Stay organized with collections
Save and categorize content based on your preferences.
Change log for WINDOWS_NET_POLICY_SERVER
Date
Changes
2024-12-26
- Added support for JSON logs.
2024-12-05
- Added a new Grok pattern to extract "src_ip" and mapped it to "principal.ip" and "principal.asset.ip".
2024-03-27
- Added a check for "calling_station_id", "device-mac" and "mac_address".
- If "nas_port" is not in the range 1 and 65535, then mapped "nas_port" to "target.resource.attribute.labels".
2022-11-21
- Mapped event_source to target.application
- added new grok pattern to parse the data
- Mapped called-station_Id/macaddress to target.mac
- Mapped calling-station-Id/macaddress to principal.mac
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-25 UTC."],[[["The system now supports JSON logs as of December 26, 2024."],["A new Grok pattern was added on December 5, 2024, to extract \"src_ip\" and map it to \"principal.ip\" and \"principal.asset.ip\"."],["As of March 27, 2024, the system checks for \"calling_station_id\", \"device-mac\", and \"mac_address\", and maps \"nas_port\" to \"target.resource.attribute.labels\" if it's outside the 1-65535 range."],["On November 21, 2022, event_source was mapped to target.application, new grok pattern was added to parse data, and called/calling-station_Id/macaddress were mapped to target.mac/principal.mac."]]],[]]
