Change log for SECURELINK
| Date | Changes |
|---|---|
| 2025-04-02 | Enhancement:
- Added a Grok pattern to parse syslog logs. - Added a condition check before mapping "resource_name" to "event.idm.read_only_udm.network.application_protocol". - When "method" is "DELETE", then assigned "target_host" to "principal_host". |
| 2023-09-13 | Enhancement:
- Added a Grok pattern to parse syslog logs. - Mapped "msg" to "metadata.description". - Mapped "dst_ip" to "target.ip". - Mapped "src_ip" to "principal.ip". - Mapped "proto" to "network.ip_protocol". - Mapped "priority" to "security_result.severity_details". - Mapped "classification" to "additional.fields". - Mapped "url" to "target.url". |
| 2023-08-09 | Bug-Fix:
- Modified Grok pattern to parse the "key" field. |
| 2022-07-13 | Enhancement:
- Modified grok pattern to parse "systemd", "journal", "sshd", "sudo", "su", "CROND", "suricata", "ntpd", "kernel", "suricata-config", "stunnel" logtypes. - Changed metadata.event_type from "GENERIC_EVENT" to "STATUS_UPDATE" where principal.hostname is not null. - Changed metadata.event_type from "GENERIC_EVENT" to "USER_UNCATEGORIZED" where target.user.userid is not null. |