New Features

None

Enhancements

SIEM Integration - New “Splunk” Package and Changes in CEF Format

A new Splunk package is available under the SIEM configuration page (Account => Settings => Security Logs => Logs Configuration). The package supports the following changes in CEF format in order to align with the CEF RFC standard:

  1. deviceExternalID —> deviceExternalId
  2. requestmethod —> requestMethod
  3. fileid —> fileId
  4. filetype —> fileType
  5. filepermission —> filePermission

The publishing of logs in this format will start next week on April 10th.

Customers that use the CEF format and Splunk package are kindly requested to replace their existing Splunk package with the new version. The new package supports both the new and old CEF format.

Customers that use other log processing scripts need to adjust their scripts accordingly.

New User Permissions

When a new user is added to an account, their default permission settings are disabled (Account => Settings => Users => Add User).

Fixes

None.

Known Issues

None.