Change log for NETSKOPE_WEBPROXY
| Date | Changes |
|---|---|
| 2024-06-21 | Enhancement:
- Added Grok to support a new log format. |
| 2024-06-04 | Enhancement:
- Added Grok to handle unparsed logs. - Mapped "url" to "target.url". - Mapped "appSessionId" to "network.session_id". - Mapped "page" to "network.http.referral_url". - Mapped "appcategory" to "security_result.category_details". - Mapped "clientBytes" to "network.sent_bytes". - Mapped "serverBytes" to "network.received_bytes". - Mapped "ccl" to "security_result.confidence_details". - Mapped "IncidentID", "applicationType", "browser", and "cci" to "security_result.detection_fields". |
| 2024-04-22 | Enhancement:
- Mapped "x-cs-app-ccl","x-cs-app-instance-id","x-cs-app-tags" ,"x-cs-app-instance-name" ,"x-cs-app-instance-tag", "x-cs-app-to-user","x-cs-app-object-id" and "x-cs-app-from-user" to "additional.fields". |
| 2024-02-26 | Enhancement:
- Changed mapping of "cs-bytes" from "network.received_bytes" to "network.sent_bytes". - Changed mapping of "sc-bytes" from "network.sent_bytes" to "network.received_bytes". - Mapped "x-cs-app-object-name" to "additional.fields". - Mapped "x-cs-app-from-user" to "principal.user.email_addresses". |
| 2023-12-22 | Enhancement:
- If "cs-dns" value is "null", changed "cs-host" mapping from "principal.hostname" to "target.hostname". - Changed "cs-dns" mapping from "principal.hostname" to "target.hostname". - If "sc-status" value is "null", mapped "rs-status" to "network.http.response_code". - Mapped "x-cs-app" to "principal.application". - Mapped "x-cs-src-ip-egress" to "principal.ip". |
| 2023-12-08 | Enhancement:
- Added on_error check to parse the failing logs. - Set "metadata.vendor_name" to "Netskope" and "metadata.product_name" to "Netskope Webproxy". - Added conditional check for "src_region", "src_country", "src_location", "dst_region", "dst_country", "dst_location" before mapping. |
| 2023-10-09 | Enhancement:
- Mapped "dvchost" to "target.hostname" if "target.hostname" is not present. - Added a null check prior mapping "requestClientApplication". |
| 2023-09-12 | Enhancement:
- Mapped "x-cs-dst-ip" to "target.ip". - Mapped "x-cs-src-ip" to "principal.ip". - Mapped "x-cs-src-port" to "principal.port". - Mapped "x-cs-dst-port" to "target.port". - Added on_error check for date filter. - Added conditional checks before mapping "metadata.event_type". |
| 2023-08-28 | Enhancement:
- Mapped "cs-uri" to "additional.fields". - Mapped "cs-uri-port" to "additional.fields". - Mapped "x-s-zipcode" to "additional.fields". - Mapped "x-c-zipcode" to "additional.fields". - Mapped "x-cs-site" to "additional.fields". - Mapped "x-category" to "additional.fields". - Mapped "x-sr-ssl-version" to "security_result.detection_fields". - Mapped "x-sr-ssl-cipher" to "security_result.detection_fields". - Mapped "x-cs-src-ip-egress" to "security_result.detection_fields". - Mapped "x-cs-userip" to "security_result.detection_fields". - Mapped "x-cs-url" to "target.url". - Mapped "x-cs-uri-path" to "additional.fields". - Mapped "x-cs-app-cci" to "additional.fields". - Mapped "x-cs-app-object-type" to "additional.fields". - Mapped "x-rs-file-type" to "additional.fields". - Mapped "x-rs-file-category" to "additional.fields". |
| 2023-08-17 | Enhancement:
- Added support for new JSON type log format. |
| 2023-06-22 | Enhancement:
- Added support for new SYSLOG+JSON type log format. |
| 2023-05-30 | Enhancement:
- Mapped "duser" to "target.user.email_addresses". - Mapped "requestClientApplication" to "network.http.parsed_user_agent". |
| 2023-02-03 | Enhancement:
- Mapped "Domain" to "principal.administrative_domain". |
| 2023-01-09 | Enhancement:
- Added conditional checks for mapping different event_type based on required parameters present. - Parsed different formats of "rt". |
| 2022-04-06 | Enhancement-Added mappings for new fields
md5, mwDetectionEngine, mwProfile, mwType mapped to udm. |