Support BLUEMAX NGF v3.5.1 firmware.
- Added fw_rule_dir field when parsing fw4_allow, fw4_deny, fw6_allow, fw6_deny log types.
- Changed start_time, end_time field types to date type.
- Changed device_ip field type to IP address type.
Support Genian NAC REST API changes
- Field name changes: IP -> NL_IPSTR, MAC -> NL_MAC, SS_STATUS -> NL_STATUS, Hostname -> NL_FQDN, PLATFORM -> NL_PLATFORM, NODEPOLICY -> NL_NODESYSTEM, LASTACTIVE -> NL_LASTACTIVE
- Cache node list to improve dashboard performance (updated every 5 minutes)
Added ATT&CK TTP rules
Support for collecting syslog methods
* Add syslog collection model
Added ssl.log collection target
* ssl.log
Improved parser behavior when field values contain “=” or “,”
Support for profile option in extended command parameters and output
Support for profile option in extended command parameters and output
MySQL Connector/J 8.0.33 version
Supported event ID
- 1: ProcessCreate
- 2: FileCreateTime
- 3: NetworkConnect
- 5: ProcessTerminate
- 7: ImageLoad
- 10: ProcessAccess
- 11: FileCreate
- 12, 13, 14: RegistryEvent
- 15: FileCreateStreamHash
- 22: DNSQuery
Support 4 query commands and 2 playbook tasks.
- wxa-whois
- wxa-whois-batch
- wxa-domain-reputation
- wxa-domain-reputation-batch
Add collect log type
* Notable Characteristics
Modify log schema
* Add port field in DDEI Deny List
Support AWS WAF control and added 4 query commands
- aws-waf-ip-sets
- aws-waf-ip-set-addresses
- aws-waf-add-ip-set-address
- aws-waf-remove-ip-set-address
First release
- Parser and log schemas
- Logger model (Syslog, SFTP)
- Dashboard(Alert, Anomaly, HTTP, TLS, DNS, SSH)
Changelog
- Resolve parser errors when the last field contains a comma (,) and the field is escaped with a double quarter (")
Add collect log type
* Deny List Transaction
* Notable Characteristics
First release
- Parser, logger model, log schemas, and DLP dashboard
Added 21 query commands and response module.
* sniper-ngfw-changes
* sniper-ngfw-revert-changes
* sniper-ngfw-commit-changes
* sniper-ngfw-commit-history
* sniper-ngfw-ipv4-blacklist
* sniper-ngfw-ipv4-whitelist
* sniper-ngfw-ipv6-blacklist
* sniper-ngfw-ipv6-whitelist
* sniper-ngfw-add-ipv4-blacklist
* sniper-ngfw-add-ipv4-whitelist
* sniper-ngfw-add-ipv6-blacklist
* sniper-ngfw-add-ipv6-whitelist
* sniper-ngfw-update-ipv4-blacklist
* sniper-ngfw-update-ipv4-whitelist
* sniper-ngfw-update-ipv6-blacklist
* sniper-ngfw-update-ipv6-whitelist
* sniper-ngfw-remove-ipv4-blacklist
* sniper-ngfw-remove-ipv4-whitelist
* sniper-ngfw-remove-ipv6-blacklist
* sniper-ngfw-remove-ipv6-whitelist
* sniper-ngfw-purge-expired-addresses
Neutrino API commands
- neutrino-ip-info
- neutrino-ip-reputation
- neutrino-domain-lookup
- neutrino-host-reputation-summary
- neutrino-host-reputations
- neutrino-geocode-reverse
Changelog
- Fix to output error code instead of command failure if no virustotal search results are found
First Release
- HashiCorp Vault audit log parser, log schema, logger model, dashboard