Change log for IBM_SAM
| Date | Changes |
|---|---|
| 2024-03-08 | Enhancement:
- Added support for new pattern of syslog logs. - Mapped "src_host" to "principal.hostname" and "principal.asset.hostname". - Mapped "src_port" to "principal.port". - Mapped "user_name" to "principal.user.userid". - Mapped "src_application" to "principal.application". - Mapped "product_event_type" to "metadata.product_event_type". - Mapped "description" to "metadata.description". - Mapped "target_hostname" to "target.hostname". - Mapped "src_resource" to "principal.resource.name". - Mapped "severity" to "security_result.severity". - Mapped "pid" to "principal.process.pid". - Mapped "file_name" to "principal.file.full_path". - Mapped "connection_type" to "additional.fields". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". |
| 2023-09-12 | Enhancement:
- Added a Grok pattern to support new log format. |
| 2023-05-21 | Newly created parser.
|