Change log for FIREEYE_HX
| Date | Changes |
|---|---|
| 2024-01-04 | Enhancement:
- Added support for dropped logs. - Mapped "client" to "principal.ip". - Mapped "principal_ip" to "principal.ip". - Mapped "remoteaddress" to "principal.ip". - Mapped "host_" to "principal.hostname". - Mapped "line" to "principal.application". - Mapped "username" to "principal.user.userid". - Mapped "client_app_type" to "principal.resource.attribute.labels". - Mapped "upstream" to "target.url". - Mapped "role" to "target.user.role_name". - Mapped "server" to "target.resource.attribute.labels". - Mapped "localusername" to "target.user.user_display_name". - Mapped "request" to "additional.fields". - Mapped "mlocked" to "additional.fields". - Mapped "kernel_stack" to "additional.fields". - Mapped "sessionID" to "network.session_id". - Mapped "auth_mechanism" to "extensions.auth.mechanism". - Mapped "authsubmethod" to "extensions.auth.auth_details". |
| 2023-05-08 | Enhancement -
- Supported new type of JSON logs. - "client_ip" mapped to "principal.ip". - "client_src_port" mapped to "principal.port". - "ssl_version" mapped" to "network.tls.version_protocol". - "ssl_cipher" mapped to "network.tls.cipher". - "method" mapped to "network.http.method". - "uri_path" mapped to "network.http.referral_url". - "persistent_session_id" mapped to "network.session_id". - "uri_query" mapped to "additional.fields". - "rewritten_uri_query" mapped to "additional.fields". - "virtualservice" mapped to "additional.fields". - "service_engine" mapped to "additional.fields". - "etag" mapped to "additional.fields". - "pool" mapped to "additional.fields". - "pool_name" mapped to "additional.fields". - "request_state" mapped to "additional.fields". - "compression" mapped to "additional.fields". - "vs_name" mapped to "additional.fields". - "request_id" mapped to "additional.fields". - "headers_received_from_server.Server" mapped to "additional.fields". - "headers_received_from_server.X-Request-Id" mapped to "additional.fields". - "headers_received_from_server.X-Server-Id" mapped to "additional.fields". |
| 2023-04-24 | Enhancement -
- Added support for CEF format logs. |
| 2022-08-19 | Fix -
- Mapped event_values.ipv4NetworkEvent/localIP to "principal.ip". - Renamed event to event1 from log to avoid no descriptor error. - Added null check to host_details.data.primary_ip_address prior mapping it to "principal.ip". - Added null check to host_details.data.primary_mac prior mappig to "principal.mac". - Added null check to alert.reported_at prior mapping to "event.timestamp". |