Change log for CYBERX
| Date | Changes |
|---|---|
| 2025-01-23 | Enhancement:
- Added a Grok pattern to parse the new format of logs. - Mapped "product_version_x" to "metadata.product_version". - Mapped "pro_event_type" to "metadata.product_event_type". - Mapped "title" to "security_result.description". - Mapped "msg" to "metadata.description". - Added a Grok pattern to parse "client_ip". - Mapped "client_ip" to "principal.ip" and "principal.asset.ip". - Mapped "protocol" to "network.application_protocol". - Mapped "type" to "security_result.detection_fields". - Mapped date format "MMM dd yyyy HH:mm:ss" to "metadata.event_timestamp". - Mapped "src_ip" to "principal.ip" and "principal.asset.ip". - Mapped "dst_ip" to "target.ip". - Mapped "src_mac" to "principal.mac". - Mapped "cat" to "security_result.detection_fields". |
| 2025-01-08 | Enhancement:
- Mapped "timestamp" and "ts" to "metadata.event_timestamp". - Mapped "type" to "security_result.detection_fields". |
| 2024-06-25 | Enhancement:
- Added support for the CEF format of syslog logs. - Added support for new pattern of XML logs. |
| 2024-05-15 | Enhancement:
- Modified KV pattern to handle new pattern of SYSLOGS. - Mapped "source_ip2" to "principal.ip" and "principal.asset.ip". - Mapped "destination_ip2" to "target.ip" and "target.asset.ip". - Mapped "Severity" to "security_result.severity_details". - Aligned "principal.ip" and "principal.asset.ip" mappings. - Aligned "target.ip" and "target.asset.ip" mappings. - Aligned "principal.hostname" and "principal.asset.hostname" mappings. - Aligned "target.hostname" and "target.asset.hostname" mappings. |
| 2023-12-06 | - Newly created parser.
|