Change log for JUNIPER_MIST
| Date | Changes |
|---|---|
| 2025-03-13 | Enhancement:
- Added a Grok pattern on "log_event.admin_name" to extract "user_name" and "user_id". - Mapped "user_id" to "principal.user.userid". - Mapped "user_name" to "principal.user.user_display_name". - Added a Grok pattern on "log_event.message" to extract "target_user_id". - Mapped "target_user_id" to "target.user.userid". - When "message" contains "Update Invite", then set "metadata.event_type" to "USER_CREATION". - When "message" contains "Accessed/Invoked", then set "metadata.event_type" to "USER_LOGIN". |
| 2024-11-14 | Enhancement:
- Added support for new pattern of JSON logs. |
| 2024-07-08 | Enhancement:
- Mapped "event.ssids" and "event.bssids" to "principal.resource.attribute.labels". |
| 2024-06-04 | Enhancement:
- Mapped "event.admin_name" to "principal.administrative_domain". - Mapped "event.src_ip", "event.client_ip", and "event.ip" to "principal.ip". - Mapped "event.device_name" and "event.client_hostname" to "principal.hostname". - Mapped "event.device_type", "event.mxedge_name", "event.ssid", and "event.mxedge_id" to "principal.resource.attribute.labels". - Mapped "event.mac" to "principal.mac". - Mapped "event.user_agent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped "event.message" to "metadata.description". - Mapped "event.client_username" to "principal.user.user_display_name". - Mapped "event.ap_name" to "principal.application". |
| 2024-05-03 | Enhancement:
- Mapped "site_id" to "src.asset.asset_id". - Mapped "site_name" to "src.asset.location.name". - Mapped "group" to "src.user.group_identifiers". - Mapped "hostnames" to "principal.hostname" and "principal.asset.hostname". - Mapped "severity" to "security_result.severity". - Mapped "type" to "metadata.product_event_type". - Mapped "org_id" to "principal.asset_id". - Mapped "id" to "principal.asset.asset_id". - If "has_principal" is "true" and "has_target" is "false", then set "metadata.event_type" to "USER_UNCATEGORIZED", else set "metadata.event_type" to "GENERIC_EVENT". |
| 2023-02-24 | Newly created parser.
|