Stay organized with collections
Save and categorize content based on your preferences.
Change log for IBM_SAM
Date
Changes
2024-11-19
Enhancement:
- Added a new Grok pattern to parse new format of syslog logs.
2024-03-08
Enhancement:
- Added support for new pattern of syslog logs.
- Mapped "src_host" to "principal.hostname" and "principal.asset.hostname".
- Mapped "src_port" to "principal.port".
- Mapped "user_name" to "principal.user.userid".
- Mapped "src_application" to "principal.application".
- Mapped "product_event_type" to "metadata.product_event_type".
- Mapped "description" to "metadata.description".
- Mapped "target_hostname" to "target.hostname".
- Mapped "src_resource" to "principal.resource.name".
- Mapped "severity" to "security_result.severity".
- Mapped "pid" to "principal.process.pid".
- Mapped "file_name" to "principal.file.full_path".
- Mapped "connection_type" to "additional.fields".
- Aligned mappings for "principal.ip" and "principal.asset.ip".
- Aligned mappings for "target.ip" and "target.asset.ip".
2023-09-12
Enhancement:
- Added a Grok pattern to support new log format.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The IBM_SAM parser has been newly created as of 2023-05-21."],["Support for new syslog log patterns has been added and enhanced, with updates on 2023-09-12, 2024-03-08, and 2024-11-19."],["Several fields, including \"src_host\", \"src_port\", \"user_name\", and others, have been mapped to standardized fields within the parser on 2024-03-08."],["New Grok patterns have been introduced to handle various log formats, on 2023-09-12 and 2024-11-19."]]],[]]
