Change log for FIDELIS_NETWORK
| Date | Changes |
|---|---|
| 2024-10-09 | Enhancement:
- Added support to handle JSON logs. |
| 2024-06-04 | Enhancement:
- Added support for a new pattern of JSON logs. - Mapped "protocol" to "network.application_protocol". - Mapped "alert_type" to "security_result.detection_fields". |
| 2023-09-04 | Enhancement -
- Mapped "event1.sld" to "principal.hostname". - Mapped "event1.sni" to "target.hostname". - Mapped "event1.src_ip6" to "principal.ip". - Mapped "event1.dst_ip6" to "target.ip". - Mapped "event1.sport" to "principal.port". - Mapped "event1.dport" to "target.port". - Mapped "event1.cipher" to "network.tls.cipher". - Mapped "event1.tproto" to "network.ip_protocol". - Mapped "event1.client_asset_name" to "principal.application". - Mapped "event1.direction" to "network.direction". - Mapped "event1.rel_sesid" to "network.session_id". - Mapped "event1.tls_ciphersuite" to "network.tls.cipher". - Mapped "event1.ja3sdigest" to "network.tls.server.ja3s". - Mapped "event1.ja3digest" to "network.tls.client.ja3". - Mapped "event1.srvcerthash" to "target.file.sha1". - Mapped "event1.sha256" to "target.file.sha256". - Mapped "event1.md5" to "target.file.md5". - Mapped "event1.filetype" to "target.file.mime_type". - Mapped "event1.filesize" to "target.file.size". - Mapped "event1.certificate_issuer_name" to "network.tls.client.certificate.issuer". - Mapped "event1.certificate_subject_name" to "network.tls.client.certificate.subject". - Mapped "event1.certificate_start_date" to "network.tls.client.certificate.not_before". - Mapped "event1.certificate_end_date" to "network.tls.client.certificate.not_after". - Mapped "event1.client_packet_count" to "network.sent_bytes". - Mapped "event1.server_packet_count" to "network.received_bytes". - Mapped "event1.session_size" to "network.session_duration.seconds". - Mapped "event1.server_asset_subnet" to "read_only_udm.additional.fields". - Mapped "event1.client_asset_subnet" to "read_only_udm.additional.fields". - Mapped "event1.sha1hash" to "read_only_udm.additional.fields". - Mapped "event1.type" to "read_only_udm.additional.fields". - Mapped "event1.histbuf" to "read_only_udm.additional.fields". - Mapped "event1.sen_name" to "read_only_udm.additional.fields". - Mapped "event1.certificate_subject_altname" to "read_only_udm.additional.fields". - Mapped "event1.certificate_key_usage" to "read_only_udm.additional.fields". - Mapped "event1.certificate_key_length" to "read_only_udm.additional.fields". - Mapped "event1.certificate_extended_key_usage" to "read_only_udm.additional.fields". - Mapped "event1.version" to "network.tls.version". |
| 2023-05-19 | Enhancement -
- Mapped "exe_richsignaturehash", "exe_richsignaturepvhash", "alert_threat_score" to "security_result.detection_fields". |