<html lang="en">
<body>

<p>
    <b>[OOTB] Sonicwall TZ Firewall syslog. Version 2</b><br>
	Change log:
	<ul>
		<li>Support of events from Sonicwall TZ Firewall version 7.3 in CEF format have been added.</li>
		<li>Main normalizer have been changed. Capture group "EndTime" have been renamed to "Timestamp". Timestamp capture group have been mapped to the KUMA field DeviceRecieptTime. Option "User CEF syntax for normalization" have been disabled. Event enrichment with replace function have been added to the KUMA field DeviceAction. New event enrichment with replace with regexp function have been added to the field SourceNtDomain. New event enrichment with replace with regexp function have been added to the field SourceUserName.</li>
		<li>Extra normalizer "CEF" have been changed. Conditions have been removed. New conversion with replace with reegxp function have been added. Field that transferred to this extra normalizer have been changed from "msg" to "all_message". Mapping of event field "deviceExternalId" to the KUMA field DeviceExternalId have been removed. Event field DeviceProduct have been added to the KUMA field DeviceExternalId. Option "Keep extra fields" have been disabled.</li>
		<li>Condition in the extra normalizer "Capture ATP File Transfer Result" have been updated.</li>
		<li>New extra normalizer have been added "CEF requestURL processing", "Assigned IP Address", "Anti-Spam Resolved Cloud Address", "DPI-SSL Connection Check", "Syslog Website Accessed".</li>
	</ul>
</p>
  
<p>
    <b>[OOTB] Sonicwall TZ Firewall syslog. Version 1</b><br>
	This is the first version of the package.<br>
	Change log:
	<ul>
		<li>Normalizer name was changed from "[OOTB] Sonicwall TZ Firewall" to "[OOTB] Sonicwall TZ Firewall syslog".</li>
		<li>Support of events in key-value format was added.</li>
		<li>Main normalizer was changed. New event enrichment was added (FIELDS LIST). New event enrichment was added to the KUMA field DeviceEventCategory. New event enrichment was added to the KUMA field DeviceCustomString5. New regular expressions were added to the main normalizer. New event enrichment was added to the KUMA field TransportProtocol. New event enrichment was added to the KUMA field ApplicationProtocol.</li>
		<li>Extra normalizer "CEF" was changed. Condition was updated. New Conversion was added to the event field "msg". New event enrichment was added to the KUMA field DeviceCustomString6.  Mapping of event field RequestContext was removed. Mapping of the event field "Request" was added to the KUMA field RequestContext. Event field "cn1" was removed from the KUMA field "DeviceCustomNumber1". Event field "cn2" was removed from the KUMA field "DeviceCustomNumber2".  Event field "cn3" was removed from the KUMA field "DeviceCustomNumber3". Event field "cs5" was removed from the KUMA field "DeviceCustomString5". Event field "cs3" was removed from the KUMA field "DeviceCustomString3". Event field "cs4" was removed from the KUMA field "DeviceCustomString4". Event field "cnt" was removed from the KUMA field "BaseEventCount". Mapping of event field "cs1Label" was removed from the KUMA field DeviceCustomString1Label. Mapping of event field "cs2Label" was removed from the KUMA field DeviceCustomString2Label. Mapping of event field "deviceVendor" was removed from the KUMA field DeviceVendor. Mapping of event field "deviceProduct" was removed from the KUMA field DeviceProduct. Mapping of event field "flexNumber1" was removed from the KUMA field FlexNumber1. Mapping of event field "flexNumber1Label" was removed from the KUMA field FlexNumber1Label. Mapping of event field "flexNumber2" was removed from the KUMA field FlexNumber2. Mapping of event field "flexNumber2Label" was removed from the KUMA field FlexNumber2Label. Event field "cn2" was mapped to the KUMA field FlexNumber2. Mapping of event field "cfp1" was removed from the KUMA field DeviceCustomFloatingPoint1. Mapping of event field "cfp1Label" was removed from the KUMA field DeviceCustomFloatingPoint1Label. Mapping of event field "cfp2" was removed from the KUMA field DeviceCustomFloatingPoint2. Mapping of event field "cfp2Label" was removed from the KUMA field DeviceCustomFloatingPoint2Label. Event field "cnt" was mapped to the KUMA field DeviceCustomNumber3. Mapping of event field "flexString1" was removed from the KUMA field FlexString1. Mapping of event field "flexString1Label" was removed from the KUMA field FlexString1Label. Mapping of event field "flexString2" was removed from the KUMA field FlexString2. Mapping of event field "flexString2Label" was removed from the KUMA field FlexString2Label. Mapping of event field "end" was removed from the KUMA field EndTime. Conversion was removed from the event field "fw_action". Event enrichment was added to the KUMA field DeviceAction (trim function). Event field "sid" was mapped to the KUMA field DevicePayloadID. Mapping of event field "fileId" was removed from the KUMA field FileID. Event field "fileid" was mapped to the KUMA field FileID. New event enrichements were added to the KUMA field FileHash. New event enrichment was added to the KUMA field FileID. Mapping of event field "fileType" was removed from the KUMA field FileType. Event field "spycat" was mapped to the KUMA field FileType. Mapping of event field "oldFileType" was removed from the KUMA field OldFileType. Event field "spycat" was mapped to the KUMA field OldFileType.</li>
	<li>New extra normalizers were added: "Capture ATP File Transfer Result", "KV parsing".</li>
	<li>DeviceCustom* fields labels were updated.</li>
	</ul>
</p>

</body>
</html>