Change log for WAZUH
| Date | Changes |
|---|---|
| 2024-12-04 | Enhancement:
- Mapped "data.audit.type", "data.audit.id", "data.audit.arch", "data.audit.syscall", "data.audit.success", "data.audit.exit", "data.audit.ppid", "data.audit.pid", "data.audit.tid", "data.audit.auid", "data.audit.uid", "data.audit.gid", "data.audit.euid", "data.audit.suid", "data.audit.fsuid", "data.audit.egid", "data.audit.sgid", "data.audit.fsgid", "data.audit.tty", "data.audit.session", "data.audit.command", "data.audit.exe", "data.audit.key", "data.audit.execve.a0", "data.audit.execve.a1", "data.audit.cwd", "data.audit.file.name", "data.audit.file.inode" , and "data.audit.file.mode" to "additional.fields". - Mapped "data.command" to "target.process.file.full_path". |
| 2024-09-12 | Enhancement:
- Mapped "data.win.eventdata.status", "data.win.eventdata.logonGuid" to "additional.fields". - Mapped "data.win.eventdata.ipPort" to "target.port". - Mapped "data.win.eventdata.serviceName" to "target.resource.name". - Mapped "data.win.eventdata.ipAddress" to "target.ip" and "target.asset.ip". |
| 2024-08-08 | Enhancement:
- Mapped "data.win.eventdata.logonType" to "additional.fields". - Mapped "data.win.system.providerGuid" to "principal.resource.id". - Mapped "data.win.system.opcode" to "additional.fields". - Mapped "data.win.system.version" to "additional.fields". - Mapped "data.win.system.task" to "additional.fields". - Mapped "data.win.system.threadID" to "additional.fields". - Mapped "data.win.system.providerName" to "additional.fields". - Mapped "data.win.system.processID" to "principal.process.pid". - Mapped "data.win.eventdata.targetLogonId" to "additional.fields". - Mapped "data.win.eventdata.targetDomainName" to "target.administrative_domain". - Mapped "data.win.eventdata.targetUserName" to "target.user.userid". - Mapped "data.win.eventdata.targetUserSid" to "target.user.windows_sid". - Mapped "data.win.system.eventRecordID" to "additional.fields". - Mapped "data.win.system.keywords" to "additional.fields". - Mapped "data.win.system.channel" to "additional.fields". - Mapped "data.win.system.eventID" to "metadata.product_event_type". - Mapped "data.win.system.computer" to "principal.asset.hostname" and "principal.hostname". - Mapped "data.win.system.level" to "security_result.severity". |
| 2024-03-04 | Enhancement:
- Added support for SVROSSEC syslog logs. - Mapped "file_path" to "target.file.full_path". - Mapped "registry_key" to "target.registry.registry_key". - Mapped "user_name" to "principal.user.userid". - Mapped "log_description" to "metadata.description". - Mapped "action_data" to "security_result.action_details". - Mapped "src_host" to "principal.hostname". - Mapped "rule_id" to "security_result.rule_id". - Mapped "classification" to "security_result.detection_fields". - Mapped "rule_summary" to "security_result.summary". - Aligned mappings for "principal.hostname" and "principal.asset.hostname". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". |
| 2023-07-17 | - Added a Grok pattern to parse unparsed syslog logs.
- Added null check for "predecoder.hostname". |
| 2022-10-14 | - Increased parsing percentage.
- Added support to parse syslog pattern. |