Stay organized with collections Save and categorize content based on your preferences.

Change log for SYMANTEC_WSS

Date Changes
2022-08-29 Enhancement -
- Added grok pattern to parse syslog logs.
- Mapped field "supplier_country" to "principal.location.country_or_region".
- Added conditional check for fields "product_data.x-cs-connection-negotiated-cipher","product_data.x-bluecoat-transaction-uuid","product_data.r-supplier-country","product_ver","product_data.x-cs-client-ip-country","product_name".
- Added error check for field "product_data.sc-filter-result"
- Mapped field "src_ip" to "principal.ip".
- Mapped field "uri_scheme" to "network.application_protocol".
- Mapped field "uuid" to metadata.product_log_id".
- Mapped field "cs_connection_negotiated_cipher" to "network.tls.cipher".
- Mapped field "certificate_hostname" to "tls.client.server_name".
- Mapped field "cs_ssl_version" to "network.tls.version_protocol".
- Mapped field "certificate_validate" to "network.tls.server.certificate.subject".
- Mapped field "cs_icap_status" to "security_result.description".
- Mapped field "sent_bytes" to "network.sent_bytes".
- Mapped field "received_bytes" to "network.received_bytes".
- Mapped field "device_name" to "target.resource.name".
- Mapped field "device_id" to "target.resource.id".
- Mapped field "agent_type" to "observer.application".
- Mapped field "os_version" to "observer.platform_version".
- Mapped field "s_action" to "metadata.description".