Change log for UBIQUITI_SWITCH

Date	Changes
2023-11-21	Enhancement: - Added support for new pattern of SYSLOGS. - Added null check for "SRC", "DST", "SPT" before mapping to UDM fields. - Added new GROK patterns to extract "mac", "principal_ip" from "description". - Added "principal_present" check before setting "metadata.event_type" to "STATUS_SHUTDOWN", "STATUS_STARTUP". - Mapped "source_port" to "principal.port". - Mapped "query_1" to "target.administrative_domain". - Mapped "query_server_1" to "target.ip". - Mapped "satisfaction_now", "anomalies", "event_type", "assoc_status", "radio" to "security_result.detection_fields". - Mapped "mac", "sta", "bssid" to "principal.mac". - Mapped "principal_ip" to "principal.ip". - Mapped "asset_id" to "observer.asset.product_object_id". - Mapped "asset_version" to "observer.asset.software.version". - Mapped "application" to "observer.application". - Mapped "process_id" to "observer.process.pid". - Mapped "vap" to "metadata.ingestion_labels".
2022-08-26	Added Mapping for unparsed log. SRC mapped to principal.ip. DST mapped to target.ip. SPT mapped to target.port. SPT mapped to principal.port. PROTO mapped to network.ip_protocol. TTL mapped to additional.fields. ID mapped to additional.fields. IN mapped to additional.fields. MAC mapped to principal.mac.

Date

Changes

2023-11-21

Enhancement:
- Added support for new pattern of SYSLOGS.
- Added null check for "SRC", "DST", "SPT" before mapping to UDM fields.
- Added new GROK patterns to extract "mac", "principal_ip" from "description".
- Added "principal_present" check before setting "metadata.event_type" to "STATUS_SHUTDOWN", "STATUS_STARTUP".
- Mapped "source_port" to "principal.port".
- Mapped "query_1" to "target.administrative_domain".
- Mapped "query_server_1" to "target.ip".
- Mapped "satisfaction_now", "anomalies", "event_type", "assoc_status", "radio" to "security_result.detection_fields".
- Mapped "mac", "sta", "bssid" to "principal.mac".
- Mapped "principal_ip" to "principal.ip".
- Mapped "asset_id" to "observer.asset.product_object_id".
- Mapped "asset_version" to "observer.asset.software.version".
- Mapped "application" to "observer.application".
- Mapped "process_id" to "observer.process.pid".
- Mapped "vap" to "metadata.ingestion_labels".

2022-08-26

Added Mapping for unparsed log.
SRC mapped to principal.ip.
DST mapped to target.ip.
SPT mapped to target.port.
SPT mapped to principal.port.
PROTO mapped to network.ip_protocol.
TTL mapped to additional.fields.
ID mapped to additional.fields.
IN mapped to additional.fields.
MAC mapped to principal.mac.