Change log for INFOBLOX
Date | Changes |
---|---|
2024-09-17 | Enhancement:
- Added a Grok pattern to support unparsed logs. |
2024-05-03 | Enhancement:
- Parsed unparsed NIOS logs by adding a new Grok pattern and KV filter. |
2024-04-29 | Enhancement:
- Added a Grok pattern to parse syslog logs. |
2024-02-23 | Enhancement:
- Mapped "queries" section in log to "network.dns.questions". |
2023-11-07 | Enhancement - Parsed DNS response logs by adding new Grok patterns. |
2023-10-30 | Enhancement - Parsed unparsed DNS logs using a Grok pattern. |
2023-03-09 | - Mapped "question.type" based on the "record_type" in the log.
|
2023-01-16 | Bug-fix - Added grok pattern for login and logout related logs. - Mapped "USER_LOGIN" to "metadata.event_type" when "desc" is "login_allowed","login_denied". - Mapped "USER_LOGOUT" to "metadata.event_type" when "desc" is "logout". - Mapped "group" to "target.user.group_identifiers". - Mapped "to" to "role.name". - Mapped "trigger_event" to "seecurity_result.summary". - Mapped "SSO" to "extensions.auth.type" based on "auth". - Mapped "auth" to "extensions.auth.auth_details". - Mapped "SERVICE","REMOTE" to "extensions.auth.mechanism" based on "apparently_via". - Mapped "sys_host" to "principal.hostname" when "principal_ip" and "intermediary_ip" is null. - Mapped "dns_question" to "network.dns.questions". - Mapped "answers1" to "network.dns.answers". - Mapped "USER_RESOURCE_ACCESS" to "metadata.event_type" when "principal_ip","clientMac" and "intermediary_ip" are null and "event_type" is "STATUS_UPDATE". - Mapped "principal_ip" to "principal.ip". - Mapped "principal_port" to "principal.port". |
2022-12-12 | - Added a grok pattern for "eventType" = "success".
|
2022-08-05 | - Modified "event_type" from "GENERIC_EVENT" to "STATUS_UPDATE" to reduce generic percentage.
- Mapped "event.idm.read_only_udm.principal.ip" as "event.idm.read_only_udm.intermediary.ip" where "event.idm.read_only_udm.principal.ip" is null in order to facilitate mapping of "event_type" to "STATUS_UPDATE". |
2022-07-10 | Enhancement - Modified grok pattern to parse the logs.
Handled the dropped logs and mapped them to valid event_types. - Dropped logs had following eventType, which are now handled: "forward map", "Reverse", "Forward", "Removed", "Processed", "Dynamic", "Lease", "Unable", "reverse map", "bind", "map update", "parse_option_buffer", "Added","DDNS", "ICMP","update-security" ,"update","notify","general","LPF", "Sending". - Also, following "process" were dropped earlier are now handled: "netauto_discovery", "ntpd". - Other condition checks like "msg1" containing "DNS update latency|pool|syslog|declaration|write|Consortium|reserved|duplicate|leases|visit|disconnected" are handled. - Added new code block to handle "forward map", "Forward map", "Reverse map" and "reverse map" and made them parse. - Added new code block to handle "bind", "netauto_discovery" and made them parse. - Changed event type from "GENERIC_EVENT" to "STATUS_UPDATE" wherever possible. |
2022-05-08 | Bug - Changing the parser logic to map hostname.
|