Change log for SOLARIS_SYSTEM
| Date | Changes |
|---|---|
| 2025-04-10 | Enhancement:
- Added GROK patterns to support new format of syslog logs. - Added GROK patterns to parse IP addresses in correct fields. - event.idm.read_only_udm.target.ip,event.idm.read_only_udm.target.asset.ip: Removed mapping of `HOST` from `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.principal.ip,event.idm.read_only_udm.principal.asset.ip: Mapped `HOST` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.target.url: Newly mapped `target_url` raw log field with `event.idm.read_only_udm.target.url` UDM field. - Added a null conditional check before mapping `desc` to `event.idm.read_only_udm.security_result.description` UDM field. - event.idm.read_only_udm.metadata.event_type: Set the `event.idm.read_only_udm.metadata.event_type` to `NETWORK_CONNECTION` if both `dstIp` and `prin_ip` are present. |
| 2025-04-08 | Enhancement:
- Added Grok patterns to parse new format of logs. - metadata.event_timestamp: Newly mapped "ts" raw log field with `metadata.event_timestamp` UDM field. |
| 2024-12-29 | Enhancement:
- Added support for a new format of syslog logs. - Mapped "prin_ip" to ""principal.ip". |
| 2024-12-06 | Enhancement:
- Added support for a new format of syslog logs. |
| 2024-04-05 | Enhancement:
- Mapped "targetDisplayName" to "target.user.user_display_name". - When "process" is "sudo", then mapped "user" to "principal.user.user_display_name". |
| 2024-02-13 | Newly created parser. |