Stay organized with collections Save and categorize content based on your preferences.

Change log for CISCO_EMAIL_SECURITY

Date Changes
2022-09-22 Enhancement
- Added a grok pattern for unparsed logs, having the field "product_event" as empty.
2022-08-02 Enhancement
- Added conditions for newly added event_type "STATUS_UPDATE", "USER_UNCATEGORIZED", "SCAN_PROCESS"
- Mapped "attack" to "security_result.category_details"
- Enahanced parser to parse "ESAAttachmentDetails" field of different types of logs.
2022-06-09 Enhancement- Mapped "from_user" to "principal.user.user_display_name".
- Updated "metadata.product_event_type" from "Consolidated Log Event" to "ESA_CONSOLIDATED_LOG_EVENT".
2022-06-07 Enhancement- Mapped suser to network.email.bounce_address.
2022-05-17 Enhancement - Mapped duser to network.email.to.
- Added on_error for product_version and product_description fields to avoid null value mapping to UDM.
- Added additional logic to parse logs starting with "DAY TIMESTAMP YEAR" format, for example: Wed Feb 18 00:34:12 2021.
2022-05-05 Enhancement-Used grok for network.email.from
2022-03-31 Enhancement-Added mappings for new fields.
- ESAReplyTo mapped to network.email.reply_to.
- duser mapped to network.email.to.