Stay organized with collections
Save and categorize content based on your preferences.
Change log for CISCO_PRIME
Date
Changes
2025-04-30
Enhancement:
- Added grok patterns to parse new pattern of logs.
- event.idm.read_only_udm.metadata.timestamp: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field.
- event.idm.read_only_udm.principal.hostname: Newly mapped `principal_hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field.
- event.idm.read_only_udm.target.hostname: Newly mapped `target_hostname` raw log field with `event.idm.read_only_udm.target.hostname` UDM field.
- event.idm.read_only_udm.target.port: Newly mapped `target_port` raw log field with `event.idm.read_only_udm.target.port` UDM field.
2024-01-26
Bug-Fix:
- Added Grok patterns to reduce percentage of `GENERIC_EVENT` event types.
- Mapped "principal_port" to "principal.port".
- Mapped "ip_address" to "principal.asset.ip".
- Mapped "user_name" to "principal.user.userid".
- Mapped "device_ip" to "principal.ip" and "principal.asset.ip".
- Mapped "client_ip_address" to "principal.ip", "principal.asset.ip".
- Mapped "principal_ip" to "principal.ip", "principal.asset.ip".
- Mapped "Type" to "metadata.product_event_type".
- Mapped "dst_user" to "target.user.userid".
- Mapped "target_ip" to "target.asset.ip".
- Mapped "device_type" to "target.resource.attribute.labels".
- Mapped "device_hostname" to "target.resource.attribute.labels".
- Mapped "sec_description" to "security_result.description".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eThis changelog details updates for CISCO_PRIME, specifically addressing bug fixes related to event type classifications.\u003c/p\u003e\n"],["\u003cp\u003eSeveral mappings have been implemented to improve data organization, including mapping \u003ccode\u003eprincipal_port\u003c/code\u003e to \u003ccode\u003eprincipal.port\u003c/code\u003e and \u003ccode\u003eip_address\u003c/code\u003e to \u003ccode\u003eprincipal.asset.ip\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eUpdates have also mapped various fields to \u003ccode\u003eprincipal.ip\u003c/code\u003e and \u003ccode\u003eprincipal.asset.ip\u003c/code\u003e, such as \u003ccode\u003edevice_ip\u003c/code\u003e, \u003ccode\u003eclient_ip_address\u003c/code\u003e, and \u003ccode\u003eprincipal_ip\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eAdditional field mappings include \u003ccode\u003eType\u003c/code\u003e to \u003ccode\u003emetadata.product_event_type\u003c/code\u003e, \u003ccode\u003edst_user\u003c/code\u003e to \u003ccode\u003etarget.user.userid\u003c/code\u003e, and \u003ccode\u003esec_description\u003c/code\u003e to \u003ccode\u003esecurity_result.description\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe changes on January 26, 2024, involved integrating Grok patterns to reduce \u003ccode\u003eGENERIC_EVENT\u003c/code\u003e event types.\u003c/p\u003e\n"]]],[],null,["Change log for CISCO_PRIME\n\n| Date | Changes |\n|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2025-04-30 | Enhancement: - Added grok patterns to parse new pattern of logs. - event.idm.read_only_udm.metadata.timestamp: Newly mapped \\`ts\\` raw log field with \\`event.idm.read_only_udm.metadata.event_timestamp\\` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped \\`principal_hostname\\` raw log field with \\`event.idm.read_only_udm.principal.hostname\\` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped \\`target_hostname\\` raw log field with \\`event.idm.read_only_udm.target.hostname\\` UDM field. - event.idm.read_only_udm.target.port: Newly mapped \\`target_port\\` raw log field with \\`event.idm.read_only_udm.target.port\\` UDM field. |\n| 2024-01-26 | Bug-Fix: - Added Grok patterns to reduce percentage of \\`GENERIC_EVENT\\` event types. - Mapped \"principal_port\" to \"principal.port\". - Mapped \"ip_address\" to \"principal.asset.ip\". - Mapped \"user_name\" to \"principal.user.userid\". - Mapped \"device_ip\" to \"principal.ip\" and \"principal.asset.ip\". - Mapped \"client_ip_address\" to \"principal.ip\", \"principal.asset.ip\". - Mapped \"principal_ip\" to \"principal.ip\", \"principal.asset.ip\". - Mapped \"Type\" to \"metadata.product_event_type\". - Mapped \"dst_user\" to \"target.user.userid\". - Mapped \"target_ip\" to \"target.asset.ip\". - Mapped \"device_type\" to \"target.resource.attribute.labels\". - Mapped \"device_hostname\" to \"target.resource.attribute.labels\". - Mapped \"sec_description\" to \"security_result.description\". |"]]