Stay organized with collections Save and categorize content based on your preferences.

Change log for SURICATA_IDS

Date Changes
2022-07-07 Enhancement -
When "event_type" is equal to "snmp".
- Mapped "in_iface" to "security_result.rule_labels".
- Mapped "community_id" to "security_result.rule_labels".
- Mapped "snmp.pdu_type" to "additional.fields".
- Mapped "snmp.community" to "additional.fields".
- Added for loop for "snmp.vars" and mapped it to "additional.fields".
When "event_type" is equal to "rdp".
- Mapped "sr_action" to "security_result.action".
- Mapped "in_iface" to "security_result.rule_labels".
- Mapped "community_id" to "security_result.rule_labels".
2022-06-13 Bug - Following changes are made to this parser-
1) Fixed unparsed logs of event_type "alert".
2) Mapped missing alert event_type fields.
3) Modified the parser to eliminate old format related to sdm.proto and changed the parser entirely as per udm.proto
2022-05-23 Enhancement - Added mapping for following alert fields:
Mapped 'in_iface' to 'target.resource.attribute.labels'.
Mapped 'vlan' to 'target.resource.attribute.labels'.
Mapped 'src_ip' to 'principal.ip'.
Mapped 'src_port' to 'principal.port'.
Mapped 'dest_ip' to 'target.ip'.
Mapped 'dest_port' to 'target.port'.
Mapped 'proto' to 'network.ip_protocol'.
Mapped 'alert.action' to 'security_result.action'.
Mapped 'alert.gid' to 'target.resource.attribute.labels'.
Mapped 'alert.signature_id' to 'target.resource.attribute.labels'.
Mapped 'alert.rev' to 'target.resource.attribute.labels'.
Mapped 'alert.signature' to 'target.resource.attribute.labels'.
Mapped 'alert.category' to 'security_result.threat_name'.
Mapped 'alert.severity' to 'security_result.severity'.
Mapped 'alert.metadata.affected_product' to 'target.resource.attribute.labels'.
Mapped 'alert.metadata.attack_target' to 'target.resource.attribute.labels'.
Mapped 'alert.metadata.deployment' to 'target.resource.attribute.labels'.
Mapped 'alert.metadata.former_category' to 'target.resource.attribute.labels'.
Mapped 'alert.metadata.signature_severity' to 'target.resource.attribute.labels'.
Mapped 'flow.pkts_toserver' to 'target.resource.attribute.labels'.
Mapped 'flow.pkts_toclient' to 'target.resource.attribute.labels'.
Mapped 'flow.bytes_toserver' to 'network.sent_bytes'.
Mapped 'flow.bytes_toclient' to 'network.received_bytes'.
Mapped 'payload' to 'additional.fields'.
Mapped 'alert.metadata.updated_at' with the format "yyyy-MM-dd" to 'date'(metadata.event_timestamp).