Change log for UMBRELLA_FIREWALL
Date | Changes |
---|---|
2025-01-29 | Enhancement:
- Added null check before mapping "originId" to "intermediary.resource.id". - Added null check before mapping "identity" to "intermediary.resource.name". - Added null check before mapping "dataCenter" to "intermediary.location.name". |
2025-01-21 | Enhancement:
- Added drop tag for not supported logs. - Added support for new csv logs. - Mapped "organization_id" to "principal.asset.attribute.labels". - Mapped "http_response_code" to "network.http.response_code". - Mapped "rule_Id" to "security_result.rule_id". - Mapped "sec_description" to "security_result.description" - Mapped "sec_action" to "security_result.action". - Mapped "intermediary_hostname" to "intermediary.hostname" - Mapped "most_granular_identity" to "principal.asset.attribute.labels". - Mapped "granular_identity" to "target.asset.attribute.labels". - Mapped "http_method" to "network.http.method". - Mapped "usr_agent" to "network.http.user_agent". - Mapped "refer_url" to "network.http.referral_url". - Mapped "target_url" to "target.url". - Mapped "_internalip" to "principal.ip" and "principal.asset.ip". - Mapped "_externalip" to "principal.ip" and "principal.asset.ip". - Mapped "response_size" to "network.received_bytes". - Mapped "dns_rrtype" to "network.dns.questions". - Mapped "response_code" to "network.dns.response_code". - Mapped "desc" to "metadata.description". - Mapped "principal_host" to "principal.hostname". - Mapped "target_host" to "target.hostname". - Added condition check before mapping "direction" to "network.direction". |
2022-09-02 | Enhancement:
- Migrated customer specific parser to default parser. |