Stay organized with collections
Save and categorize content based on your preferences.
Change log for THYCOTIC
Date
Changes
2024-10-08
Enhancement:
- Defined the "msg" field in a mutate replace filter.
2024-06-04
Enhancement:
- Added a Grok block to parse unparsed logs.
- Mapped "Host" and "server" to "principal.hostname" and "principal.asset.hostname".
- Mapped "Container_Id" to "principal.asset.asset_id".
- Mapped "Container_name" to "principal.resource.name".
2023-09-22
Enhancement:
- Modified the Grok pattern to parse unparsed logs.
- Added "on_error" check for fields "rt" and "ts".
2023-06-12
Enhancement -
- Modified the Grok pattern to parse new log format.
- Mapped "fname" to "additional.fields".
- Mapped "cs2" to "additional.fields".
- Mapped "details" to "additional.fields" and "security_result.summary".
2022-08-01
Enhancement -
Mapped the following fields for logs in JSON format :
- "device_version" to "metadata.product_version".
- "agent.id" to "observer.asset_id".
- "agent.version" to "observer.platform_version".
- "agent.hostname" to "observer.hostname".
- "agent.type" to "observer.application".
- "agent.name" to "observer.user.userid".
- "agent.ephemeral_id" to "observer.labels".
- "log.source.address" to "principal.ip".
- "host.hostname" to "principal.hostname".
- "host.id" to "principal.asset.asset_id".
- "host.os.kernel" to "principal.platform_patch_level".
- "host.os.version" to "principal.platform_version".
- "host.os.platform" to "principal.platform".
- "host.architecture" to "principal.asset.hardware.cpu_platform".
- "syslog_severity" to "security_result.severity".
- Parsed logs with type "SECRET - SECRETPASSWORDCHANGEFAILURE".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["This change log details enhancements made to THYCOTIC, focusing on log parsing and field mapping over various dates."],["Recent updates include defining the \"msg\" field in a mutate replace filter, and mapping fields like \"Host,\" \"server,\" \"Container_Id,\" and \"Container_name\" to standardized principal fields."],["Grok patterns have been modified across multiple updates to parse unparsed logs and accommodate new log formats."],["Multiple log fields, such as \"fname,\" \"cs2,\" and \"details\", have been mapped to the \"additional.fields\" attribute to provide context about the logs."],["Various fields for logs in JSON format have been mapped to metadata, observer, and principal attributes, and the \"syslog_severity\" has been mapped to \"security_result.severity\"."]]],[]]
