Change log for BLOXONE

Date	Changes
2024-01-18	Enhancement: - Added a Grok pattern to parse unparsed logs. - Mapped "network" to "principal.hostname", and "principal.asset.hostname". - Mapped "device" to "principal.ip", and "principal.asset.ip". - Mapped "rip" to "target.ip", and "target.asset.ip". - Mapped "mac_address" to "principal.mac". - Mapped "country" to "principal.location.name". - Mapped "os_version" to "principal.platform_version". - Mapped "app_name" to "principal.application". - Mapped "user" to "principal.user.user_display_name". - Mapped "feed_type" to "principal.resource.attribute.labels". - Mapped "feed_name" to "principal.resource.name", and "principal.resource.resource_subtype". - Mapped "policy_action" to "security_result.action_details". - Mapped "endpoint_groups", "user_groups", "dns_view", "dhcp_fingerprint", "policy_name", "tclass", "tproperty", "threat_indicator", "category", and "rcode" to "security_result.detection_fields". - Mapped "app_category" to "security_result.category_details". - Mapped "confidence" to "security_result.confidence". - Mapped "severity" to "security_result.severity". - Mapped "qname" to "questions.name". - Mapped "rdata" to "dns.answers".
2023-03-07	Newly created parser.

Date

Changes

2024-01-18

Enhancement:
- Added a Grok pattern to parse unparsed logs.
- Mapped "network" to "principal.hostname", and "principal.asset.hostname".
- Mapped "device" to "principal.ip", and "principal.asset.ip".
- Mapped "rip" to "target.ip", and "target.asset.ip".
- Mapped "mac_address" to "principal.mac".
- Mapped "country" to "principal.location.name".
- Mapped "os_version" to "principal.platform_version".
- Mapped "app_name" to "principal.application".
- Mapped "user" to "principal.user.user_display_name".
- Mapped "feed_type" to "principal.resource.attribute.labels".
- Mapped "feed_name" to "principal.resource.name", and "principal.resource.resource_subtype".
- Mapped "policy_action" to "security_result.action_details".
- Mapped "endpoint_groups", "user_groups", "dns_view", "dhcp_fingerprint", "policy_name", "tclass", "tproperty", "threat_indicator", "category", and "rcode" to "security_result.detection_fields".
- Mapped "app_category" to "security_result.category_details".
- Mapped "confidence" to "security_result.confidence".
- Mapped "severity" to "security_result.severity".
- Mapped "qname" to "questions.name".
- Mapped "rdata" to "dns.answers".

2023-03-07

Newly created parser.