Change log for TIPPING_POINT
Date | Changes |
---|---|
2025-08-07 | Enhancement:
- `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `product_event_type` raw log field to `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `target_resource_name` raw log field to `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `url` raw log field to `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.network.http.method`: Newly mapped `method` raw log field to `event.idm.read_only_udm.network.http.method` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `destination_zone_name`, `hit_count`, `incoming_physical_port`, `sequence_number`, `source_zone_name`, `tipping_point_taxonomy_id`, `vlan_id` raw log fields with `event.idm.read_only_udm.additional.fields UDM field`. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `signature_uuid`, `signature_name`, `signature_number`, `signature_protocol` raw log fields with `event.idm.read_only_udm.security_result.detection_fields UDM field`. - `event.idm.read_only_udm.security_result.action`: Mapped `event.idm.read_only_udm.security_result.action` when `actionnumber` or `action` is in "1","3","6","9","12","16","18" mapped to "BLOCK" else if `actionnumber` is in "2","4","5","7","10","11","13" mapped to "ALLOW" else if `actionnumber` is in "0","17" mapped to "UNKNOWN". - `event.idm.read_only_udm.network.ip_protocol`: Newly mapped `protocol` to `event.idm.read_only_udm.network.ip_protocol` if `protocol` (uppercased) is one of EIGRP, ESP, ETHERIP, GRE, ICMP, IGMP, IP6IN4, PIM, TCP, UDP, VRRP. - `event.idm.read_only_udm.network.application_protocol`: Newly mapped `protocol` to `event.idm.read_only_udm.network.application_protocol` when protocol is `HTTP` or `HTTPS`. - `event.idm.read_only_udm.metadata.event_type`: Setting `event_type` to `NETWORK_CONNECTION` when `has_network` is "true" and `error_ip` is `false` and `error_target_ip` is `false`. - `event.idm.read_only_udm.intermediary.hostname`: Newly mapped `intermediary_host` to `event.idm.read_only_udm.intermediary.hostname` UDM field. - Added gsubs to replace newline characters with spaces. |
2025-01-09 | Enhancement:
- Added support for the new pattern of syslog logs. |
2024-10-15 | Enhancement:
- Added support for the new pattern of syslog logs. |
2024-06-11 | Enhancement:
- Added support for the new pattern of CSV logs. |
2024-04-02 | - Newly created parser.
|