Change log for CATO_NETWORKS
Date | Changes |
---|---|
2024-11-15 | Enhancement -
- When "action" value is Monitor","Alert", and "Succeeded" then mapped "security_result.action" to "ALLOW". - When "action" value is "Block" and "BLOCK" then mapped "security_result.action" to "BLOCK". |
2024-01-26 | Enhancement -
- Mapped "dest_port" to "target.port". - Mapped "os_type" to "principal.platform". - Mapped "pop_name" to "additional.fields". - Mapped "domain_name" to "principal.administrative_domain". - Mapped "account_id" to "target.user.userid". - Mapped "event_sub_type" to "metadata.description". - Mapped "rule_name" to "security_result.rule_name". - Mapped "rule_id" to "security_result.rule_id". - Mapped "user_id" to "principal.user.userid". - Mapped "http_host_name" to "principal.hostname" and "principal.asset.hostname". - Mapped "src_site_name", "event_type", "event_count", "dns_name", "insertionDate", "action", "subnet_name", "internalId", "src_site", "categories", "app_stack", "custom_categories", "ISP_name", and "rule" to "additional.fields". - Mapped "src_country_code" to "principal.resource.attribute.labels". - Mapped "dest_country_code" to "target.resource.attribute.labels". - Mapped "src_is_site_or_vpn", and "is_sanctioned_app" to "security_result.detection_fields". - Mapped "src_isp_ip" and "src_ip" to "src.ip" and "src.asset.ip". - Mapped "application" to "principal.application". - Mapped "ip_protocol" to "network.ip_protocol". - Mapped "src_country" and "sourceCountry" to "principal.location.country_or_region". - Mapped "dest_country" to "target.location.country_or_region". - Mapped "tar_ip" and "dest_ip" to "target.ip" and "target.asset.ip". - Mapped "prin_ip" to "principal.ip" and "principal.asset.ip". |
2023-05-19 | Enhancement -
- Added support for new logs by mapping all fields under 'fieldsMap'. - Refactored code wherever possible. |