Change log for NUTANIX_PRISM
| Date | Changes |
|---|---|
| 2024-02-21 | Enhancement:
- When "inner_message" is not empty and "not_json" is "true", then set "audit_log" to "true" to support dropped JSON logs. - Aligned "principal.ip" and "principal.asset.ip" mappings. - Aligned "target.ip" and "target.asset.ip" mappings. - Aligned "principal.hostname" and "principal.asset.hostname" mappings. - When "network_set" is "false", "has_principal" is "true", "has_target" is "false" and "audit_log" is "false", then set "metadata.event_type" to "STATUS_UPDATE". - When "network_set" is "true", "has_principal" is "true", "has_target" is "false" and "audit_log" is "false", then set "metadata.event_type" to "GENERIC_EVENT". |
| 2024-01-12 | Enhancement:
- Added support for new format of syslog logs. - Added a null conditional check before mapping "logstash.ingest.host" to "intermediary.hostname". - Added a null conditional check before mapping "logstash.process.host" to "intermediary.hostname". - Added a null conditional check before mapping "logstash.collect.host" to "observer.ip". |
| 2023-12-23 | Enhancement:
- Added support for new type of AUDIT logs. - Added new Grok patterns to parse SYSLOG+JSON logs. - Mapped "affectedEntityList" and "alertUid" to "security_result.detection_fields". - Mapped "clientIp" and "params.requested_ip_address" to "principal.ip". - Mapped "defaultMsg" to "metadata.description". - Mapped "operationType" to "metadata.product_event_type". - Mapped "originatingClusterUuid" and "sessionId" to "additional.fields". - Mapped "params.mac_address" to "principal.mac". - Mapped "uuid" to "metadata.product_log_id". - Mapped "userName" to "principal.user.user_display_name". - Mapped "params.vm_name" to "target.resource.name". |
| 2023-01-23 | Enhancement:
- Mapped "logstash.ingest.host" to "intermediary[0].hostname" instead of "observer.hostname". - Mapped "logstash.collect.host" to "observer.ip". - Added null check for "logstash.ingest.host". |