Change log for CISCO_UMBRELLA_AUDIT
| Date | Changes |
|---|---|
| 2025-08-21 | Enhancement:
- Added a grok pattern to support new format of logs. - Added a condition to map event_type to "NETWORK_DNS" if "network_dns_details_present" is equal to "true". - Added a condition to map event_type to "STATUS_UPDATE" if "has_principal" is equal to "true". |
| 2024-01-10 | Enhancement:
- Added support for DNS type logs. - Mapped "date_time" to "metadata.event_timestamp". - Mapped "most_granular_identity", "most_granular_identity_type", "identity_types" and "blocked_categories" to "additional.fields". - Mapped "internal_ip" and "external_ip" to "principal.ip". - Mapped "action_type" to "security_result.action_details". - Mapped "dns_query_type" to "network.dns.questions.type". - Mapped "dns_response_code" to "network.dns.response_code". - Mapped "domain" to "network.dns.questions.name". - Mapped "categories" to "security_result.category_details". |
| 2023-02-28 | Newly created parser. |