Stay organized with collections Save and categorize content based on your preferences.

Change log for CISCO_MERAKI

Date Changes
2022-11-25 Enhancement -
- Added support for unparsed JSON logs, network_dns query logs and failing syslog+kv_data logs.
- Mapped "metadata.eventType" to RESOURCE_CREATION, FILE_UNCATEGORIZED, SETTING_MODIFICATION, NETWORK_UNCATEGORIZED,
GROUP_UNCATEGORIZED, PROCESS_LAUNCH, PROCESS_TERMINATION, STATUS_UNCATEGORIZED, SYSTEM_AUDIT_LOG_UNCATEGORIZED,
USER_LOGOUT, USER_LOGIN, RESOURCE_PERMISSIONS_CHANGE, USER_RESOURCE_ACCESS based on "EventID" for json logs.
- Mapped "previlage_list","DisabledPrivilegeList","EnabledPrivilegeList" to "target.user.attribute.permissions".
- Mapped "GroupMembership" to "target.user.group_identifiers".
- Mapped "AccessList" to "target.resource.attribute".
- Mapped "auth_mechanism" to "extensions.auth.mechanism".
- Mapped "question" to "network.dns.questions".
- Set "security_result.priority" based on "priority" value.
- Mapped "RecordNumber" to "metadata.product_log_id".
2022-10-06 Enhancement -
- Mapped "dvc" to "intermediary.hostname".
- Mapped "eventType" to "metadata.product_event_type".
- Mapped "pattren" to "security_result.action_details".
- Mapped "principalMac" to "principal.mac".
- Mapped "principalIp" to "principal.ip".
- Added null check for "dstIp" prior mapping to udm.
2022-07-04 Enhancement -
- When "protocol" is equal to "47" then set "protocol" to "GRE".
- When "protocol" is equal to "50" then set "protocol" to "ESP".
- Added kv block when "eventType" is equal to "events".
- Mapped "identity" to "target.user.userid".
- Mapped "last_known_client_ip" to "principal.ip".
- When "eventSummary" is equal to "association".
- Mapped "client_ip" to "principal.ip";
- Mapped "client_mac" to "principal.mac".
- Mapped "rssi" to "intermediary.asset.product_object_id".
- Mapped "channel" to "security_result.detection_fields".
- Mapped "aid" to "network.session_id".
2022-06-15 Enhancement -
- Mapped "lastSeen", "firstSeen", "wiredLastSeen" to "security_result.detection_fields".
- Mapped "wiredMacs" to "intermediary.mac".
- Mapped "type" to "security_result.summary".
- Mapped "description" to "security_result.description".
- Mapped "deviceSerial" to "_target_hardware.serial_number".
- Mapped "deviceName" to "target.hostname".
- Mapped "ssidName", "clientId", "clientDescription" to "additional.fields".
- Mapped "eventData.client_mac" to "principal.mac".
- Mapped "eventData.identity" to "principal.hostname".
- Mapped "eventData.aid" to "principal.asset_id".
- Mapped "organizationId" to "principal.resource.id".
- Mapped "eventData.group" to "principal.group.group_display_name".
- Mapped "eventData.client_ip" to "principal.ip".
- Mapped "occurredAt" to "metadata.event_timestamp".
2022-05-04 Enhancement - Added mapping for hostname.
2022-04-13 Enhancement - Added parsing of logs of JSON type.