Date Changes
2024-06-11 Enhancement:
- Updated the Grok pattern to parse the "emc1502" value and mapped it to "principal.hostname".
2023-06-19 Enhancement:
- Mapped "sourceIPv4Address" to "principal.ip".
- Mapped "SourceModuleType" to "observer.application".
- Mapped "SourceModuleName" to "".
- Mapped "MessageSourceAddress" to "principal.ip".
- Mapped "SourcePort" to "principal.port".
- Mapped "Version" to "metadata.product_version".
- Mapped "DestPort" to "target.port".
- Mapped "DestIPv4Address" to "target.ip".
- Mapped "ProtocolIdentifier" to "network.ip_protocol".
- Mapped "inputSNMPIface", "outputSNMPIface", "InPackets" to "additional.fields".
2023-02-10 FIX -
- Added new Grok patterns to parse NFS and SMB protocol type logs.
2022-07-06 Enhancement-Added mappings for unparsed log (audit, alarm).
FC_Name mapped to principal.user.userid.
src mapped to principal.ip.
dst mapped to target.ip.
Source_HG mapped to principal.location.country_or_region.
category mapped to security_result.category_details.
details mapped to metadata.description.
vendor_severity Minor mapped to security_result.severity (INFORMATIONAL).
vendor_severity Major mapped to security_result.severity (ERROR).
Added Event_type USER_UNCATEGORIZED for unparsed log.
Added additional field Alarm_ID.