Change log for BIND_DNS
Date | Changes |
---|---|
2024-11-25 | Bug-fix:
- Changed mapping of "client_string" from "principal.mac" to "security_result.detection_fields". - Changed mapping of "tar_host" from "target.hostname" to "observer.hostname". - Changed mapping of "response_ip" from "target.ip" to "observer.ip". - Mapped "query" to "target.hostname". |
2024-10-30 | Enhancement:
- Mapped "mac_address" to "principal.mac" and "dns_record_type" to "security_result.detection_fields". |
2024-07-08 | Enhancement:
- Added new Grok patterns to parse unparsed fields in the log. - Mapped "view" to "additional.fields". - Mapped "domain_name" to "network.dns.questions.type". - Mapped "src_host" to "principal.hostname". |
2024-02-24 | Enhancement:
- Added new Grok patterns to parse unparse fields in the log. - If "principal.hostname" is present, then mapped "metadata.event_type" to "STATUS_UPDATE". - If "generic_message" is similar to "checkhints", then added a Grok pattern to extract "tar_host" and "response_ip". - If "generic_message" is similar to "update" or "zone transfer", then added a Grok pattern to extract "tar_host" and "action". - If "generic_message" is similar to "REFUSED unexpected RCODE", then added a Grok pattern to extract "tar_host", "src_ip", and "src_port". - If "generic_message" is similar to "check_mk", then added a Grok pattern to extract "src_app", "src_ip", "src_port", "response_ip" and "response_port". |
2024-01-30 | Enhancement
- Added a new Grok pattern to extract "query". |
2023-12-20 | Enhancement
- Added new Grok patterns to parse new format logs. - Mapped "pid" to "principal.process.pid". - Mapped "response_ip_2" to "target.ip". - If action value is similar to "denied" or "deny", mapped "security_result.action" to "BLOCK". - If action value is similar to "allowed" or "allow", mapped "security_result.action" to "ALLOW". |
2023-09-19 | Enhancement
- Added new Grok patterns to parse dropped logs. |
2023-07-10 | Enhancement
- Added a new Grok pattern to handle syslog format logs. |
2022-11-16 | Enhancement
- Added a new Grok pattern for failing query-error logs. - Updated Grok patterns to parse logs which have additional data after port number. - Concatenated "query_int_1" and "query_int_2" to "query". - Mapped "dns_resp_2" and "error_loc" to "description". - Added conditions in "dhcp_qtype_mapping.include" to check for Types TYPE0, TYPE65521, TYPE65400 and converted them to integer values. |
2022-04-22 | Enhancement - Parsed logs that failed earlier
|