Change log for FORCEPOINT_WEBPROXY
| Date | Changes |
|---|---|
| 2024-07-10 | Enhancement:
- Added the Grok patterns for new KV format logs. - Mapped "username" to "principal.user.userid". - Mapped "cs-uri" to "target.url". - Mapped "cs-uri-query" , "time-taken" , "filter-category" , "cs-uri-path" , "cs-uri-extension" and "rs_content_type" to "additional.fields". - If "sc-filter-result" is "OBSERVED" then set "security_result.action" to "ALLOW" , else if "sc-filter-result" is "DENIED" then set "security_result.action" to "BLOCK" , else set "security_result.action" to "ALLOW". - Mapped "cs-auth-group" to "principal.user_group_identifiers". - Mapped "cs-method" to "network.http.method". - Mapped "sc-status" to "response_code". - Mapped "s-action" to "security_result.detection_fields". - Mapped "srcport" to "principal.port". - Mapped "dstport" to "target.port". - Mapped "sc-bytes" to "network.received_bytes". - Mapped "cs-bytes" to "network.sent_bytes". - Mapped "cs" to "security_result.summary". - Mapped "cs_referer" to "network.http.referral_url". - Mapped "cs-host" to "target.hostname". |
| 2024-06-10 | Enhancement:
- Added support for CSV format logs. |
| 2023-06-12 | Enhancement:
- Modified Grok pattern to parse failing logs in which some of the values are present as '-'. - Added condition check for field 'http_response' before mapping. |
| 2022-08-11 | Enhancement:
- Modified grok to parse CEF type logs with no syslog header. |
| 2022-05-16 | Enhancement: mapped category number to security_result.detection_fields.
|
| 2022-05-05 | Enhancement:
dded mapping for fields: requestClientApplication to http.user_agent. proxyStatus-code to http.response_code. disposition and cn1 to security_result.detection_fields. Mapped 'cs2' field to 'security_result.category_details' if the value of 'cs2Label' is 'DynCat'. Mapped 'cs2' field to 'security_result.detection_fields' if the value of 'cs2Label' is 'NatRuleId'. |