Change log for CORELIGHT
| Date | Changes |
|---|---|
| 2025-07-29 | - `conn_agg`: Added support for the event `conn_agg` and relevant corresponding raw log fields.
- `dns_agg`: Added support for the event `dns_agg` and relevant corresponding raw log fields. - `files_agg`: Added support for the event `files_agg` and relevant corresponding raw log fields. - `http_agg`: Added support for the event `http_agg` and relevant corresponding raw log fields. - `ssl_agg`: Added support for the event `ssl_agg` and relevant corresponding raw log fields. - `weird_agg`: Added support for the event `weird_agg` and relevant corresponding raw log fields. - Handled `extracted` raw log field for files_red event. |
| 2025-04-23 | Modified the static value of "security_result.summary" UDM field from "Providioned" to "Provisioned" for the event "ssh". |
| 2025-04-08 | Updated principal.hostname mapped as per the new event_type validation. |
| 2024-09-20 | Added support for new fields of these log types(v27.12) |
| 2024-09-20 | Added support for new fields of these log types(v27.12) |
| 2024-09-20 | Added support for new fields of these log types(v27.12) |
| 2024-08-23 | Modifying severity based on raw rule. |
| 2024-07-26 | Added support for new fields of updated schema of suricata_corelight. |
| 2024-06-19 | Extracted the key and value based on the delimiter and mapped it accordingly. |
| 2024-05-01 | Added support for mapping of base64 decoded value of 'payload' and 'packet' fields into "about.labels". |
| 2024-02-26 | Added support for mapping of '_write_ts' and 'extracted' fields. |
| 2024-02-14 | Update the mapping for "network.dns.response" UDM field. |
| 2023-12-13 | Added support for updated suricata, corelight_metrics_*, intel log type and validation for "entity_type". |
| 2023-11-29 | Aligned 'principal/target.hostname' and 'principal/target.asset.hostname' mapping. |
| 2023-10-04 | Added mapping for "network.tls.certificate.md5", "network.tls.certificate.sha1", and "network.tls.certificate.sha256". |
| 2023-06-13 | Enhanced existing parser. |
| 2023-06-09 | Mapped 'assigned_addr' to 'network.dhcp.ciaddr'.
|
| 2022-04-23 | Added normalization for Suricata Eve alerts.
|