Change log for AWS_VPC_FLOW
| Date | Changes |
|---|---|
| 2024-12-05 | Enhancement:
- Added Grok patterns to parse unparsed logs. - Mapped "tgw-id", "tgw-attachment-id", "tgw-pair-attachment-id", "packets-lost-no-route", "packets-lost-blackhole", "packets-lost-mtu-exceeded", "packets-lost-ttl-expired", "packets", "start-time", "end-time", and "bytes" to "additional.fields". - Mapped "resource_type" to "principal.resource.resource_type". - Mapped "tgw_src_vpc_account_id" to "principal.user.userid". - Mapped "tgw_dst_vpc_account_id" to "target.user.userid". - Mapped "tgw_src_eni" and "tgw-src-az-id" to "principal.resource.attribute.labels". - Mapped "tgw-dst-eni" and "tgw-dst-az-id" to "target.resource.attribute.labels". - Mapped "tgw-src-subnet-id" to "principal.resource.attribute.labels". - Mapped "tgw-dst-subnet-id" to "target.resource.attribute.labels". - Mapped "tgw_src_vpc_id" to "principal.resource.product_object_id". - Mapped "tgw_dst_vpc_id" to "target.resource.product_object_id". - Mapped "type", "flow_direction", and "instance_id" to "about.resource.attribute.labels". |
| 2024-10-30 | Enhancement:
- Mapped "Metadata.Product.version" to "metadata.product_version". - Mapped "cloud.zone" to "target.resource.attribute.cloud.availability_zone". - Mapped "cloud.provider" to "target.resource.attribute.cloud.environment". - Mapped "src_endpoint.port" to "principal.port". - Mapped "src_endpoint.ip" to "principal.ip". - Mapped "dst_endpoint.port" to "target.port". - Mapped "dst_endpoint.ip" to "target.ip". - Mapped "metadata.product.feature.name", "metadata.profiles", "metadata.version", "cloud.account.uid", "cloud.region", "src_endpoint.interface_uid", "src_endpoint.vpc_uid", "src_endpoint.instance_uid", "src_endpoint.subnet_uid" to "additional.fields". - Mapped "dst_endpoint.interface_uid", "dst_endpoint.vpc_uid", "dst_endpoint.instance_uid", and "dst_endpoint.subnet_uid" to "additional.fields". - Mapped "connection_info.protocol_num" to "network.ip_protocol". - Mapped "connection_info.direction" to "network.direction". - Mapped "severity_id" to "security_result.severity". - Mapped "category_name" to "security_result.category_details". - Mapped "activity_name" to "metadata.product_event_type". |
| 2024-10-01 | Enhancement:
- Added support for new unparsed logs of type AWS_VPC_FLOW. |
| 2024-07-31 | Enhancement:
- Added support for JSON format logs. |
| 2023-04-06 | Enhancement - Mapped "metadata.event_type" to "GENERIC_EVENT" where both "srcaddr" and "dstaddr" is not present.
|
| 2022-10-18 | Enhancement - Modified mapping for the value of following fields from "additional.fields" to "about.resource.attribute.labels" :
- "interfaceId" , "packets" , "SubnetID" , "logStatus" ,"tcp_flags" ,"traffic_path" ,"start_time" ,"end_time", "sublocation_id","sublocation_type" ,"pkt_dst_aws_service" ,"pkt_src_aws_service". - Added grok pattern to parse logs in which "destination_port" might not be present. |
| 2022-07-07 | Enhancement - The newly ingested SYSLOG format logs have been parsed and handled using proper grok pattern.
|
| 2022-05-30 | Enhancement - Modified the grok pattern to avoid incorrect mapping of UDM fields.
Mapped 'start_time', 'end_time', 'traffic_path', 'sublocation_id', 'sublocation_type', 'pkt_dst_aws_service' and 'pkt_src_aws_service' to 'additional.fields'. Added a new grok pattern to parse the logs of different format. Mapped 'flow_direction' to 'network.direction'. Mapped 'az_id' to 'principal.cloud.availability_zone'. Mapped 'pkt_srcaddr', 'pkt_dstaddr' to 'intermediary.ip'. |
| 2022-05-05 | Enhancement - Updated mapping for the field 'accountId' from 'principal.user.userid' to 'metadata.product_log_id'.
Mapped the field 'version' to 'metadata.product_version'. Mapped the field 'end' to 'metadata.ingested_timestamp'. Mapped 'action' to 'security_result.action' and 'security_result.action_details'. Mapped the field 'interfaceId', 'packets', 'SubnetID', 'logStatus', 'tcp_flags' to 'additional.fields'. |