Change log for OPENSSH
| Date | Changes |
|---|---|
| 2024-01-23 | Enhancement:
- Modified a Grok pattern to parse the entire value in "target.user.userid". |
| 2023-10-05 | Enhancement:
- Modified the existing mapping: "target.file.sha256" mapped to "network.tls.client.certificate.sha256". |
| 2023-08-25 | Enhancement:
- Added a Grok pattern to parse unparsed logs and mapped the fields accordingly. |
| 2023-05-05 | Enhancement:
- Modified the existing mapping, "principal.hostname" mapped to "target.hostanme". |
| 2022-10-25 | Enhancement:
Added and modified GROK pattern for "message" and "description" fields. Mapped "pwd" to "target.file.full_path". Mapped "Sha256" to "target.file.sha256". Mapped "command" to "target.process.command_line". Mapped "tty" to "security_result.about.resource.attribute.labels". Mapped "metadata.event_type" as "STATUS_UPDATE" wherever possible. |
| 2022-05-18 | User login action logs such as "auth success - with public key, auth success - with password, auth fail with password" are handled.
Mapped "USER_LOGIN" to "metadata.event_type". Mapped "User name" to "target.user.userid". Mapped "Source ip" to "principal.ip". Mapped "Source port" to "principal.port". Mapped "MECHANISM_UNSPECIFIED" to "extensions.auth.mechanism". |