Change log for WINDOWS_DNS
| Date | Changes |
|---|---|
| 2024-06-25 | - Added support for logs with CSV data in the "Message" field.
|
| 2024-06-19 | - Modified the Grok pattern to parse the logs in JSON format.
- Added support for new XML logs, which get ingested from the BindPlane agent. |
| 2024-05-28 | Enhancement:
- Mapped "dns_record_type" to "additional.fields". |
| 2024-05-15 | Added additional mappings for deprecated "noun.labels". |
| 2024-04-17 | - Updated mapping of "EventReceivedTime" and "EventTime" raw log fields.
|
| 2024-03-13 | - Parsed data from "ANSWER SECTION" in the log.
- Update mapping of "metadata.event_timestamp" UDM field. |
| 2024-02-14 | - Parsed debug data from the log.
|
| 2024-01-18 | - Added support for the text format log containing debug data.
- Added support for logs containing the date in the German format |
| 2023-12-13 | Added support for logs containing Chinese characters. |
| 2023-11-29 | - Aligned "principal/target.hostname" and "principal/target.asset.hostname" mapping.
|
| 2023-10-18 | Added support for the text format. |
| 2023-10-04 | Added validation before mapping the "sysloghost" to the "principal.hostname". |
| 2023-08-23 | Used "on_error" function to prevent error due to double UDM mapping. |
| 2023-06-28 | - Added support for escape characters (for example, '\r\n') in NXLog "im_file" module logs.
- Changed mapping for data from answer section of message field and mapped other answer section data as well for DNS record requests of type "A", "AAAA" and "PTR". - Deleted a dot "." at the end of domain name for Microsoft Windows DNS logs |
| 2023-05-31 | - For DNS record requests of type A, AAAA and PTR, extracted data from answer section of 'message' field and mapped it.
- Mapped 'network.dns.questions.name' value to 'target.hostname'. |
| 2023-05-02 | Added support for DNS record requests of type A, AAAA and PTR. |
| 2023-02-15 | Added a grok pattern to handle date format(MM-DD-YYYY) and time format without AM/PM. |
| 2022-07-08 | Prioritized mapping events with STATUS_UPDATE instead of GENERIC_EVENT where "principal.ip" or "target.ip" or "principal.hostname" are not null. |
| 2022-05-11 | Added support for Syslog header+JSON format. |
| 2022-04-13 | Formal launch of Chronicle's Windows DNS parser. This represents a comprehensive refresh to Windows DNS parsing, and is built from the ground up for improved stability, coverage, and efficacy. |