Change log for FORCEPOINT_DLP
| Date | Changes |
|---|---|
| 2024-08-05 | Enhancement:
- When "act" is "Quarantined", then mapped "act" to "security_result.action_details" and "security_result.action" to "ALLOW". - Mapped "caseDescription" to "metadata.description". - Mapped "eventIDs" to "metadata.product_event_type". - When "sourceServiceName" is a valid application_protocol, then mapped "sourceServiceName" to "network.application_protocol". - Mapped "productVersion" to "metadata.product_version". - Mapped "riskScore" to "additional.fields". |
| 2024-05-20 | Enhancement:
- Mapped "fname" to "target.file.full_path". - Mapped "destinationHosts" to "target.hostname" and "target.asset.hostname". - Mapped "productVersion" and "analyzedBy" to "additional.fields". |
| 2024-03-25 | Bug-fix:
- Added support for new format logs. - Mapped "timeStamp" to "metadata.event_timestamp". - Mapped "act" to "security_result.description". - Mapped "cat" to "security_result.category_details". - Mapped "severityType" to "security_result.severity". - Mapped "msg" to "metadata.description". - Mapped "eventId" to "metadata.product_log_id". - Mapped "sourceServiceName" to "principal.application". - Mapped "sourceHost" to "principal.hostname" and "principal.asset.hostname". - Mapped "sourceIp" to "principal.ip" and "principal.asset.ip". - Mapped "suser" to "principal.user.userid". - Mapped "loginName" to "principal.user.user_display_name". |
| 2022-11-07 | - Newly Created Parser.
|