February 14th, 2025 - Content Release
This content release includes:
- New and updated mappers and parsers for Carbon Black, Cisco ISE, Cisco Umbrella, PAN Firewall CSV and LEEF, and Signal Science (Fastly) WAF.
- ❤️
Changes are enumerated below.
Log Mappers
- [New] Carbon Black Cloud - alert event
- [Updated] Cisco ISE Radius Diagnostics
- Supports additional Radius Diagnostic messages.
- [Updated] Cisco Umbrella DNS Logs
- Adds
dstDevice_ip,normalizedAction, anduser_email.
- Adds
- [Updated] Cisco Umbrella IP Logs
- Adds alternate value for
dstDevice_ipand addsuser_email.
- Adds alternate value for
- [Updated] Cisco Umbrella Proxy Logs
- Adds
user_email.
- Adds
Parsers
- [Updated] /Parsers/System/VMware/Carbon Black Cloud
- Adds support for alert event event ID.
- [Updated] /Parsers/System/Cisco/Cisco ISE
- Adds key value parsing for descriptions.
- [Updated] /Parsers/System/Cisco/Cisco Umbrella CSV
- Adds a transform for capturing email addresses.
- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
- Modifies
parse_system_format_1regular expression to support additional events.
- Modifies
- [Updated] /Parsers/System/Palo Alto/PAN Firewall LEEF
- Normalizes parsing of subtype to have consistent case.
- [Updated] /Parsers/System/Signal Science/Signal Science WAF
- Adds additional timestamp handling.