Stay organized with collections
Save and categorize content based on your preferences.
Change log for DELL_SWITCH
Date
Changes
2024-04-04
- Added Grok patterns to parse new log type.
- Mapped "prod_event_type" to "metadata.product_event_type".
- Mapped "ip" to "principal.ip".
- Mapped "dest_ip" to "target.ip".
- Mapped "target_url" to "target.url".
- Mapped "sec_description" to "security_result.description".
- Mapped "action_details" to "security_result.action_details".
2024-01-04
- Added Grok patterns for newly ingested logs.
- Added date block when "datetime" is in "SYSLOGTIMESTAMP" format.
- Mapped "softwareName" to "principal.asset.software.name".
- Mapped "swVersion" to "principal.asset.software.version".
- Mapped "port" to "principal_port".
- Mapped "user" to "principal.user.userid" and set "metadata.event_type" to "USER_UNCATEGORIZED" when "user" is present.
- Mapped "application" to "principal.application".
- Mapped "ip" to "principal.ip".
- Set "sec_result.severity" to "INFORMATIONAL" when "severity" is "IFMGR-5-OSTATE_DN".
- Mapped "msg" to "metadata.description".
