<html lang="en">
<body>
 
  <p>
    <b>[OOTB] Bastion SKDPU-GW syslog. Version 2</b><br>
	Changelog:
		<ul>
			<li>Support of Bastion SKDPU-GW version 7.0 build 17 hotfix 14 was added.</li>
			<li>Extra normalizer "sshproxy Normalization" was changed. Event field "psid" was mapped to the KUMA field "DestinationProcessID".</li>
			<li>Extra normalizer "sshproxy Normalization" was changed. Event field "host" was mapped to the KUMA field "DestinationAddress".</li>
			<li>Extra normalizer "sshproxy Normalization" was changed. Event field "reason" was mapped to the KUMA field "Reason".</li>
			<li>Extra normalizer "sshproxy Normalization" was changed. Event field "target" was mapped to the KUMA field "Message". New event enrichment was added. The "Message" event field was mapped to the KUMA fields "DestinationUserName", "ApplicationProtocol", "DestinationNtDomain", "DeviceCustomString4" with the "Authentication name" label.</li>	
			<li>Extra normalizer "rdpproxy Normalization" was changed. Event field "target" was mapped to the KUMA field "Message". New event enrichment was added. The "Message" event field was mapped to the KUMA fields "DestinationUserName", "ApplicationProtocol", "DestinationNtDomain", "DeviceCustomString4" with the "Authentication name" label.</li>
			<li>Extra normalizer "rdpproxy Normalization" was changed. Event field "host" was mapped to the KUMA field "DestinationAddress".</li>
		</ul>
  </p>
 
  <p>
    <b>[OOTB] Bastion SKDPU-GW syslog. Version 1</b><br>
	This is the first version of the package.<br>
	Changelog:
		<ul>
			<li>Normalizer name was changed from the "[OOTB] Bastion SKDPU-GW" to the "[OOTB] Bastion SKDPU-GW syslog".</li>
			<li>Event enrichement (lower case) was added to the KUMA fields "DestinationHostName", "DeviceHostName", "SourceHostName", "SourceUserName", "DestinationUserName".</li>
			<li>Regular expression was updated in the extra normalizer "message preNormalization".</li>
			<li>Condition was changed (from "appp" to "app") in the extra normalizer "sysaudit Normalization".</li>
			<li>New extra normalizer was added "wabauth Normalization".</li>
			<li>Event mutations (replace and ReplaceWithRegexp) was added to data that processed in the extra normalizers "wabaudit Normalization", "sshproxy Normalization", "rdpproxy Normalization", "SSH Session Normalization", "RDP Session Normalization", "sysaudit Normalization", "Vault Activity Normalization".</li>
			<li>Event mutations of "Source" event fields was removed in the extra normalizers "wabaudit Normalization", "sshproxy Normalization", "rdpproxy Normalization", "SSH Session Normalization", "RDP Session Normalization", "sysaudit Normalization", "Vault Activity Normalization".</li>
			<li>Pair delimiter was chenged in the extra normalizers "wabaudit Normalization", "sshproxy Normalization", "rdpproxy Normalization", "SSH Session Normalization", "RDP Session Normalization", "sysaudit Normalization", "Vault Activity Normalization" from the " " to the "|".</li>
			<li>In the extra normalizer "rdpproxy Normalization" processed field name was changed from the "to Extra" to "toExtra".</li>
			<li>New mapping was added in the extra normalizer "rdpproxy Normalization". Event field "src_ip" was mapped to the KUMA field "SourceAddress", event field "src_port" was mapped to the KUMA field "SourcePort".</li>
			<li>Minor improvements.</li>
		</ul>
  </p>

</body>
</html>