Change log for FORESCOUT_EYEINSPECT

Date	Changes
2025-04-23	- Map domain name to "network.dns.questions.name" when application protocol is DNS. - Map answers to "network.dns.answers.data" when application protocol is DNS.
2025-03-12	- Newly created parser. - Mapped "app_protocol_src" to "network.application_protocol". - Mapped "Source" to "principal.ip" if it is an IP address, otherwise to "principal.hostname". - Mapped "Target" to "target.ip" if it is an IP address, otherwise to "target.hostname". - Mapped "user_name" to "principal.user.userid". - Mapped "type" to "additional.fields" - Mapped "session_id" to "network.session_id". - Mapped "product" to "metadata.product_name". - Mapped "pid" to "intermediary.process.pid". - Mapped "iporhost" to "intermediary.ip" if it is an IP address, otherwise to "intermediary.hostname". - Mapped "Rule" to "security_result.rule_id". - Mapped "Match" to "security_result.rule_name". - Mapped "Category" and "policy_details" to "security_result.description". - Mapped "Destination" to "target.ip" if it is an IP address, otherwise to "target.hostname". - Mapped "port" to "target.port". - Mapped "Host" to "principal.ip" if it is an IP address, otherwise to "principal.hostname". - Mapped "Target" to "target.ip" if it is an IP address, otherwise to "target.hostname". - Mapped "Service" to "target.port" and "network.ip_protocol". - Mapped "Reason" to "security_result.description". - Mapped "mail_from" to "network.email.from". - Mapped "mail_to" to "network.email.to". - Mapped "mail_subject" to "network.email.subject". - Mapped "event_type" to "security_result.summary". - Mapped "log_description" to "security_result.summary". - Mapped "details" to "security_result.description". - Mapped "CPU_usage", "Available_memory", "Used_memory", "Available_swap", "Used_swap" to "additional.fields". - Mapped "application_status", "Connected_clients", "EM_connection_status", "Assigned_hosts", "Engine_status", "Installed_Plugins" to "additional.fields". - Mapped "User" to "principal.user.userid". - Mapped "Hostname" to "principal.hostname" and "principal.asset.hostname". - Mapped "MAC" to "principal.mac". - Mapped "src_ip" to "principal.ip" and "principal.asset.ip". - Mapped "user_id" to "principal.user.userid". - Mapped "act" to "security_result.description". - Mapped "alart_id" to "security_result.rule_id". - Mapped "src_mac" to "principal.mac". - Mapped "dest_mac" to "target.mac". - Mapped "src_port" to "principal.port". - Mapped "dest_port" to "target.port". - Mapped "dest_ip" to "target.ip" and "target.asset.ip". - Mapped "severity" to "security_result.severity_details". - Mapped "threat" to "security_result.threat_name". - Mapped "protocol1" to "network.ip_protocol". - Mapped "protocol2" to "security_result.detection_fields". - Mapped "resource" to "security_result.about.resource.attribute.labels". - Mapped "desc" to "metadata.description".

Date

Changes

2025-04-23

- Map domain name to "network.dns.questions.name" when application protocol is DNS.
- Map answers to "network.dns.answers.data" when application protocol is DNS.

2025-03-12

- Newly created parser.
- Mapped "app_protocol_src" to "network.application_protocol".
- Mapped "Source" to "principal.ip" if it is an IP address, otherwise to "principal.hostname".
- Mapped "Target" to "target.ip" if it is an IP address, otherwise to "target.hostname".
- Mapped "user_name" to "principal.user.userid".
- Mapped "type" to "additional.fields"
- Mapped "session_id" to "network.session_id".
- Mapped "product" to "metadata.product_name".
- Mapped "pid" to "intermediary.process.pid".
- Mapped "iporhost" to "intermediary.ip" if it is an IP address, otherwise to "intermediary.hostname".
- Mapped "Rule" to "security_result.rule_id".
- Mapped "Match" to "security_result.rule_name".
- Mapped "Category" and "policy_details" to "security_result.description".
- Mapped "Destination" to "target.ip" if it is an IP address, otherwise to "target.hostname".
- Mapped "port" to "target.port".
- Mapped "Host" to "principal.ip" if it is an IP address, otherwise to "principal.hostname".
- Mapped "Target" to "target.ip" if it is an IP address, otherwise to "target.hostname".
- Mapped "Service" to "target.port" and "network.ip_protocol".
- Mapped "Reason" to "security_result.description".
- Mapped "mail_from" to "network.email.from".
- Mapped "mail_to" to "network.email.to".
- Mapped "mail_subject" to "network.email.subject".
- Mapped "event_type" to "security_result.summary".
- Mapped "log_description" to "security_result.summary".
- Mapped "details" to "security_result.description".
- Mapped "CPU_usage", "Available_memory", "Used_memory", "Available_swap", "Used_swap" to "additional.fields".
- Mapped "application_status", "Connected_clients", "EM_connection_status", "Assigned_hosts", "Engine_status", "Installed_Plugins" to "additional.fields".
- Mapped "User" to "principal.user.userid".
- Mapped "Hostname" to "principal.hostname" and "principal.asset.hostname".
- Mapped "MAC" to "principal.mac".
- Mapped "src_ip" to "principal.ip" and "principal.asset.ip".
- Mapped "user_id" to "principal.user.userid".
- Mapped "act" to "security_result.description".
- Mapped "alart_id" to "security_result.rule_id".
- Mapped "src_mac" to "principal.mac".
- Mapped "dest_mac" to "target.mac".
- Mapped "src_port" to "principal.port".
- Mapped "dest_port" to "target.port".
- Mapped "dest_ip" to "target.ip" and "target.asset.ip".
- Mapped "severity" to "security_result.severity_details".
- Mapped "threat" to "security_result.threat_name".
- Mapped "protocol1" to "network.ip_protocol".
- Mapped "protocol2" to "security_result.detection_fields".
- Mapped "resource" to "security_result.about.resource.attribute.labels".
- Mapped "desc" to "metadata.description".