Change log for FORCEPOINT_FIREWALL
| Date | Changes |
|---|---|
| 2025-11-12 | Enhancement:
- event.idm.read_only_udm.security_result.rule_id: Removed mapping of `EventId` from `event.idm.read_only_udm.security_result.rule_id` as `RuleId` is more suitable for this field. - event.idm.read_only_udm.security_result.rule_id: Mapped `RuleId` raw log field to `event.idm.read_only_udm.security_result.rule_id`. - event.idm.read_only_udm.security_result.rule_name: Mapped `EventId` raw log field to `event.idm.read_only_udm.security_result.rule_name`. - event.idm.read_only_udm.security_result.rule_labels: Removed mapping of `RuleId` from `event.idm.read_only_udm.security_result.rule_labels` to eliminate redundant mapping. - event.idm.read_only_udm.additional.fields: Newly mapped `IcmpId` raw log field to `event.idm.read_only_udm.additional.fields` UDM field. |
| 2025-10-06 | Enhancement:
- event.idm.read_only_udm.target.hostname: Removed mapping of `CompId` from `event.idm.read_only_udm.target.hostname` because it was more suitable as an `intermediary` field. - event.idm.read_only_udm.intermediary.hostname: Mapped `CompId` raw log field to `event.idm.read_only_udm.intermediary.hostname`. - event.idm.read_only_udm.additional.fields: Newly mapped `SrcVlan`, `Srcif`, `Rtt`, `NatRuleId`, `ReceptionTime`, `SenderType` raw log fields to `event.idm.read_only_udm.additional.fields`. - event.idm.read_only_udm.security_result.rule_labels: Newly mapped `RuleId` raw log field to `event.idm.read_only_udm.security_result.rule_labels`. |
| 2025-02-11 | Enhancement:
- Changed "inter_hostname" mapping from "principal.hostname" and "principal.asset.hostname" to "intermediary.hostname" and "intermediary.asset.hostname". - Modified the Grok pattern to parse IP address to "intermediary.ip". |
| 2025-01-23 | Enhancement:
- Modified the Grok pattern to parse the unparsed logs. |
| 2024-12-04 | Enhancement:
- Modified "eventid" mapping from "metadata.product_log_id" to "security_result.rule_id". - Modified "log_id" mapping from "additional_fields" to "metadata.product_log_id". |
| 2024-11-13 | Enhancement:
- Mapped "eventid" to "metadata.product_log_id". - Moved "log_id" mapping from "metadata.product_log_id" to "additional_fields". |
| 2023-02-16 | Bug Fix
- Fixed the error when the target field is not set while generating event type "NETWORK_CONNECTION". - Modified the code to handle addition errors found in testing. |
| 2022-10-06 | Enhancement - Added condition to Map "NodeId" to "principal.ip" when "Src" and "Dst" is empty.
|
| 2022-06-27 | Enhancement - Following fields were added
Mapped "Action" to "security_result.action_details". Mapped "AccElapsed" to "network.session_duration.seconds". Mapped "Type" to "security_result.severity_details". Mapped security_result.severity as "LOW" for "Type" having value "Notification". |