Change log for INFOBLOX_DNS
| Date | Changes |
|---|---|
| 2023-01-19 | Enhancement:
- Added Grok pattern to support new Syslog. - Added mapping for following: - If log contains any ip protocol, such as TCP or UDP, value is mapped to "network.ip_protocol".. - If log contains any intermediary IP address or hostname, value is mapped to "intermediary.ip/intermediary.hostname". |
| 2022-09-09 | Enhancement:
- Modified and properly mapped the field 'syslog_timestamp' to 'metadata.event_timestamp'. |
| 2022-08-25 | Enhancement:
- Mapped the field 'syslog_timestamp' to 'metadata.event_timestamp'. - Added grok and conditional checks for the field 'smac' mapped to 'principal.mac'. - Added conditional checks for the field 'dns_domain' mapped to 'network.dns.questions'. - Added conditional checks for the field 'name1' mapped to 'network.dns.answers.name'. - Added conditional checks for the field 'ttl1' mapped to 'network.dns.answers.ttl'. |
| 2022-07-15 | Bugfix - Removed last character if it is dot from network.dns.questions.name, network.dns.answers.name, network.dns.answers.data
|
| 2022-06-02 | Bug-fix - IP was not extracted properly from syslog log so modified the grok to extract it properly.
Enhancement - Provided support for CEF format logs. Mapped the following new fields:- InfobloxB1OPHIPAddress to principal.ip InfobloxDNSQType to dns.questions.type destinationDnsDomain to dns.questions.name InfobloxB1Region to principal.location.country_or_region |
| 2022-04-28 | Removed extra word "query:" from "network.dns.questions.name" field.
|
| 2022-02-09 | Enhancement:
Wrote a grok to extract 'hostname' and changed 'event_type'accordingly. - Mapped 'src_host' to 'principal.hostname'. - Mapped appropriate 'event_type'. |