Change log for RADWARE_FIREWALL
| Date | Changes |
|---|---|
| 2024-09-17 | Enhancement:
- Added support to map all "src_ip" to "principal.ip" and "principal.asset.ip". - Added support to map all "dst_ip" to "target.ip" and "target.asset.ip". |
| 2024-07-23 | Enhancement:
- Added Grok patterns to parse a new pattern of syslog logs. |
| 2024-06-18 | Enhancement:
- Reordered the Grok patterns to optimize the parsing time. |
| 2024-06-11 | Enhancement:
- Added Grok patterns to parse unparsed logs. |
| 2023-12-08 | Enhancement:
- Modified a Grok pattern to properly parse "src_ip". |
| 2023-11-23 | Enhancement:
- Added new Grok patterns to support new unparsed pattern of SYSLOGS. - Added support for new date pattern of "ts". - Initialized "attack_type", "attack_desc", "protocol_number_src", "security_result", "action", "product" to null. - Added null check to "product" before mapping to "event.idm.read_only_udm.metadata.product_name". - Added null check to "rule_id" before mapping to "event.idm.read_only_udm.security_result.rule_id". - Added null check to "attack_desc" before mapping to "event.idm.read_only_udm.security_result.description". - Added null check to "attack_type" before mapping to "event.idm.read_only_udm.security_result.threat_name". - Mapped "username" to "event.idm.read_only_udm.principal.user.userid". - Mapped "command" to "event.idm.read_only_udm.principal.process.command_line" - Mapped "description" to "event.idm.read_only_udm.security_result.description". - Mapped "intermediary_ip" to "event.idm.read_only_udm.intermediary.ip". |