Stay organized with collections
Save and categorize content based on your preferences.
Change log for OPENSSH
Date
Changes
2024-01-23
Enhancement:
- Modified a Grok pattern to parse the entire value in "target.user.userid".
2023-10-05
Enhancement:
- Modified the existing mapping: "target.file.sha256" mapped to "network.tls.client.certificate.sha256".
2023-08-25
Enhancement:
- Added a Grok pattern to parse unparsed logs and mapped the fields accordingly.
2023-05-05
Enhancement:
- Modified the existing mapping, "principal.hostname" mapped to "target.hostanme".
2022-10-25
Enhancement:
Added and modified GROK pattern for "message" and "description" fields.
Mapped "pwd" to "target.file.full_path".
Mapped "Sha256" to "target.file.sha256".
Mapped "command" to "target.process.command_line".
Mapped "tty" to "security_result.about.resource.attribute.labels".
Mapped "metadata.event_type" as "STATUS_UPDATE" wherever possible.
2022-05-18
User login action logs such as "auth success - with public key, auth success - with password, auth fail with password" are handled.
Mapped "USER_LOGIN" to "metadata.event_type".
Mapped "User name" to "target.user.userid".
Mapped "Source ip" to "principal.ip".
Mapped "Source port" to "principal.port".
Mapped "MECHANISM_UNSPECIFIED" to "extensions.auth.mechanism".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-06 UTC."],[[["Recent updates include modifications to Grok patterns for improved log parsing, such as parsing the entire value in \"target.user.userid\"."],["Several existing mappings have been modified, including \"target.file.sha256\" which now maps to \"network.tls.client.certificate.sha256\", and \"principal.hostname\" which now maps to \"target.hostname\"."],["New Grok patterns have been added to parse previously unparsed logs, with corresponding field mappings to improve data organization and analysis."],["Fields such as \"pwd\", \"Sha256\", \"command\", and \"tty\" have been mapped to new fields, including \"target.file.full_path\", \"target.file.sha256\", \"target.process.command_line\", and \"security_result.about.resource.attribute.labels\", respectively."],["User login actions like successful and failed authentications are now handled, with fields such as \"USER_LOGIN,\" \"User name,\" \"Source ip,\" and \"Source port\" mapped to specific metadata fields."]]],[]]
