Change log for RADWARE_FIREWALL
| Date | Changes |
|---|---|
| 2025-02-11 | Enhancement:
- Mapped "applicationName" to "principal.application". - Mapped "action" to "security_result.action_details". - Mapped "appPath" to "principal.file.full_path". - Mapped "destinationIp" to "target.ip" and "target.asset.ip". - Mapped "destinationPort" to "target.port". - Mapped "directory" to "principal.process.file.full_path". - Mapped "enrichmentContainer.geoLocation.countryCode" to "principal.location.country_or_region". - Mapped "enrichmentContainer.contractId" to "additional.fields". - Mapped "applicationId" to "additional.fields". - Mapped "tenant" to "additional.fields". - Mapped "owaspCategory2021" to "additional.fields". - Mapped "externalIp" to "intermediary.ip". - Mapped "host" to "principal.hostname". - Mapped "method" to "network.http.method". - Mapped "passive" to "additional.fields". - Mapped "protocol" to "network.application_protocol". - Mapped "request" to "additional.fields". - Mapped "role" to "principal.user.role_name". - Mapped "security" to "additional.fields". - Mapped "sourceIp" to ""principal.ip" and "principal.asset.ip". - Mapped "sourcePort" to "principal.port". - Mapped "targetModule" to "additional.fields". - Mapped "title" to "metadata.description". - Mapped "transId" to "additional.fields". - Mapped "URI" to "target.file.full_path". - Mapped "user" to "principal.user.role_description". - Mapped "vhost" to "security_result.detection_fields". - Mapped "violationCategory" to "additional.fields". - Mapped "violationDetails" to "security_result.summary". - Mapped "violationType" to "security_result.description". - Mapped "webApp" to "additional.fields". - Mapped "severity" to "security_result.severity". - Mapped "paramName" to "additional.fields". - Mapped "paramValue" to "additional.fields". - Mapped "paramType" to "additional.fields". - Mapped "receivedTimeStamp" to "metadata.event_timestamp". |
| 2024-09-17 | Enhancement:
- Added support to map all "src_ip" to "principal.ip" and "principal.asset.ip". - Added support to map all "dst_ip" to "target.ip" and "target.asset.ip". |
| 2024-07-23 | Enhancement:
- Added Grok patterns to parse a new pattern of syslog logs. |
| 2024-06-18 | Enhancement:
- Reordered the Grok patterns to optimize the parsing time. |
| 2024-06-11 | Enhancement:
- Added Grok patterns to parse unparsed logs. |
| 2023-12-08 | Enhancement:
- Modified a Grok pattern to properly parse "src_ip". |
| 2023-11-23 | Enhancement:
- Added new Grok patterns to support new unparsed pattern of SYSLOGS. - Added support for new date pattern of "ts". - Initialized "attack_type", "attack_desc", "protocol_number_src", "security_result", "action", "product" to null. - Added null check to "product" before mapping to "event.idm.read_only_udm.metadata.product_name". - Added null check to "rule_id" before mapping to "event.idm.read_only_udm.security_result.rule_id". - Added null check to "attack_desc" before mapping to "event.idm.read_only_udm.security_result.description". - Added null check to "attack_type" before mapping to "event.idm.read_only_udm.security_result.threat_name". - Mapped "username" to "event.idm.read_only_udm.principal.user.userid". - Mapped "command" to "event.idm.read_only_udm.principal.process.command_line" - Mapped "description" to "event.idm.read_only_udm.security_result.description". - Mapped "intermediary_ip" to "event.idm.read_only_udm.intermediary.ip". |