Change log for TRIPWIRE_FIM
| Date | Changes |
|---|---|
| 2025-06-02 | Enhancement:
- Modified the grok patterns in order to extract hostname. - event.idm.read_only_udm.observer.hostname: Newly mapped `hstname` raw log field with `event.idm.read_only_udm.observer.hostname` UDM field - event.idm.read_only_udm.observer.asset.hostname: Newly mapped `hstname` raw log field with `event.idm.read_only_udm.observer.asset.hostname` UDM field - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `TripwireEnterpriseIds` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `TripwireEnterpriseLogLevel` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `TripwireEnterpriseNodeId` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field - event.idm.read_only_udm.target.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.target.ip` UDM field - event.idm.read_only_udm.target.asset.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field - event.idm.read_only_udm.security_result.category_details: Newly mapped `cat` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM field - event.idm.read_only_udm.principal.user.userid: Newly mapped `suser` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field - event.idm.read_only_udm.observer.resource.attribute.labels: Newly mapped `deviceFacility` raw log field with `event.idm.read_only_udm.observer.resource.attribute.labels` UDM field - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `externalId` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field - event.idm.read_only_udm.principal.hostname: Newly mapped `shost` raw log field with `event.idm.read_only_udm.target.hostname` UDM field - event.idm.read_only_udm.target.asset.hostname: Newly mapped `shost` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field - event.idm.read_only_udm.principal.asset.ip: Newly mapped `dvc` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field - event.idm.read_only_udm.target.user.userid: Newly mapped `duser` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field - event.idm.read_only_udm.target.application: Newly mapped `application` raw log field with `event.idm.read_only_udm.target.application` UDM field - event.idm.read_only_udm.target.labels: Newly mapped `processes` raw log field with `event.idm.read_only_udm.target.labels` UDM field |
| 2024-11-07 | Bug-Fix:
- Initialized "cs4Label" to null. - Set "additional_cs4.key" to "cs4" if "cs4Label" is null. - Set "additional_cs4.value" to "cs4Label" if "cs4Label" is not null. |
| 2023-06-21 | Enhancement:
- Added gsub to handle CEF format logs. |
| 2023-06-07 | Enhancement:
- Added a Grok pattern to handle CEF formatted logs. |
| 2022-06-14 | Bug-Fix: - Added a new grok to parse "HKEY_" type logs without space between regestry_key and value.
- Added validation check for target_hostname or target_ip prior to mapping of event_type to NETWORK_CONNECTION. - Added null check for username prior to mapping to udm. |