Change log for BARRACUDA_EMAIL
Date | Changes |
---|---|
2023-01-19 | Bug-Fix-
- Modified grok pattern to extract "subject" and mapped to "network.subject". |
2022-12-16 | Enhancement-
- Added grok pattern for new logs. - Mapped "host" to "principal.hostname". - Mapped "product_log_id" to "metadata.product_log_id". - Mapped "network.application_protoco" to "SMTP" where process includes "smtp". - Mapped "sender_email" to "network.email.from". - Mapped "recipient_email" to "network.email.to". - Mapped "network.direction" to "INBOUND" where process includes "inbound". - Mapped "network.direction" to "OUTBOUND" where process includes "outbound". - Mapped "target_ip" to "target.ip". - Mapped "queue_id" to "security_result.detection_fields". - Mapped "security_result.action" to "ALLOW" where "action_code" are "0" or "7" and "service" are "RECV" or "SCAN". - Mapped "security_result.action" to "BLOCK" where "action_code" is "2" and "service" are "RECV" or "SCAN". - Mapped "security_result.action" to "QUARANTINE" where "action_code" is "3" and "service" are "RECV" or "SCAN". |
2022-05-19 | Enhancement-modified data extraction for email and hdr_from to improve parsing.
|