Change log for A10_LOAD_BALANCER
| Date | Changes |
|---|---|
| 2025-07-09 | Enhancement:
- Added Grok patterns to parse unparsed logs. - Added XML support to parse new format of logs. - event.idm.read_only_udm.metadata.description: Newly mapped `desc` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `target_user` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.security_result.rule_name: Newly mapped `rule_name` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM field. - event.idm.read_only_udm.security_result.severity: Newly mapped `vendor_severity` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `facility` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.intermediary.ip and event.idm.read_only_udm.intermediary.asset.ip: Newly mapped `proxy_machine_ip` raw log field with `event.idm.read_only_udm.intermediary.ip` and `event.idm.read_only_udm.intermediary.asset.ip` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `event_dt` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.event_type: - Setting `event.idm.read_only_udm.metadata.event_type` to `USER_LOGOUT` if `has_principal` is `true` and `has_target_user` is `true` and `desc` is similar to `logout`. - Setting `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED` if `has_target_user` is `true`. |
| 2024-12-27 | Enhancement:
- Added Grok patterns to parse unparsed logs. - Added a KV block to parse the logs. - Mapped "prin_host" to "principal.hostname" and "principal.asset.hostname". - Mapped "app" to "target.application". - Mapped "device_version" to "metadata.product_version". - Mapped "device_vendor" to "metadata.vendor_name". - Mapped "device_product" to "metadata.product_name". - Mapped "event_name" and "device_event_class_id" to "metadata.product_event_type". - Mapped "severity" to "security_result.severity". - Mapped "src" to "principal.ip" and "principal.asset.ip". - Mapped "spt" to "principal.port". - Mapped "dst" to "target.ip" and "target.asset.ip". - Mapped "dpt" to "target.port". - Mapped "msg" to "metadata.description". - Mapped "suser" to "principal.user.user_display_name". - Mapped "act" and "cn1" to "additional.fields". - Mapped "method" to "network.http.method". - Mapped "app_proto" to "network.application_protocol". - Mapped "tls_version" to "network.tls.version". |
| 2024-01-28 | - Newly created parser.
|