Change log for DELL_SWITCH
Date | Changes |
---|---|
2024-04-04 | - Added Grok patterns to parse new log type.
- Mapped "prod_event_type" to "metadata.product_event_type". - Mapped "ip" to "principal.ip". - Mapped "dest_ip" to "target.ip". - Mapped "target_url" to "target.url". - Mapped "sec_description" to "security_result.description". - Mapped "action_details" to "security_result.action_details". |
2024-01-04 | - Added Grok patterns for newly ingested logs.
- Added date block when "datetime" is in "SYSLOGTIMESTAMP" format. - Mapped "softwareName" to "principal.asset.software.name". - Mapped "swVersion" to "principal.asset.software.version". - Mapped "port" to "principal_port". - Mapped "user" to "principal.user.userid" and set "metadata.event_type" to "USER_UNCATEGORIZED" when "user" is present. - Mapped "application" to "principal.application". - Mapped "ip" to "principal.ip". - Set "sec_result.severity" to "INFORMATIONAL" when "severity" is "IFMGR-5-OSTATE_DN". - Mapped "msg" to "metadata.description". |
2023-11-02 | - Newly created parser.
|