Package f5networks/bigip Release Notes

Package f5networks/bigip Release Notes Version 2.5.2

  • Removed timezone parameter from timestamp parsing functions to use system default timezone handling

Package f5networks/bigip Release Notes Version 2.5.1

  • Updated ECS version to 9.1.0 and CPS version to 1.1.0

  • Enhanced audit log parsing to specifically extract cmd_data from Vendor.audit_info for complete command data capture

  • Added new test case for AUDIT log format with cmd_data field extraction

Package f5networks/bigip Release Notes Version 2.5.0

  • Enhanced SSH session handling with improved user extraction for login success and failure events

  • Improved audit log parsing with better key-value pair handling for complex field structures

  • Fixed regex patterns for SSH connection events to properly handle multiple connection scenarios

  • Added support for additional OS logger formats including TLS version and cipher information

  • Enhanced field coalescing for better data extraction from multiple potential sources

Package f5networks/bigip Release Notes Version 2.4.0

  • Added support for F5 ASM Bot Defense logs

  • Fixed array handling for host.ip and observer.ip fields

  • Improved event severity mapping based on Vendor.severity field

  • Fixed source.ip extraction in APM invalid host header detection

  • Enhanced event type categorization for APM non-existent session events

  • Added lowercase normalization for network.transport field

Package f5networks/bigip Release Notes Version 2.3.2

  • Fixed field mapping to use direct assignment instead of rename function for better performance

Package f5networks/bigip Release Notes Version 2.3.1

  • Fixed VLAN ID parsing in connection error and SSL handshake failure events

Package f5networks/bigip Release Notes Version 2.3.0

  • Added support for F5 BIG-IP logs in Splunk format (HTTP traffic, load balancer failures, DNS requests/responses)

  • Fixed IP address field mapping to correctly populate source.ip, destination.ip, and server.ip fields

  • Improved timestamp parsing to support additional formats

  • Enhanced key-value parsing with better handling of empty fields

Package f5networks/bigip Release Notes Version 2.2.0

  • Added support for F5 Advanced Firewall Module (AFM) logs

  • Improved ASM event categorization for better threat detection

  • Updated ECS version to 8.17.0

Package f5networks/bigip Release Notes Version 2.1.1

  • Updates initial regex to accept events without processid

Package f5networks/bigip Release Notes Version 2.1.0

  • Improves the field extraction and performance.

  • Update invalid values for event.type field to comply with ECS.

  • Bumps ecs.version to 8.16.0.

Package f5networks/bigip Release Notes Version 2.0.0

  • Now supports all BIG-IP events: ASM, APM, DNS, LTM as well as BIG-IP System and OS logs.

  • Improves CPS categorization and normalization.

  • Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Package f5networks/bigip Release Notes Version 1.0.0

  • Adds new event.module and Cps.version fields

  • Removes the Product field

  • Sets following tags: Cps.version , Vendor , ecs.version , event.dataset , event.kind , event.module , event.outcome , observer.type