Change log for SYSDIG
| Date | Changes |
|---|---|
| 2025-01-16 | Enhancement:
- Mapped "content_entityPayload.items.items", "content_entityPayload.channels", "content_entityPayload.connectionInfo.chronicleCustomerId", "content_entityPayload.connectionInfo.region", "content_entityPayload.customer.accessKey", "content_entityPayload.products", and "content_entityPayload_status" to "additional.fields". - Mapped "content_entityPayload.firstName" to "principal.user.first_name". - Mapped "content_entityPayload.lastName" to "principal.user.last_name". - Mapped "teamrole.teamName" to "principal.group.group_display_name". - Mapped "teamrole.role" to "principal.user.role_name". - Mapped "teamrole.userName" to "principal.user.user_display_name". |
| 2024-12-20 | Enhancement:
- Mapped "content_entityPayload.details.exceptions", "content_entityPayload.compression", "content_entityPayload.reportFormat", "content_entityPayload.reportType", "content_entityPayload.filters.conditionFilters.vulnName.value", and "content_entityPayload.notificationChannels" to "additional.fields". |
| 2024-11-07 | Enhancement:
- Mapped "content.queryString", "content.entityType", "content_entityPayload.id", "content_entityPayload.name", "content_entityPayload.version", "content_entityPayload.details.priority", and "content_entityPayload.details.ruleType" to "additional.fields". - Mapped "content_entityPayload.description" to "security_result.summary". |
| 2024-10-01 | Enhancement:
- Added support for new pattern of JSON logs. |
| 2024-07-08 | Enhancement:
- Added conditional check for MAC address. - Added support to handle JSON logs. |
| 2024-06-12 | Enhancement:
- Added support to handle unparsed JSON logs. |
| 2024-01-05 | - When "severity" is 0, 1, 2, 3, then changed mapping of "security_result.severity" from "LOW" to "HIGH".
- When "severity" is 6, then changed mapping of "security_result.severity" from "HIGH" to "LOW". - When "severity" is 7, then changed mapping of "security_result.severity" from "HIGH" to "INFORMATIONAL". - Added "drop" for logs not in JSON format. - Added "on_error" to "timestampRFC3339Nano" date mapping. |
| 2022-10-07 | Newly created parser.
|