Change log for AWS_VPC_FLOW
| Date | Changes |
|---|---|
| 2024-10-01 | Enhancement:
- Added support for new unparsed logs of type AWS_VPC_FLOW. |
| 2024-07-31 | Enhancement:
- Added support for JSON format logs. |
| 2023-04-06 | Enhancement - Mapped "metadata.event_type" to "GENERIC_EVENT" where both "srcaddr" and "dstaddr" is not present.
|
| 2022-10-18 | Enhancement - Modified mapping for the value of following fields from "additional.fields" to "about.resource.attribute.labels" :
- "interfaceId" , "packets" , "SubnetID" , "logStatus" ,"tcp_flags" ,"traffic_path" ,"start_time" ,"end_time", "sublocation_id","sublocation_type" ,"pkt_dst_aws_service" ,"pkt_src_aws_service". - Added grok pattern to parse logs in which "destination_port" might not be present. |
| 2022-07-07 | Enhancement - The newly ingested SYSLOG format logs have been parsed and handled using proper grok pattern.
|
| 2022-05-30 | Enhancement - Modified the grok pattern to avoid incorrect mapping of UDM fields.
Mapped 'start_time', 'end_time', 'traffic_path', 'sublocation_id', 'sublocation_type', 'pkt_dst_aws_service' and 'pkt_src_aws_service' to 'additional.fields'. Added a new grok pattern to parse the logs of different format. Mapped 'flow_direction' to 'network.direction'. Mapped 'az_id' to 'principal.cloud.availability_zone'. Mapped 'pkt_srcaddr', 'pkt_dstaddr' to 'intermediary.ip'. |
| 2022-05-05 | Enhancement - Updated mapping for the field 'accountId' from 'principal.user.userid' to 'metadata.product_log_id'.
Mapped the field 'version' to 'metadata.product_version'. Mapped the field 'end' to 'metadata.ingested_timestamp'. Mapped 'action' to 'security_result.action' and 'security_result.action_details'. Mapped the field 'interfaceId', 'packets', 'SubnetID', 'logStatus', 'tcp_flags' to 'additional.fields'. |