Change log for CISCO_WIRELESS
| Date | Changes |
|---|---|
| 2024-09-25 | Enhancement:
- Added support for new pattern of syslog logs. |
| 2024-09-25 | Enhancement:
- Added support for new pattern of syslog logs. |
| 2024-05-28 | Enhancement -
- Mapped "MessageSourceAddress" to "principal.ip" and "principal.asset.ip". - Mapped "SourceModuleName" and "SourceModuleType" to "principal.resource.attribute.labels". - Mapped "intermediary_hostname" to "intermediary.hostname". |
| 2024-03-18 | Enhancement -
- Added new Grok patterns to support new pattern of syslog logs. - Mapped "version" to "metadata.product_version". - Mapped "client_host", and "hostname" to "principal.hostname". - Mapped "client_ip" to "principal.ip". - Mapped "client_mac" to "principal.mac". - Mapped "ap_ip" to "target.ip". - Mapped "ap_mac" to "target.mac". - Mapped "messageToProcess" and "description" to "metadata.description". - Mapped "inter_url" to "intermediary.url". - Mapped "inter_ip" to "intermediary.ip". - Mapped "sec_desc" to "security_result.description". - Mapped "latest_version", "current_version", "certificate", "expiry_date", "clostest_sensor", "ssid", "client", "xid", "failure_reason", "auth_failure_reason", and "interface" to "security_result.detection_fields". - Aligned mappings for "principal.hostname" and "principal.asset.hostname". - Aligned mappings for "target.hostname" and "target.asset.hostname". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". - Mapped "action_data" to "security_result.acion_details". - Mapped "username" to "principal.user.userid". - Mapped "vendor", and "RSSI" to "principal.resource.attribute.labels". - Mapped "vendor", "security_setting", "channel", "protocol", and "RSSI" to "target.resource.attribute.labels". |
| 2024-01-10 | Enhancement -
- Added Grok patterns to parse newly ingested unparsed logs. - Handled logs when the value of "mnemonic" is not null and the value is "SEC_LOGIN-5-LOGIN_SUCCESS" and "CRL_LDAP_QUERY". - Mapped "msg1" to "metadata.description". - Mapped "messageToProcess" to "metadata.description". |
| 2023-02-09 | Enhancement -
- Supported new logs which has field "PARSE_ERROR". - Added grok pattern to support new logs. |
| 2022-09-08 | Fix -
- Corrected a typo error: On line 1239 in include file added comment marker '#' proceeding to the word 'security'. |
| 2022-08-22 | Enhancement
- Moved customer specific parser changes to default parser - Added grok patterns to parse the drop logs - Removed drop tags to enhance the parser - Changed the field mapping of "event.idm.read_only_udm.metadata.event_type" from "GENERIC_EVENT" to "STATUS_UNCATEGORIZED" and "STATUS_UPDATE" - Mapped "messageToProcess" field to "event.idm.read_only_udm.metadata.description" - Mapped "src_ip" field to "event.idm.read_only_udm.principal.ip" - Mapped "wlc_controller" to "event.idm.read_only_udm.principal.hostname" - Mapped "event.idm.read_only_udm.metadata.event_type" to "USER_RESOURCE_ACCESS" |