Change log for CISCO_STEALTHWATCH
Date | Changes |
---|---|
2024-10-29 | Enhancement:
- Added support to handle JSON logs. |
2024-09-26 | Enhancement:
- Added support to parse CEF format logs. |
2024-06-11 | Enhancement:
- Updated the Grok pattern to parse the "emc1502" value and mapped it to "principal.hostname". |
2023-06-19 | Enhancement:
- Mapped "sourceIPv4Address" to "principal.ip". - Mapped "SourceModuleType" to "observer.application". - Mapped "SourceModuleName" to "target.resource.name". - Mapped "MessageSourceAddress" to "principal.ip". - Mapped "SourcePort" to "principal.port". - Mapped "Version" to "metadata.product_version". - Mapped "DestPort" to "target.port". - Mapped "DestIPv4Address" to "target.ip". - Mapped "ProtocolIdentifier" to "network.ip_protocol". - Mapped "inputSNMPIface", "outputSNMPIface", "InPackets" to "additional.fields". |
2023-02-10 | FIX -
- Added new Grok patterns to parse NFS and SMB protocol type logs. |
2022-07-06 | Enhancement-Added mappings for unparsed log (audit, alarm).
FC_Name mapped to principal.user.userid. src mapped to principal.ip. dst mapped to target.ip. Source_HG mapped to principal.location.country_or_region. category mapped to security_result.category_details. details mapped to metadata.description. vendor_severity Minor mapped to security_result.severity (INFORMATIONAL). vendor_severity Major mapped to security_result.severity (ERROR). Added Event_type USER_UNCATEGORIZED for unparsed log. Added additional field Alarm_ID. |