Package cisco/umbrella Release Notes

Package cisco/umbrella Release Notes Version 1.2.0
  • Bug fix: Updates the default event.kind field to event to ensure compliance with CPS standard.

  • Updates the interface.id field to have a valid prefix (observer.inbound or observer.outbound) based on the direction of data flow, to comply with CPS.

Package cisco/umbrella Release Notes Version 1.1.0
  • Improves the field extraction and performance.

  • Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

  • Adds source.ip, event.action, destination.domain, event.type and rule.uuid fields and more.

  • Renames the fields under the Vendor namespace from the camelcase to snakecase. It's a breaking change so don't update to this version in case your queries rely on the Vendor specific fields

  • Adds support of Firewall logs, Data Loss Prevention (DLP) logs and Intrudion Prevention (IPS) logs.

  • Renames the parser to cisco-umbrella.

Package cisco/umbrella Release Notes Version 1.0.0
  • Adds new event.module and Cps.version fields

  • Removes the Product, related.user and related.ip fields

  • Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type