.principal.user.userid" UDM field. |
| 2025-03-25 | Enhancement:
- Added regex check to "latitude", "longitude", "host" and "network" fields. - Mapped "x_forwarded_for" to "intermediary.ip". |
| 2025-01-17 | - Newly created parser
|