Change log for UMBRELLA_DNS
| Date | Changes |
|---|---|
| 2025-01-08 | Enhancement:
- Added a new GROK pattern to parse SYSLOG data. - Added a new Grok pattern for the fields "responsecode" and "_internalip" |
| 2024-05-28 | Enhancement:
- Mapped "dns_record_type" to "additional.fields". |
| 2024-03-05 | Bug-Fix:
- Added a new Grok pattern to check if "column3" is having "internal_ip" and "internal_port". - Added support for Network Tunnel CSV logs. - Mapped "rule_id" to "security_result.rule_id". - Mapped "dstport" to "target.port". - Mapped "srcPort" to "principal.port". - Mapped "_internalip" to "principal.ip". - Mapped "dstip" to "target.ip". - Mapped "direction" to "network.direction". - Mapped "tunnel_name" to "additional.fields". - Mapped "tunnel_type" to "metadata.product_event_type". - Mapped "origin_id" to "metadata.product_log_id". - Mapped "received_bytes" to "network.received_bytes". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". |
| 2023-11-07 | Enhancement:
- Mapped "first_name" to "principal.user.first_name" when "identityType" is "AD Users". - Mapped "last_name" to "principal.user.last_name" when "identityType" is "AD Users". - Added JSON mapping for "_identity_types" to support new pattern of "identity" value in logs. |
| 2023-09-29 | Enhancement:
- Mapped "returncode" to "network.dns.response_code". - Mapped "querytype" to "network.dns.question.type". - Mapped "type" to "additional.fields". - Mapped "categories" to "security_result.category_details". - Mapped "verdict" to "security_result.action" and "security_result.action_details". - Mapped "amp.disposition" to "security_result.detection_fields". - Mapped "amp.malware" to "security_result.detection_fields". - Mapped "amp.score" to "security_result.detection_fields". - Mapped "policy.rulesetid" to "security_result.detection_fields". - Mapped "requestsize" to "network.sent_bytes". - Mapped "responsesize" to "network.received_bytes". - Mapped "fileName" to "target.file.names". - Mapped "responsefilename" to "network.http.method". - Mapped "statuscode" to "network.http.response_code" - Mapped "tenantcontrols", "securityoverridden", and "forwardingmethod" to "additional.fields". |
| 2022-05-17 | Enhancement-Added conditional checks for 'security_result.action'.
|
| 2022-04-13 | Enhancement: Parsed IP logs And Proxy Logs which were dropped earlier.
|
| 2022-03-23 | Enhancement-Added new field mapping.
DNS Lookup Type mapped to labels. |