Change log for SQUID_WEBPROXY
Date | Changes |
---|---|
2024-11-04 | Enhancement:
- Added support to map data from JSON logs. - Mapped "region" to "principal.cloud.availability_zone". - Mapped "source_type" to "additional.fields". |
2024-09-11 | Enhancement:
- Mapped "when" to "metadata.event_timestamp" as primary timestamp. |
2024-08-15 | Enhancement:
- Mapped "timestamp_value" to "metadata.event_timestamp". |
2024-04-03 | Enhancement:
- Mapped "user_agent" to "network.http.user_agent". - Mapped "recv_bytes" to "network.received_bytes". - Mapped "sent_bytes" to "network.sent_bytes". - Mapped "src_port" to "principal.port". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". - Aligned mappings for "target.hostname" and "target.asset.hostname". |
2022-10-30 | Enhancement, Bug-fix:
- Added a Grok pattern to parse dropped logs. - Added a Grok pattern to map the hostname of the Squid proxy server to "intermediary.hostname". |
2022-09-19 | Enhancement:
- Parsed syslog of type squid. - Mapped "insertId" to "metadata.product_log_id". - Mapped "logName" to "target.process.file.full_path". - Mapped "instance_id" to "additional.fields". - Mapped "project_id" to "additional.fields". - Mapped "zone" to "additional.fields". - Mapped "type" to "additional.fields". - Mapped "agent.ephemeral_id" to "additional.fields". - Mapped "agent.hostname" to "principal.hostname". - Mapped "agent.version" to "metadata.product_version". - Mapped "host.mac" to "principal.mac". - Mapped "host.ip" to "principal.ip". - Mapped "event_action" to "security_result.action_details". - Mapped "event_message" to "metadata.description". - Mapped "host.architecture" to "principal.asset.hardware". - Mapped "host.id" to "principal.asset.asset_id". - Mapped "host.os.version" to "principal.platform_version". - Mapped "host.os.kernel" to "principal.platform_patch_level". - Mapped "host.os.codename" to "additional.fields". - Mapped "syslog_severity" to "security_result.severity_details". - Mapped "syslog_severity_code" to "security_result.severity". - Mapped "host.os.platform" to "principal.platform". - Mapped "log.file.path" to "target.process.file.full_path". |