Change log for MCAFEE_WEB_PROTECTION
| Date | Changes |
|---|---|
| 2025-04-16 | Enhancement:
- Added grok pattern to parse the new format of logs. - event.idm.read_only_udm.target.user.userid: Newly mapped "userID" raw log field with "event.idm.read_only_udm.target.user.userid" UDM field. - event.idm.read_only_udm.principal.url: Newly mapped "url" raw log field with event.idm.read_only_udm.principal.url" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "virus" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "Location" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "lastRule" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "applicationType" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped "Requested_timestamp" raw log field with event.idm.read_only_udm.metadata.event_timestamp" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "Ssl_scanned" raw log field with event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "av_scanned_up" raw log field with event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "av_scanned_down" raw log field with event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "rbi" raw log field with event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "dlp" raw log field with event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.principal.file.full_path: Newly mapped "Filename" raw log field with event.idm.read_only_udm.principal.file.full_path" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "Mw_probability" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "Discarded_host" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "Ssl_client_prot" raw log field with event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "Ssl_server_prot" raw log field with event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "domain_fronting_url" raw log field with event.idm.read_only_udm.security_result.detection_fields" UDM field. |
| 2024-12-19 | Enhancement-
- Added Grok patterns to parse the unparsed logs. - Mapped "country" to "principal.location.country_or_region". - Mapped "intermediary_ip1" to "intermediary.ip". - Mapped "intermediary_ip2" to "intermediary.ip". - Mapped "intermediary_port" to "intermediary.port". |
| 2022-09-22 | Enhancement-
- Updated the parser as per newly ingested logs having different names and fields. |