Change log for F5_SILVERLINE
| Date | Changes |
|---|---|
| 2025-11-04 | - `event.idm.read_only_udm.intermediary.application`: Newly mapped `inter_application` raw log field with `event.idm.read_only_udm.intermediary.application` UDM field.
- Added a grok pattern to parse the log. - `event.idm.read_only_udm.metadata.description`: Newly mapped `msg1` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.principal.hostname`, `event.idm.read_only_udm.principal.asset.hostname`: Newly mapped `prin_host` raw log field with `event.idm.read_only_udm.principal.hostname`, `event.idm.read_only_udm.principal.asset.hostname` UDM field. - `event.idm.read_only_udm.principal.ip`, `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `prin_ip` raw log field with `event.idm.read_only_udm.principal.ip , `event.idm.read_only_udm.principal.asset.ip` UDM field. - `event.idm.read_only_udm.target.hostname`, `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `tar_host` raw log field with `event.idm.read_only_udm.target.hostname`, `event.idm.read_only_udm.target.asset.hostname` UDM field. - `event.idm.read_only_udm.network.tls.cipher`: Newly mapped `Cipher` raw log field with `event.idm.read_only_udm.network.tls.cipher` UDM field. - `event.idm.read_only_udm.principal.process.pid`: Newly mapped `process_pid` raw log field with `event.idm.read_only_udm.principal.process.pid` UDM field. - `event.idm.read_only_udm.security_result.rule_name`: Newly mapped `sec_rule_details` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `EventType` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.target.application`: Newly mapped `app` raw log field with `event.idm.read_only_udm.target.application` UDM field. - `event.idm.read_only_udm.network.session_id`: Newly mapped `session` raw log field with `event.idm.read_only_udm.network.session_id` UDM field. - `event.idm.read_only_udm.network.tls.client.certificate.serial`: Newly mapped `sn` raw log field with `event.idm.read_only_udm.network.tls.client.certificate.serial` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `type_value`, `idx`, `C_data`, `O_data`, `OU_data`, `CN_data`, `verify`, and `cn_data` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `syslog_priority` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. |
| 2025-08-06 | - Added support for the additional fields mapping to parse more fields.
- Renamed the existing field name from `src_ip` to `header_ip` in the grok pattern. - event.idm.read_only_udm.src.ip: Removed mapping of `src_ip` raw log field with `event.idm.read_only_udm.src.ip` UDM field in order to introduce a more accurate mapping for the raw log field. - event.idm.read_only_udm.intermediary.ip: Mapped `src_ip` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field - event.idm.read_only_udm.src.asset.ip: Removed mapping of `src_ip` raw log field with `event.idm.read_only_udm.src.asset.ip` UDM field in order to introduce a more accurate mapping for the raw log field. - event.idm.read_only_udm.intermediary.asset.ip: Mapped `src_ip` raw log field with `event.idm.read_only_udm.intermediary.asset.ip` UDM field. - event.idm.read_only_udm.intermediary.ip: Newly Mapped `x_forwarded_for_header_value` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field. - event.idm.read_only_udm.intermediary.asset.ip: Newly Mapped `x_forwarded_for_header_value` raw log field with `event.idm.read_only_udm.intermediary.asset.ip` UDM field. |
| 2025-07-24 | - Added support to parse the unparsed logs of SYSLOG logs.
- event.idm.read_only_udm.principal.url: Newly Mapped `host` raw log field with `event.idm.read_only_udm.principal.url` UDM field. - event.idm.read_only_udm.security_result.description: Newly Mapped `sub_violations` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - event.idm.read_only_udm.principal.application: Newly Mapped `web_application_name` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - event.idm.read_only_udm.target.url: Newly Mapped `uri` raw log field with `event.idm.read_only_udm.target.url` UDM field. - event.idm.read_only_udm.network.http.response_code: Newly Mapped `response_code` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field. - event.idm.read_only_udm.network.application_protocol: Newly Mapped `protocol` raw log field with `event.idm.read_only_udm.network.application_protocol` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `policy_name` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `http_class_name` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.network.http.method: Newly Mapped `method` raw log field with `event.idm.read_only_udm.network.http.method` UDM field. - event.idm.read_only_udm.principal.ip: Newly Mapped `ip_client` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly Mapped `ip_client` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.location.name: Newly Mapped `geo_location` raw log field with `event.idm.read_only_udm.principal.location.name` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly Mapped `request_status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly Mapped `support_id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.principal.location.name: Newly Mapped `client_ip_geo_location` raw log field with `event.idm.read_only_udm.principal.location.name` UDM field. - event.idm.read_only_udm.principal.url: Newly Mapped `client_request_uri` raw log field with `event.idm.read_only_udm.principal.url` UDM field. - event.idm.read_only_udm.src.port: Newly Mapped `src_port` raw log field with `event.idm.read_only_udm.src.port` UDM field. - event.idm.read_only_udm.security_result.rule_id: Newly Mapped `rule` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `reason` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `protocol` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.ip: Newly Mapped `t_ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly Mapped `t_ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `mitigation` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.port: Newly Mapped `dst_port` raw log field with `event.idm.read_only_udm.target.port` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `countermeasure` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly Mapped `blacklisted` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.src.ip: Newly Mapped `src_ip` raw log field with `event.idm.read_only_udm.src.ip` UDM field. - event.idm.read_only_udm.src.asset.ip: Newly Mapped `src_ip` raw log field with `event.idm.read_only_udm.src.asset.ip` UDM field. - event.idm.read_only_udm.principal.ip: Newly Mapped `addr` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly Mapped `addr` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.metadata.timestamp: Newly Mapped `ts` raw log field with `event.idm.read_only_udm.metadata.timestamp` UDM field. |
| 2024-08-12 | - Added support to parse JSON logs.
|
| 2024-06-18 | - Newly created parser.
|