Stay organized with collections
Save and categorize content based on your preferences.
Change log for BLOXONE
Date
Changes
2025-01-07
Enhancement:
- Added a new Grok pattern to parse unparsed logs.
- Mapped "intermediaryhost" to "intermediary.hostname".
2024-12-02
Enhancement:
- If "raw.app" is a valid application_protocol value, it is mapped to "network.application_protocol".
2024-06-18
Enhancement:
- Added support to handle CEF logs.
2024-01-18
Enhancement:
- Added a Grok pattern to parse unparsed logs.
- Mapped "network" to "principal.hostname", and "principal.asset.hostname".
- Mapped "device" to "principal.ip", and "principal.asset.ip".
- Mapped "rip" to "target.ip", and "target.asset.ip".
- Mapped "mac_address" to "principal.mac".
- Mapped "country" to "principal.location.name".
- Mapped "os_version" to "principal.platform_version".
- Mapped "app_name" to "principal.application".
- Mapped "user" to "principal.user.user_display_name".
- Mapped "feed_type" to "principal.resource.attribute.labels".
- Mapped "feed_name" to "principal.resource.name", and "principal.resource.resource_subtype".
- Mapped "policy_action" to "security_result.action_details".
- Mapped "endpoint_groups", "user_groups", "dns_view", "dhcp_fingerprint", "policy_name", "tclass", "tproperty", "threat_indicator", "category", and "rcode" to "security_result.detection_fields".
- Mapped "app_category" to "security_result.category_details".
- Mapped "confidence" to "security_result.confidence".
- Mapped "severity" to "security_result.severity".
- Mapped "qname" to "questions.name".
- Mapped "rdata" to "dns.answers".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["A new parser for BLOXONE logs was introduced on March 7, 2023, establishing a foundation for log analysis and mapping."],["On January 18, 2024, multiple fields were mapped to enhance log data structure, including mapping network details to principal hostnames, device information to principal IP addresses, and various security-related data to their respective fields."],["Support for handling CEF logs was added on June 18, 2024, expanding the system's log processing capabilities."],["On December 2, 2024, the mapping of application protocol values was enhanced by mapping \"raw.app\" to \"network.application_protocol\" when appropriate."],["On January 7, 2025 a new Grok pattern was added to parse unparsed logs, and \"intermediaryhost\" was mapped to \"intermediary.hostname\"."]]],[]]
