Change log for CISCO_ESTREAMER
Date | Changes |
---|---|
2024-11-28 | Enhancement:
- Changed the mapping of "hostname" from "principal.hostname" to "intermediary.hostname". - Changed the mapping of "dvchost" from "target.hostname" to "intermediary.hostname". - Mapped "destinationDnsDomain" to "target.hostname" and "target.asset.hostname". - Added event_types "NETWORK_HTTP", "NETWORK_DHCP", and "NETWORK_DNS". |
2024-06-21 | Enhancement:
- Mapped "app" to "network.application_protocol". |
2024-06-20 | Enhancement:
- Mapped "request" to "network.http.referral_url". - Mapped "fsize" to "target.file.size". - Mapped "fileHash" to "target.file.sha256". - Mapped "fileType" to "target.file.mime_type". - Mapped "fname" to "target.file.full_path". - Mapped "deviceExternalId" to "principal.asset.asset_id". - If "deviceDirection" is equal to "1" then mapped "network.direction" to "OUTBOUND" and if "deviceDirection" is equal to "0" then mapped "network.direction" to "INBOUND". - Mapped "app" to "network.application_protocol". - Mapped "destinationDnsDomain" to "network.dns.questions.name". - Mapped "outcome" to "security_result.summary". - If "act" is equal to "Malware Block" then mapped "security_result.action" to "BLOCK". |
2024-06-04 | Bug-fix - Updated Grok to parser unparsed logs. |
2024-05-15 | - Newly created parser.
|