Change log for THYCOTIC
| Date | Changes |
|---|---|
| 2024-10-08 | Enhancement:
- Defined the "msg" field in a mutate replace filter. |
| 2024-06-04 | Enhancement:
- Added a Grok block to parse unparsed logs. - Mapped "Host" and "server" to "principal.hostname" and "principal.asset.hostname". - Mapped "Container_Id" to "principal.asset.asset_id". - Mapped "Container_name" to "principal.resource.name". |
| 2023-09-22 | Enhancement:
- Modified the Grok pattern to parse unparsed logs. - Added "on_error" check for fields "rt" and "ts". |
| 2023-06-12 | Enhancement -
- Modified the Grok pattern to parse new log format. - Mapped "fname" to "additional.fields". - Mapped "cs2" to "additional.fields". - Mapped "details" to "additional.fields" and "security_result.summary". |
| 2022-08-01 | Enhancement -
Mapped the following fields for logs in JSON format : - "device_version" to "metadata.product_version". - "agent.id" to "observer.asset_id". - "agent.version" to "observer.platform_version". - "agent.hostname" to "observer.hostname". - "agent.type" to "observer.application". - "agent.name" to "observer.user.userid". - "agent.ephemeral_id" to "observer.labels". - "log.source.address" to "principal.ip". - "host.hostname" to "principal.hostname". - "host.id" to "principal.asset.asset_id". - "host.os.kernel" to "principal.platform_patch_level". - "host.os.version" to "principal.platform_version". - "host.os.platform" to "principal.platform". - "host.architecture" to "principal.asset.hardware.cpu_platform". - "syslog_severity" to "security_result.severity". - Parsed logs with type "SECRET - SECRETPASSWORDCHANGEFAILURE". |