Change log for SYMANTEC_DLP
| Date | Changes |
|---|---|
| 2024-03-10 | Enhancement:
- Added new Grok patterns to parse logs of new SYSLOG formats. - Mapped "server" to "target.application". - Mapped "url" to "target.url". - Mapped "dataowner_mail" to "principal.user.email_addresses". - Mapped "reported_on" and "monitor_name" to "additional.fields". - Mapped "sender" to "network.email.from". - Mapped "subject" to "network.email.subject". |
| 2024-02-20 | Enhancement:
- Mapped "blocked" to "security_result.action_details" and "security_result.action". |
| 2024-01-12 | Enhancement:
- Mapped "incident_id" and "DLP_EP_Incident_ID" to "security_result.detection_fields". - Added a Grok pattern to parse logs of new SYSLOG formats. - Mapped "location" to "principal.resource.attribute.labels". - Mapped "target_type" to "target.resource.attribute.labels". |
| 2023-12-06 | Enhancement:
- Added a Grok pattern to parse logs of new formats. - Mapped "application" to "principal.application". - Mapped "application_name" to "target.application". - Mapped "policy_name" to "security_result.detection_fields". |
| 2023-09-02 | Enhancement:
- Added support to parse failing logs and mapped the fields accordingly. |
| 2023-08-17 | Enhancement:
- Mapped "Occurred on" to "principal.labels". - When "act" is "Modified", set "security_result.action" to "ALLOW_WITH_MODIFICATION". - Mapped "status" to "principal.labels". |