Change log for PULSE_SECURE_VPN
| Date | Changes |
|---|---|
| 2024-09-24 | Enhancement:
- Mapped "BLOCK" to "security_result.action" when "log_action" is equal to "rejected". - Mapped "prin_ip" to "principal.ip" and "principal.asset.ip". - Added a Grok pattern to parse unparsed syslog logs. |
| 2024-08-01 | Enhancement:
- Mapped "Pulse Secure VPN" to "metadatda.product_name". - Added a Grok pattern to parse unparsed syslog logs. |
| 2024-05-27 | Enhancement:
- Mapped "observer_hostname" to "observer.hostname". - When "dvc_hostname" is a valid IP address, then mapped it to "principal.ip", else mapped it to "principal.hostname". - Mapped "priority_code", "Syslog_version", and "info_desc" to "about.labels". - Mapped "prod_name" to "metadata.product_event_type". |
| 2024-04-16 | Enhancement:
- Added a new GROK pattern to parse new pattern of SYSLOG logs. - Mapped "connection_status" to "security_result.detection_fields". |
| 2024-02-26 | Enhancement:
- Added a "kv" block to parse key-value data. - Mapped "username" to "target.user.userid". - Added conditional check for "message_info". - Mapped "u_prin_ip" to "principal.ip". - Mapped "u_observer_ip" to "observer.ip". |
| 2023-11-07 | Bug-fix:
- Modified mapping for "observer_host" from "observer.hostname" to "additional.fields". |
| 2023-08-19 | Enhancement:
- Added a Grok pattern to parse failing logs. |
| 2023-05-26 | Enhancement:
- Added a Grok pattern to support the new syslog logs. |
| 2023-01-06 | Enhancement:
- Modified grok to parse "product_type" and mapped to "metadata.product_event_type". |
| 2022-10-25 | Enhancement:
- Added new grok patterns for "message_info" to extract session_id. - Mapped "session_id" to "network.session_id". - Changed target.ip to principal.ip when detect_policy_change_failed is false. - Changed target.mac to principal.mac when detect_policy_change_failed is false. |
| 2022-10-12 | Enhancement- Added mappings for following fields:
- Extracted the value of IP from "msg" field and mapped it to "principal.ip". - Extracted the value of hostname from "msg" field and mapped it to "principal.hostname". - Mapped "user" to "target.user.userid". - Mapped "realm" to "principal.group.attribute.labels". - Mapped "roles" to "principal.user.group_identifiers". - Modified value for "metadata.event_type" from "GENERIC_EVENT" to "USER_UNCATEGORIZED". |
| 2022-10-03 | Enhancement- Parsed the logs containing "sudo" and parsed them.
Added Support for new Key-Value Pair type log formats. |
| 2022-07-01 | Enhancement- Generated new event for EventID: 4624
Changed metadata.event_type form "GENERIC_EVENT" to "STATUS_UPDATE" or "NETWORK_CONNECTION" where "principal.ip" or "target.ip" or "principal.hostname" are not null. |
| 2022-04-13 | Enhancement-Added mappings for new fields in GENERIC_EVENT event_type:
- user_ip to event.idm.read_only_udm.principal.ip. - user_group_identifier to event.idm.read_only_udm.target.user.group_identifiers. Modified timestamp in all the event_type to include timezone. Modified field user_ip, target_ip for GENERIC and NETWORK_CONNECTION event types. |