Change log for STEELHEAD
| Date | Changes |
|---|---|
| 2024-06-11 | Enhancement:
- Added a Grok pattern to parse unparsed logs. - Mapped "cmd_line" to "principal.process.command_line". - Mapped "userid" to "principal.user.userid". |
| 2024-04-12 | Enhancement:
- Added Grok patterns to support new pattern of SYSLOG logs. |
| 2024-01-12 | Enhancement:
- Added Grok patterns to support new pattern of SYSLOG logs. |
| 2022-08-08 | Enhancement:
- The field "agent.ephemeral_id" is mapped to "additional.fields[n]". - The field "tags" is mapped to "additional.fields[n].list_value[n]". - The field "logstash.irm_environment" is mapped to "additional.fields[n]". - The field "logstash.irm_site" is mapped to "additional.fields[n]". - The field "logstash.irm_region" is mapped to "additional.fields[n]". - The field "host.hostname" is mapped to "target.hostname". - The field "host.id" is mapped to "target.asset_id". - The field "host.architecture" is mapped to "target.asset.hardware[n].cpu_platform". - The field "host.ip[n]" is mapped to "target.ip". - The field "host.mac[n]" is mapped to "target.mac". - The field "host.os.platform" is mapped to "target.platform". - The field "host.os.version" is mapped to "target.platform_version". - The field "host.os.kernel" is mapped to "target.platform_patch_level". - The field "agent.type" and "agent.id" are mapped to "intermediary.asset_id". - The field "event.category[n]" is mapped to "security_result.category_details[n]". - The field "syslog_severity" is mapped to "security_result.severity" and "security_result.severity_details". - The field "network.community_id" is mapped to "network.community_id". - The field "logstash.ingest.timestamp" is mapped to "metadata.ingested_timestamp". - The field "logstash.collect.host" is mapped to "observer.hostname" or "observer.ip" accordingly. |