Change log for FORCEPOINT_FIREWALL
| Date | Changes |
|---|---|
| 2025-02-11 | Enhancement:
- Changed "inter_hostname" mapping from "principal.hostname" and "principal.asset.hostname" to "intermediary.hostname" and "intermediary.asset.hostname". - Modified the Grok pattern to parse IP address to "intermediary.ip". |
| 2025-01-23 | Enhancement:
- Modified the Grok pattern to parse the unparsed logs. |
| 2024-12-04 | Enhancement:
- Modified "eventid" mapping from "metadata.product_log_id" to "security_result.rule_id". - Modified "log_id" mapping from "additional_fields" to "metadata.product_log_id". |
| 2024-11-13 | Enhancement:
- Mapped "eventid" to "metadata.product_log_id". - Moved "log_id" mapping from "metadata.product_log_id" to "additional_fields". |
| 2023-02-16 | Bug Fix
- Fixed the error when the target field is not set while generating event type "NETWORK_CONNECTION". - Modified the code to handle addition errors found in testing. |
| 2022-10-06 | Enhancement - Added condition to Map "NodeId" to "principal.ip" when "Src" and "Dst" is empty.
|
| 2022-06-27 | Enhancement - Following fields were added
Mapped "Action" to "security_result.action_details". Mapped "AccElapsed" to "network.session_duration.seconds". Mapped "Type" to "security_result.severity_details". Mapped security_result.severity as "LOW" for "Type" having value "Notification". |