Change log for RUBRIK
| Date | Changes |
|---|---|
| 2025-01-16 | Enhancement:
- Renamed "product_event_type" to "source". - Mapped "source" to "additional.fields". - Mapped "src_host" to "intermediary.hostname". |
| 2024-12-24 | Enhancement - Added support for syslog pattern to parse the unparsed logs. - Mapped "eventSeverity" to "security_result.severity". - Mapped "eventId" to "metadata.product_log_id". - Mapped "objectType" to "security_result.detection_fields". - Mapped "nodeId" to "additional.fields". - Mapped "eventDetail" to "additional.fields". - Mapped "objectId" to "principal.resource.product_object_id". - Mapped "nodeIpAddress", "src_ip1", "src_ip2" to "principal.ip" and "principal.asset.ip". - Mapped "status" to "security_result.detection_fields". - Mapped "eventSeriesId" to "additional.fields". - Mapped "clusterName" to "target.resource.name". - Mapped "eventName" to "additional.fields". - Mapped "desc" to "metadata.description". - Mapped "app_function" to "additional.fields". - Mapped "app" to "metadata.product_name". - Mapped "eventType" to "metadata.product_event_type". - Mapped "sec_desc" to "security_result.description". |
| 2024-12-09 | Enhancement:
- Improved the default RUBRIK parser to handle KV data. |
| 2022-12-01 | Enhancement - Modified grok pattern to parse "Rubrik Polaris" logtypes. Mapped the field "iD" to "metadata.product_log_id". Mapped the field "severity" to "security_result.severity". Mapped the field "lastActivityStatus" to "security_result.action_details". Mapped the field "clusterName" to "target.resource.name". Mapped the field "clusterID" to "target.resource.product_object_id". |
| 2022-07-01 | Enhancement - Modified grok pattern to parse "ansible-command", "sshd", "Rubrik" logtypes. Mapped "event.idm.read_only_udm.metadata.event_type" to status_update from Generic_event. |