Stay organized with collections
Save and categorize content based on your preferences.
Change log for FORCEPOINT_FIREWALL
Date
Changes
2025-02-11
Enhancement:
- Changed "inter_hostname" mapping from "principal.hostname" and "principal.asset.hostname" to "intermediary.hostname" and "intermediary.asset.hostname".
- Modified the Grok pattern to parse IP address to "intermediary.ip".
2025-01-23
Enhancement:
- Modified the Grok pattern to parse the unparsed logs.
2024-12-04
Enhancement:
- Modified "eventid" mapping from "metadata.product_log_id" to "security_result.rule_id".
- Modified "log_id" mapping from "additional_fields" to "metadata.product_log_id".
2024-11-13
Enhancement:
- Mapped "eventid" to "metadata.product_log_id".
- Moved "log_id" mapping from "metadata.product_log_id" to "additional_fields".
2023-02-16
Bug Fix
- Fixed the error when the target field is not set while generating event type "NETWORK_CONNECTION".
- Modified the code to handle addition errors found in testing.
2022-10-06
Enhancement - Added condition to Map "NodeId" to "principal.ip" when "Src" and "Dst" is empty.
2022-06-27
Enhancement - Following fields were added
Mapped "Action" to "security_result.action_details".
Mapped "AccElapsed" to "network.session_duration.seconds".
Mapped "Type" to "security_result.severity_details".
Mapped security_result.severity as "LOW" for "Type" having value "Notification".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eUpdates include mapping changes for fields such as "inter_hostname," "eventid," and "log_id" to align with new naming conventions and data locations.\u003c/p\u003e\n"],["\u003cp\u003eGrok patterns have been modified to enhance the parsing of IP addresses and unparsed logs, improving data extraction.\u003c/p\u003e\n"],["\u003cp\u003eA bug fix was implemented to resolve issues when the target field is not set during the generation of the "NETWORK_CONNECTION" event type.\u003c/p\u003e\n"],["\u003cp\u003eNew mappings have been added for fields like "Action," "AccElapsed," and "Type" to enrich the "security_result" and "network" data structures.\u003c/p\u003e\n"],["\u003cp\u003eA condition has been added to map "NodeId" to "principal.ip" when source ("Src") and destination ("Dst") fields are empty.\u003c/p\u003e\n"]]],[],null,["# Change log for FORCEPOINT_FIREWALL\n=================================="]]
