Change log for FORESCOUT_NAC
Date | Changes |
---|---|
2024-11-07 | Enhancement:
- Mapped "cat" to "security_result.alert_state". - Mapped "eventtype" to "security_result.category_details". - Mapped "device_event_class_id" to "security_result.rule_id" and "event_name" to "security_result.summary". |
2024-11-05 | Bug-fix:
- Added support for new format of SYSLOG logs. |
2024-04-22 | Bug-fix:
- Removed drop condition to parse unparsed logs. |
2024-02-05 | Enhancement:
- Mapped "eventtype" to "additional.fields". |
2024-01-29 | Bug-Fix:
- Added new Grok patterns to parse CEF logs. - Added condition to avoid conversion failure for "principal.port". - Mapped "username" to "principal.user.userid". - Mapped "action" to "security_result.action_details". - Mapped "resource" to "principal.resource.name". - Mapped "command" to "principal.process.command_line". - Mapped "version" to "metadata.product_version". - Added Grok patterns to parse the missing field values in description. - Mapped "source_ip" to "principal.asset.ip". - Mapped "target_ip" to "target.asset.ip". - Mapped "computer_name" to "target.asset.hostname". - Mapped "destination" to "target.asset.hostname". - Mapped "Target" to "target.asset.hostname". - Mapped "Hostname" to "principal.asset.hostname". - Mapped "Source" to "principal.asset.hostname". - Mapped "middle_ip" to "intermediary.asset.ip". - Mapped "iporhost" to "intermediary.asset.hostname". - Mapped "Host" to "principal.asset.hostname". |
2023-12-21 | Bug-Fix:
- Added new Grok patterns for unparsed SYSLOG logs. - Mapped "CPU usage", "Available memory", "Used memory", "Available swap", "Used swap", "Application status", "Connected Clients", "EM connection status", "Assigned hosts", "Engine status" and "Installed plugins" to "additional.fields". - Added condition to check if message contains "CEF:" to parse "CEF" logs. |
2023-05-31 | Enhancement:
- Enhanced parser to reduce "GENERIC_EVENT" and set the "metadata.event_type" to a more appropriate value. |
2022-10-07 | Enhancement:
- Enhanced the parser to support CEF format logs. |