Change log for TCPWAVE_DDI

Date	Changes
2025-12-02	Enhancement: SYSLOG raw log format: Added support for the SYSLOG raw log format. event.idm.read_only_udm.principal.process.file.full_path: Mapped filepath raw log field to event.idm.read_only_udm.principal.process.file.full_path. event.idm.read_only_udm.target.hostname: Mapped d_host raw log field to event.idm.read_only_udm.target.hostname. event.idm.read_only_udm.target.ip: Mapped d_ip raw log field to event.idm.read_only_udm.target.ip. event.idm.read_only_udm.target.mac: Mapped d_mac raw log field to event.idm.read_only_udm.target.mac. event.idm.read_only_udm.target.administrative_domain: Mapped d_domain raw log field to event.idm.read_only_udm.target.administrative_domain. event.idm.read_only_udm.network.dhcp.client_identifier: Mapped d_clientID raw log field to event.idm.read_only_udm.network.dhcp.client_identifier. security_result.description: Mapped des raw log field to security_result.description. event.idm.read_only_udm.src.hostname: Mapped src raw log field to event.idm.read_only_udm.src.hostname. event.idm.read_only_udm.src.mac: Mapped src_mac raw log field to event.idm.read_only_udm.src.mac. event.idm.read_only_udm.network.dhcp.chaddr: Mapped src_mac raw log field to event.idm.read_only_udm.network.dhcp.chaddr. event.idm.read_only_udm.intermediary.ip: Mapped int_ip raw log field to event.idm.read_only_udm.intermediary.ip. event.idm.read_only_udm.metadata.event_type: Set to NETWORK_DHCP for DHCP events. event.idm.read_only_udm.network.application_protocol: Set to DHCP for DHCP events. event.idm.read_only_udm.network.dhcp.type: Mapped DHCP message type from description field to event.idm.read_only_udm.network.dhcp.type. security_result.action: Set to BLOCK when the description field contains "rejected". event.idm.read_only_udm.additional.fields: Mapped DHCP pool-related fields to event.idm.read_only_udm.additional.fields.
2022-09-27	Newly created parser.

Date

Changes

2025-12-02

Enhancement:
SYSLOG raw log format: Added support for the SYSLOG raw log format.
event.idm.read_only_udm.principal.process.file.full_path: Mapped filepath raw log field to event.idm.read_only_udm.principal.process.file.full_path.
event.idm.read_only_udm.target.hostname: Mapped d_host raw log field to event.idm.read_only_udm.target.hostname.
event.idm.read_only_udm.target.ip: Mapped d_ip raw log field to event.idm.read_only_udm.target.ip.
event.idm.read_only_udm.target.mac: Mapped d_mac raw log field to event.idm.read_only_udm.target.mac.
event.idm.read_only_udm.target.administrative_domain: Mapped d_domain raw log field to event.idm.read_only_udm.target.administrative_domain.
event.idm.read_only_udm.network.dhcp.client_identifier: Mapped d_clientID raw log field to event.idm.read_only_udm.network.dhcp.client_identifier.
security_result.description: Mapped des raw log field to security_result.description.
event.idm.read_only_udm.src.hostname: Mapped src raw log field to event.idm.read_only_udm.src.hostname.
event.idm.read_only_udm.src.mac: Mapped src_mac raw log field to event.idm.read_only_udm.src.mac.
event.idm.read_only_udm.network.dhcp.chaddr: Mapped src_mac raw log field to event.idm.read_only_udm.network.dhcp.chaddr.
event.idm.read_only_udm.intermediary.ip: Mapped int_ip raw log field to event.idm.read_only_udm.intermediary.ip.
event.idm.read_only_udm.metadata.event_type: Set to NETWORK_DHCP for DHCP events.
event.idm.read_only_udm.network.application_protocol: Set to DHCP for DHCP events.
event.idm.read_only_udm.network.dhcp.type: Mapped DHCP message type from description field to event.idm.read_only_udm.network.dhcp.type.
security_result.action: Set to BLOCK when the description field contains "rejected".
event.idm.read_only_udm.additional.fields: Mapped DHCP pool-related fields to event.idm.read_only_udm.additional.fields.

2022-09-27

Newly created parser.