Stay organized with collections
Save and categorize content based on your preferences.
Change log for UMBRELLA_FIREWALL
Date
Changes
2025-01-29
Enhancement:
- Added null check before mapping "originId" to "intermediary.resource.id".
- Added null check before mapping "identity" to "intermediary.resource.name".
- Added null check before mapping "dataCenter" to "intermediary.location.name".
2025-01-21
Enhancement:
- Added drop tag for not supported logs.
- Added support for new csv logs.
- Mapped "organization_id" to "principal.asset.attribute.labels".
- Mapped "http_response_code" to "network.http.response_code".
- Mapped "rule_Id" to "security_result.rule_id".
- Mapped "sec_description" to "security_result.description"
- Mapped "sec_action" to "security_result.action".
- Mapped "intermediary_hostname" to "intermediary.hostname"
- Mapped "most_granular_identity" to "principal.asset.attribute.labels".
- Mapped "granular_identity" to "target.asset.attribute.labels".
- Mapped "http_method" to "network.http.method".
- Mapped "usr_agent" to "network.http.user_agent".
- Mapped "refer_url" to "network.http.referral_url".
- Mapped "target_url" to "target.url".
- Mapped "_internalip" to "principal.ip" and "principal.asset.ip".
- Mapped "_externalip" to "principal.ip" and "principal.asset.ip".
- Mapped "response_size" to "network.received_bytes".
- Mapped "dns_rrtype" to "network.dns.questions".
- Mapped "response_code" to "network.dns.response_code".
- Mapped "desc" to "metadata.description".
- Mapped "principal_host" to "principal.hostname".
- Mapped "target_host" to "target.hostname".
- Added condition check before mapping "direction" to "network.direction".
2022-09-02
Enhancement:
- Migrated customer specific parser to default parser.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe UMBRELLA_FIREWALL change log details enhancements made to the system's log parsing and mapping capabilities.\u003c/p\u003e\n"],["\u003cp\u003eUpdates on January 21, 2025, included mapping various fields to their corresponding attributes, such as "organization_id" to "principal.asset.attribute.labels" and "http_response_code" to "network.http.response_code", alongside supporting new CSV logs and adding a drop tag for unsupported ones.\u003c/p\u003e\n"],["\u003cp\u003eOn January 29, 2025, null checks were added before mapping certain fields like "originId," "identity," and "dataCenter" to their respective target attributes to handle potential empty values.\u003c/p\u003e\n"],["\u003cp\u003eThe update on September 2, 2022, involved migrating a customer-specific parser to a default parser.\u003c/p\u003e\n"]]],[],null,["# Change log for UMBRELLA_FIREWALL\n================================"]]
