Stay organized with collections
Save and categorize content based on your preferences.
Change log for SECURELINK
Date
Changes
2025-04-02
Enhancement:
- Added a Grok pattern to parse syslog logs.
- Added a condition check before mapping "resource_name" to "event.idm.read_only_udm.network.application_protocol".
- When "method" is "DELETE", then assigned "target_host" to "principal_host".
2023-09-13
Enhancement:
- Added a Grok pattern to parse syslog logs.
- Mapped "msg" to "metadata.description".
- Mapped "dst_ip" to "target.ip".
- Mapped "src_ip" to "principal.ip".
- Mapped "proto" to "network.ip_protocol".
- Mapped "priority" to "security_result.severity_details".
- Mapped "classification" to "additional.fields".
- Mapped "url" to "target.url".
2023-08-09
Bug-Fix:
- Modified Grok pattern to parse the "key" field.
2022-07-13
Enhancement:
- Modified grok pattern to parse "systemd", "journal", "sshd", "sudo", "su", "CROND", "suricata", "ntpd", "kernel", "suricata-config", "stunnel" logtypes.
- Changed metadata.event_type from "GENERIC_EVENT" to "STATUS_UPDATE" where principal.hostname is not null.
- Changed metadata.event_type from "GENERIC_EVENT" to "USER_UNCATEGORIZED" where target.user.userid is not null.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eSecureLink's change log highlights enhancements and bug fixes related to log parsing and mapping.\u003c/p\u003e\n"],["\u003cp\u003eGrok patterns have been enhanced to parse various log types, including syslog, systemd, journal, sshd, and others.\u003c/p\u003e\n"],["\u003cp\u003eKey fields from logs are mapped to specific target attributes, such as "msg" to "metadata.description" and "dst_ip" to "target.ip".\u003c/p\u003e\n"],["\u003cp\u003eThe metadata.event_type field has been modified to reflect whether there is a hostname or user associated with the log entry.\u003c/p\u003e\n"]]],[],null,["Change log for SECURELINK\n\n| Date | Changes |\n|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2025-04-02 | Enhancement: - Added a Grok pattern to parse syslog logs. - Added a condition check before mapping \"resource_name\" to \"event.idm.read_only_udm.network.application_protocol\". - When \"method\" is \"DELETE\", then assigned \"target_host\" to \"principal_host\". |\n| 2023-09-13 | Enhancement: - Added a Grok pattern to parse syslog logs. - Mapped \"msg\" to \"metadata.description\". - Mapped \"dst_ip\" to \"target.ip\". - Mapped \"src_ip\" to \"principal.ip\". - Mapped \"proto\" to \"network.ip_protocol\". - Mapped \"priority\" to \"security_result.severity_details\". - Mapped \"classification\" to \"additional.fields\". - Mapped \"url\" to \"target.url\". |\n| 2023-08-09 | Bug-Fix: - Modified Grok pattern to parse the \"key\" field. |\n| 2022-07-13 | Enhancement: - Modified grok pattern to parse \"systemd\", \"journal\", \"sshd\", \"sudo\", \"su\", \"CROND\", \"suricata\", \"ntpd\", \"kernel\", \"suricata-config\", \"stunnel\" logtypes. - Changed metadata.event_type from \"GENERIC_EVENT\" to \"STATUS_UPDATE\" where principal.hostname is not null. - Changed metadata.event_type from \"GENERIC_EVENT\" to \"USER_UNCATEGORIZED\" where target.user.userid is not null. |"]]