Stay organized with collections
Save and categorize content based on your preferences.
Change log for NOZOMI_GUARDIAN
Date
Changes
2025-01-30
- Changed mapping for "dvchost" from "principal.hostname" to "intermediary.hostname".
- Changed mapping for "device_event_class_id" from "additional.fields" to "metadata.product_event_type".
- Mapped "start" to "metadata.event_timestamp".
- If "start" field is not present mapped "timestamp" from syslog header to "metadata.event_timestamp".
- Mapped "spt" to "principal.port".
- Mapped "smac" to "prinicipal.mac".
- Mapped "proto" to "network.ip_protocol".
- Mapped "app", "proto", "cs4", "cs4Label", "cs3", "cs3Label", "cs2", "cs2Label", "cs1", "cs1Label", "cs5", and "cs5Label" to "additional.fields".
- Mapped "dst" to "target.ip".
- Mapped "dpt" to "target.port".
- Mapped "dmac" to "target.mac".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-22 UTC."],[[["The parser for NOZOMI_GUARDIAN was initially created on 2024-11-06."],["On 2025-01-30, several mapping changes were implemented, including shifting \"dvchost\" to \"intermediary.hostname\" and \"device_event_class_id\" to \"metadata.product_event_type\"."],["The update on 2025-01-30 also included mapping fields such as \"start\", \"spt\", \"smac\", \"proto\", \"app\", \"dst\", \"dpt\" and \"dmac\" to various new locations."],["In the absence of the field \"start\" during the 2025-01-30 update, \"timestamp\" from the syslog header was mapped to \"metadata.event_timestamp\"."]]],[]]
