Stay organized with collections
Save and categorize content based on your preferences.
Change log for SECURELINK
Date
Changes
2025-04-02
Enhancement:
- Added a Grok pattern to parse syslog logs.
- Added a condition check before mapping "resource_name" to "event.idm.read_only_udm.network.application_protocol".
- When "method" is "DELETE", then assigned "target_host" to "principal_host".
2023-09-13
Enhancement:
- Added a Grok pattern to parse syslog logs.
- Mapped "msg" to "metadata.description".
- Mapped "dst_ip" to "target.ip".
- Mapped "src_ip" to "principal.ip".
- Mapped "proto" to "network.ip_protocol".
- Mapped "priority" to "security_result.severity_details".
- Mapped "classification" to "additional.fields".
- Mapped "url" to "target.url".
2023-08-09
Bug-Fix:
- Modified Grok pattern to parse the "key" field.
2022-07-13
Enhancement:
- Modified grok pattern to parse "systemd", "journal", "sshd", "sudo", "su", "CROND", "suricata", "ntpd", "kernel", "suricata-config", "stunnel" logtypes.
- Changed metadata.event_type from "GENERIC_EVENT" to "STATUS_UPDATE" where principal.hostname is not null.
- Changed metadata.event_type from "GENERIC_EVENT" to "USER_UNCATEGORIZED" where target.user.userid is not null.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["SecureLink's change log highlights enhancements and bug fixes related to log parsing and mapping."],["Grok patterns have been enhanced to parse various log types, including syslog, systemd, journal, sshd, and others."],["Key fields from logs are mapped to specific target attributes, such as \"msg\" to \"metadata.description\" and \"dst_ip\" to \"target.ip\"."],["The metadata.event_type field has been modified to reflect whether there is a hostname or user associated with the log entry."]]],[]]
