Stay organized with collections
Save and categorize content based on your preferences.
Change log for FORCEPOINT_FIREWALL
Date
Changes
2025-02-11
Enhancement:
- Changed "inter_hostname" mapping from "principal.hostname" and "principal.asset.hostname" to "intermediary.hostname" and "intermediary.asset.hostname".
- Modified the Grok pattern to parse IP address to "intermediary.ip".
2025-01-23
Enhancement:
- Modified the Grok pattern to parse the unparsed logs.
2024-12-04
Enhancement:
- Modified "eventid" mapping from "metadata.product_log_id" to "security_result.rule_id".
- Modified "log_id" mapping from "additional_fields" to "metadata.product_log_id".
2024-11-13
Enhancement:
- Mapped "eventid" to "metadata.product_log_id".
- Moved "log_id" mapping from "metadata.product_log_id" to "additional_fields".
2023-02-16
Bug Fix
- Fixed the error when the target field is not set while generating event type "NETWORK_CONNECTION".
- Modified the code to handle addition errors found in testing.
2022-10-06
Enhancement - Added condition to Map "NodeId" to "principal.ip" when "Src" and "Dst" is empty.
2022-06-27
Enhancement - Following fields were added
Mapped "Action" to "security_result.action_details".
Mapped "AccElapsed" to "network.session_duration.seconds".
Mapped "Type" to "security_result.severity_details".
Mapped security_result.severity as "LOW" for "Type" having value "Notification".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-25 UTC."],[[["Updates include mapping changes for fields such as \"inter_hostname,\" \"eventid,\" and \"log_id\" to align with new naming conventions and data locations."],["Grok patterns have been modified to enhance the parsing of IP addresses and unparsed logs, improving data extraction."],["A bug fix was implemented to resolve issues when the target field is not set during the generation of the \"NETWORK_CONNECTION\" event type."],["New mappings have been added for fields like \"Action,\" \"AccElapsed,\" and \"Type\" to enrich the \"security_result\" and \"network\" data structures."],["A condition has been added to map \"NodeId\" to \"principal.ip\" when source (\"Src\") and destination (\"Dst\") fields are empty."]]],[]]
