Stay organized with collections
Save and categorize content based on your preferences.
Change log for JUNIPER_MIST
Date
Changes
2025-03-13
Enhancement:
- Added a Grok pattern on "log_event.admin_name" to extract "user_name" and "user_id".
- Mapped "user_id" to "principal.user.userid".
- Mapped "user_name" to "principal.user.user_display_name".
- Added a Grok pattern on "log_event.message" to extract "target_user_id".
- Mapped "target_user_id" to "target.user.userid".
- When "message" contains "Update Invite", then set "metadata.event_type" to "USER_CREATION".
- When "message" contains "Accessed/Invoked", then set "metadata.event_type" to "USER_LOGIN".
2024-11-14
Enhancement:
- Added support for new pattern of JSON logs.
2024-07-08
Enhancement:
- Mapped "event.ssids" and "event.bssids" to "principal.resource.attribute.labels".
2024-06-04
Enhancement:
- Mapped "event.admin_name" to "principal.administrative_domain".
- Mapped "event.src_ip", "event.client_ip", and "event.ip" to "principal.ip".
- Mapped "event.device_name" and "event.client_hostname" to "principal.hostname".
- Mapped "event.device_type", "event.mxedge_name", "event.ssid", and "event.mxedge_id" to "principal.resource.attribute.labels".
- Mapped "event.mac" to "principal.mac".
- Mapped "event.user_agent" to "network.http.user_agent" and "network.http.parsed_user_agent".
- Mapped "event.message" to "metadata.description".
- Mapped "event.client_username" to "principal.user.user_display_name".
- Mapped "event.ap_name" to "principal.application".
2024-05-03
Enhancement:
- Mapped "site_id" to "src.asset.asset_id".
- Mapped "site_name" to "src.asset.location.name".
- Mapped "group" to "src.user.group_identifiers".
- Mapped "hostnames" to "principal.hostname" and "principal.asset.hostname".
- Mapped "severity" to "security_result.severity".
- Mapped "type" to "metadata.product_event_type".
- Mapped "org_id" to "principal.asset_id".
- Mapped "id" to "principal.asset.asset_id".
- If "has_principal" is "true" and "has_target" is "false", then set "metadata.event_type" to "USER_UNCATEGORIZED", else set "metadata.event_type" to "GENERIC_EVENT".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["Change log for JUNIPER_MIST\n\n| Date | Changes |\n|------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2025-03-13 | Enhancement: - Added a Grok pattern on \"log_event.admin_name\" to extract \"user_name\" and \"user_id\". - Mapped \"user_id\" to \"principal.user.userid\". - Mapped \"user_name\" to \"principal.user.user_display_name\". - Added a Grok pattern on \"log_event.message\" to extract \"target_user_id\". - Mapped \"target_user_id\" to \"target.user.userid\". - When \"message\" contains \"Update Invite\", then set \"metadata.event_type\" to \"USER_CREATION\". - When \"message\" contains \"Accessed/Invoked\", then set \"metadata.event_type\" to \"USER_LOGIN\". |\n| 2024-11-14 | Enhancement: - Added support for new pattern of JSON logs. |\n| 2024-07-08 | Enhancement: - Mapped \"event.ssids\" and \"event.bssids\" to \"principal.resource.attribute.labels\". |\n| 2024-06-04 | Enhancement: - Mapped \"event.admin_name\" to \"principal.administrative_domain\". - Mapped \"event.src_ip\", \"event.client_ip\", and \"event.ip\" to \"principal.ip\". - Mapped \"event.device_name\" and \"event.client_hostname\" to \"principal.hostname\". - Mapped \"event.device_type\", \"event.mxedge_name\", \"event.ssid\", and \"event.mxedge_id\" to \"principal.resource.attribute.labels\". - Mapped \"event.mac\" to \"principal.mac\". - Mapped \"event.user_agent\" to \"network.http.user_agent\" and \"network.http.parsed_user_agent\". - Mapped \"event.message\" to \"metadata.description\". - Mapped \"event.client_username\" to \"principal.user.user_display_name\". - Mapped \"event.ap_name\" to \"principal.application\". |\n| 2024-05-03 | Enhancement: - Mapped \"site_id\" to \"src.asset.asset_id\". - Mapped \"site_name\" to \"src.asset.location.name\". - Mapped \"group\" to \"src.user.group_identifiers\". - Mapped \"hostnames\" to \"principal.hostname\" and \"principal.asset.hostname\". - Mapped \"severity\" to \"security_result.severity\". - Mapped \"type\" to \"metadata.product_event_type\". - Mapped \"org_id\" to \"principal.asset_id\". - Mapped \"id\" to \"principal.asset.asset_id\". - If \"has_principal\" is \"true\" and \"has_target\" is \"false\", then set \"metadata.event_type\" to \"USER_UNCATEGORIZED\", else set \"metadata.event_type\" to \"GENERIC_EVENT\". |\n| 2023-02-24 | Newly created parser. |"]]