Change log for BARRACUDA_EMAIL
Date | Changes |
---|---|
2024-05-28 | Enhancement-
- Mapped "attachments" to "additional.fields". |
2024-01-08 | Enhancement-
- Mapped "recipients.action" to "security_result.action_details". - Mapped "recipients.email" to "network.email.to". - Mapped "recipients.delivery_detail", "recipients.reason", "recipients.taxonomy", "recipients.reason_extra" and "recipient.delivered" to "security_result.detection_fields". - Mapped "dst_domain" to "target.hostname". - Mapped "geoip" to "target.location.country_or_region". |
2023-01-19 | Bug-Fix-
- Modified grok pattern to extract "subject" and mapped to "network.subject". |
2022-12-16 | Enhancement-
- Added grok pattern for new logs. - Mapped "host" to "principal.hostname". - Mapped "product_log_id" to "metadata.product_log_id". - Mapped "network.application_protoco" to "SMTP" where process includes "smtp". - Mapped "sender_email" to "network.email.from". - Mapped "recipient_email" to "network.email.to". - Mapped "network.direction" to "INBOUND" where process includes "inbound". - Mapped "network.direction" to "OUTBOUND" where process includes "outbound". - Mapped "target_ip" to "target.ip". - Mapped "queue_id" to "security_result.detection_fields". - Mapped "security_result.action" to "ALLOW" where "action_code" are "0" or "7" and "service" are "RECV" or "SCAN". - Mapped "security_result.action" to "BLOCK" where "action_code" is "2" and "service" are "RECV" or "SCAN". - Mapped "security_result.action" to "QUARANTINE" where "action_code" is "3" and "service" are "RECV" or "SCAN". |
2022-05-19 | Enhancement-modified data extraction for email and hdr_from to improve parsing.
|