Release History

Enhancements - Supports parsing and log schema for `block_log` of U 2.1 model - Added `unknown` in the logger model

First release - Support Events Feed logger.

Improvements - Added support for `RT_SCREEN_IP` log parsing - Added support for `JunOS 21` session deny log parsing Bug Fixes - Fixed `session_id` field type (string → 64-bit int) - Normalized action field values to uppercase

Improvements - Supports parsing of new syslog format (e.g. node=... srcip=... role=... sessionid=...) - Added normalized message codes - ivanti-vpn-auth: `ADM20664` - ivanti-vpn-tunnel: `NWC32001`

- Added query commands `eprism-add-user-rule`, `eprism-delete-user-rule` - Fixed parsing error for field values enclosed in quotes

Improvements - Added DAG IP management commands and block integration - paloalto-ngfw-register-ip: Register a single IP tag (Block) - paloalto-ngfw-unregister-ip: Unregister a single IP tag - paloalto-ngfw-registered-ips: View the list of registered IPs - paloalto-ngfw-register-ip-batch: Bulk register IPs based on input records - paloalto-ngfw-unregister-ip-batch: Bulk unregister IPs based on input records - Added HTTP proxy configuration options

Enhancements - Handle undefined fields to prevent total parsing failure - Optimize parser performance

Fix query failure when using field function

First Release - Supports log schema, JDBC logger model, and dashboard for ADT CAPS Access Control Log

Added 13 extended commands for Flow collaboration tool integration - flow-bots: Retrieve a list of notification bots - flow-departments: Retrieve a list of departments - flow-employees: Retrieve a list of members - flow-send-notification: Send a single notification - flow-send-notification-batch: Send notifications in batch - flow-activate-employee: Activate a member - flow-activate-employee-batch: Activate members in batch - flow-deactivate-employee: Deactivate a member - flow-deactivate-employee-batch: Deactivate members in batch - flow-create-post: Create a post - flow-create-post-batch: Create posts in batch - flow-create-task: Create a task - flow-create-task-batch: Create tasks in batch

Bug fix - Fixed an issue where copies created by sonar-clone-dashboards, sonar-clone-datasets, and sonar-clone-widgets were deleted during app reinstallation.

Added Endpoint Filters for SentinelOne Application Risk - Endpoint Name, Endpoint UUID

Support for SentinelOne Cloud Funnel log collector and a dedicated UI - New log schemas: sentinelone-application-endpoint, sentinelone-application-risk, sentinelone-cross-process-event, sentinelone-dns-event, sentinelone-file-event, sentinelone-group-event, sentinelone-indicator-event, sentinelone-login-event, sentinelone-process-event, sentinelone-registry-event, sentinelone-scheduled-task-event, sentinelone-session, sentinelone-threat, sentinelone-threat-notes, sentinelone-threat-timeline, sentinelone-vuln-event, sentinelone-webfilter - New query commands: sentinelone-add-threat-note, sentinelone-app-cves, sentinelone-app-endpoints, sentinelone-app-risks, sentinelone-delete-threat-note, sentinelone-events, sentinelone-query, sentinelone-star-custom-rules, sentinelone-threat-notes, sentinelone-threat-timeline, sentinelone-threats, sentinelone-update-threat-note

Fixed WAF Log Parser: - Resolved errors handling the **responseCodeSent** field.

Feature Improvements - New Event Support: Added support for the system_monitor event type. - Audit Log Expansion: Extended the fields for system_event audit logs. - Resource Monitoring: Implemented per-core CPU usage parsing for system_resource. - Schema Update: Added new fields for Event Log v1.1.7. - Stability Enhancements: Improved logger model structure and parser stability. - Data Integrity: Enhanced field type accuracy and standardized (normalized) field names. - UI/UX: Updated the dashboard.

Support for commands to search for employees and departments

First Release - Provides parser, logger model, log schema, and dashboard for AXGATE SSLVPN logs - Supports parsing of USERAUTH, AUDIT, and SESSION logs

Add S3 DNS, audit log collector, and dashboards

Bugfix - Implement multi-profile guard for batch commands

Feature Enhancements - Expanded Command Support: Added 13 new extended commands and integrated blocking synchronization. - CEF Log Support: Now supports a CEF (Common Event Format) log parser. - Needs Logpresso Sonar version 4.0.2502.0 or above.