Change log for F5_VPN
| Date | Changes |
|---|---|
| 2024-05-20 | Enhancement:
- Modified a Grok pattern to parse "principal.resource.name" correctly. - Added a Grok pattern to parse "uid" and "sAmAccountName" and mapped to "target.hostname". - Mapped "Hostname" to "target.hostname" and "target.asset.hostname". - Mapped "sess_id" to "network.session_id" for "SAML Agent" messages. |
| 2024-03-05 | Enhancement:
- Added a Grok pattern to parse syslog logs. - Mapped "internal_ip" to "target.ip" and "target.asset.ip". - Mapped "sess_id" to "network.session_id". - Mapped "file_path" to "principal.resource.name". - Mapped "useragent" to "network.http.user_agent". - Mapped "User-Agent" and "useragent" to "network.http.parsed_user_agent". - Mapped "username" to "target.user.userid". - Mapped "sid" to "target.user.windows_sid". - Mapped "bytes_out" to "network.sent_bytes". - Mapped "bytes_in" to "network.received_bytes". - Mapped "Platform" to "principal.platform". - Mapped "Platform_Version" to "principal.platform_version". - Mapped "Javascript_Support", "ActiveX_Support", "Plugin_Support", "Version", "Model", "CPU", "UI_Mode", "SP", "IDP", "to_rule_item", "from_rule_item", "policy_result", "rule", "resource", "ppp_id", "tunnel_resource", "server_vip_ip", "server_vip_name", and "Canonical_Info" to "additional.fields". |
| 2022-07-22 | Enhancement:
- Modified grok pattern to parse the date present in "RFC 3339" format. - Added "gsub" to remove "/" from "resource_id". |
| 2022-07-08 | Enhancement:
- Mapped "uri_path" to "target.url". - Mapped "protocol" to "network.application_protocol". - Mapped "method" to "network.http.method". - Mapped "User-Agent" to "network.http.user_agent". - Mapped "s_ip" to "src.ip". - Mapped "t_ip" to "target.ip". - Mapped "t_port" to "target.port". - Mapped "s_nat_ip" to "target.nat_ip". - Mapped "ip_protocol" to "network.ip_protocol". - Mapped "descrip" to "security_result.description". - Mapped "user" to "principal.user.userid". - Mapped "command" to "target.process.command_line". When "application" is equal to "logger" - Mapped "cipher_name" to "network.tls.cipher". - Mapped "tls_version" to "network.tls.version". - Mapped "resource_id" to "target.resource.id" - Mapped "src_ip" to "principal.ip". - Mapped "url" to "network.http.referral_url". - Mapped "status" to "network.http.response_code". |
| 2022-07-08 | Enhancement:
- Mapped "uri_path" to "target.url". - Mapped "protocol" to "network.application_protocol". - Mapped "method" to "network.http.method". - Mapped "User-Agent" to "network.http.user_agent". - Mapped "s_ip" to "src.ip". - Mapped "t_ip" to "target.ip". - Mapped "t_port" to "target.port". - Mapped "s_nat_ip" to "target.nat_ip". - Mapped "ip_protocol" to "network.ip_protocol". - Mapped "descrip" to "security_result.description". - Mapped "user" to "principal.user.userid". - Mapped "command" to "target.process.command_line". When "application" is equal to "logger" - Mapped "cipher_name" to "network.tls.cipher". - Mapped "tls_version" to "network.tls.version". - Mapped "resource_id" to "target.resource.id" - Mapped "src_ip" to "principal.ip". - Mapped "url" to "network.http.referral_url". - Mapped "status" to "network.http.response_code". |