From bfb369bf9370a043c9467317990bc09be845688b Mon Sep 17 00:00:00 2001 From: eepstain <116078117+eepstain@users.noreply.github.com> Date: Thu, 7 Sep 2023 15:37:46 +0300 Subject: [PATCH] Netskope Update (#29463) --- .../NetskopeEventCollector_1_3.xif | 12 ++++++++---- .../NetskopeEventCollector_1_3_schema.json | 4 ++-- Packs/Netskope/ReleaseNotes/3_2_3.md | 6 ++++++ Packs/Netskope/pack_metadata.json | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 Packs/Netskope/ReleaseNotes/3_2_3.md diff --git a/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3.xif b/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3.xif index 8abdcbea5548..b1be1656d5e9 100644 --- a/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3.xif +++ b/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3.xif @@ -40,7 +40,8 @@ filter source_log_event = "page" xdm.target.location.longitude = to_float(dst_longitude), xdm.target.location.region = dst_region, xdm.target.location.timezone = dst_timezone, - xdm.target.port = dstport, + xdm.target.port = to_integer(dstport), + xdm.source.port = to_integer(srcport), xdm.target.sent_bytes = server_bytes, xdm.target.url = page, xdm.target.user.identifier = userkey; @@ -109,7 +110,8 @@ filter source_log_event = "application" xdm.target.location.longitude = to_float(dst_longitude), xdm.target.location.region = dst_region, xdm.target.location.timezone = dst_timezone, - xdm.target.port = dstport, + xdm.target.port = to_integer(dstport), + xdm.source.port = to_integer(srcport), xdm.target.sent_bytes = server_bytes, xdm.target.url = coalesce(page, web_url), xdm.target.user.identifier = userkey; @@ -178,7 +180,8 @@ filter source_log_event = "alert" xdm.target.location.longitude = to_float(dst_longitude), xdm.target.location.region = dst_region, xdm.target.location.timezone = dst_timezone, - xdm.target.port = dstport, + xdm.target.port = to_integer(dstport), + xdm.source.port = to_integer(srcport), xdm.target.sent_bytes = server_bytes, xdm.target.url = coalesce(page, web_url), xdm.target.user.identifier = userkey; @@ -219,7 +222,8 @@ filter source_log_event = "network" xdm.target.domain = type_web, xdm.target.host.hostname = dsthost, xdm.target.ipv4 = dstip, - xdm.target.port = dstport, + xdm.target.port = to_integer(dstport), + xdm.source.port = to_integer(srcport), xdm.target.sent_bytes = server_bytes, xdm.target.user.identifier = userkey, xdm.network.http.referrer = referer, diff --git a/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3_schema.json b/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3_schema.json index 81b4a62a9234..6616bdb2310c 100644 --- a/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3_schema.json +++ b/Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3_schema.json @@ -17,7 +17,7 @@ "is_array": false }, "dstport": { - "type": "string", + "type": "int", "is_array": false }, "hostname": { @@ -49,7 +49,7 @@ "is_array": false }, "srcport": { - "type": "string", + "type": "int", "is_array": false }, "timestamp": { diff --git a/Packs/Netskope/ReleaseNotes/3_2_3.md b/Packs/Netskope/ReleaseNotes/3_2_3.md new file mode 100644 index 000000000000..0738d3a0e224 --- /dev/null +++ b/Packs/Netskope/ReleaseNotes/3_2_3.md @@ -0,0 +1,6 @@ + +#### Modeling Rules + +##### Netskope Modeling Rule + +Updated the Modeling Rule mapping, adding the srcport field to the XDM xdm.source.port field. diff --git a/Packs/Netskope/pack_metadata.json b/Packs/Netskope/pack_metadata.json index 65505d051c97..dd41033ada50 100644 --- a/Packs/Netskope/pack_metadata.json +++ b/Packs/Netskope/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Netskope", "description": "Cloud access security broker that enables to find, understand, and secure cloud apps.", "support": "xsoar", - "currentVersion": "3.2.2", + "currentVersion": "3.2.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",