Change log for IBM_SAM
| Date | Changes |
|---|---|
| 2025-04-02 | Enhancement:
- Added a new Grok pattern to parse a new syslog format. - Added an "ip" null check before mapping it to "intermediary.ip". - Modified the null check condition for "src_ip" , "dst_ip" and "rcv_bytes". - 'event.idm.read_only_udm.network.ip_protocol': Newly mapped `ip_protocol_value` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM field if "ip_protocol_value" has value in "TCP" , "UDP" , "ICMP". - 'event.idm.read_only_udm.network.http.method': Newly mapped `method_value` raw log field with `event.idm.read_only_udm.network.http.method` UDM field. - 'event.idm.read_only_udm.additional.fields': Newly mapped `sha256_value` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - Moved "description" from line "323" to "122" as many field mapping are done before description and hence few fields are not getting mapped so moved it to line "122" to parse all the grok fields. - Added a "has_target" check before mapping "event_type" to "NETWORK_HTTP". |
| 2024-11-19 | Enhancement:
- Added a new Grok pattern to parse new format of syslog logs. |
| 2024-03-08 | Enhancement:
- Added support for new pattern of syslog logs. - Mapped "src_host" to "principal.hostname" and "principal.asset.hostname". - Mapped "src_port" to "principal.port". - Mapped "user_name" to "principal.user.userid". - Mapped "src_application" to "principal.application". - Mapped "product_event_type" to "metadata.product_event_type". - Mapped "description" to "metadata.description". - Mapped "target_hostname" to "target.hostname". - Mapped "src_resource" to "principal.resource.name". - Mapped "severity" to "security_result.severity". - Mapped "pid" to "principal.process.pid". - Mapped "file_name" to "principal.file.full_path". - Mapped "connection_type" to "additional.fields". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". |
| 2023-09-12 | Enhancement:
- Added a Grok pattern to support new log format. |
| 2023-05-21 | Newly created parser.
|