Change log for WAZUH
Date | Changes |
---|---|
2024-09-12 | Enhancement:
- Mapped "data.win.eventdata.status", "data.win.eventdata.logonGuid" to "additional.fields". - Mapped "data.win.eventdata.ipPort" to "target.port". - Mapped "data.win.eventdata.serviceName" to "target.resource.name". - Mapped "data.win.eventdata.ipAddress" to "target.ip" and "target.asset.ip". |
2024-08-08 | Enhancement:
- Mapped "data.win.eventdata.logonType" to "additional.fields". - Mapped "data.win.system.providerGuid" to "principal.resource.id". - Mapped "data.win.system.opcode" to "additional.fields". - Mapped "data.win.system.version" to "additional.fields". - Mapped "data.win.system.task" to "additional.fields". - Mapped "data.win.system.threadID" to "additional.fields". - Mapped "data.win.system.providerName" to "additional.fields". - Mapped "data.win.system.processID" to "principal.process.pid". - Mapped "data.win.eventdata.targetLogonId" to "additional.fields". - Mapped "data.win.eventdata.targetDomainName" to "target.administrative_domain". - Mapped "data.win.eventdata.targetUserName" to "target.user.userid". - Mapped "data.win.eventdata.targetUserSid" to "target.user.windows_sid". - Mapped "data.win.system.eventRecordID" to "additional.fields". - Mapped "data.win.system.keywords" to "additional.fields". - Mapped "data.win.system.channel" to "additional.fields". - Mapped "data.win.system.eventID" to "metadata.product_event_type". - Mapped "data.win.system.computer" to "principal.asset.hostname" and "principal.hostname". - Mapped "data.win.system.level" to "security_result.severity". |
2024-03-04 | Enhancement:
- Added support for SVROSSEC syslog logs. - Mapped "file_path" to "target.file.full_path". - Mapped "registry_key" to "target.registry.registry_key". - Mapped "user_name" to "principal.user.userid". - Mapped "log_description" to "metadata.description". - Mapped "action_data" to "security_result.action_details". - Mapped "src_host" to "principal.hostname". - Mapped "rule_id" to "security_result.rule_id". - Mapped "classification" to "security_result.detection_fields". - Mapped "rule_summary" to "security_result.summary". - Aligned mappings for "principal.hostname" and "principal.asset.hostname". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". |
2023-07-17 | - Added a Grok pattern to parse unparsed syslog logs.
- Added null check for "predecoder.hostname". |
2022-10-14 | - Increased parsing percentage.
- Added support to parse syslog pattern. |