1.6.0

Version 1.6.0: May 14, 2018

• Added "Deep Security Application Control Dashboard".
• Fixed incorrect transformation for system events.
• Fixed label/title inconsistency between dashboards.
• Fixed the saved searches "All Security Events" and "High Severity Events" so that they exclude system events as expected.

1.5.2

Version 1.5.2: April 4, 2016

• Fixed a typographical error in the transforms.conf file for web reputation events. Thank you to Chris Bell for reporting it.

Version 1.5.1: March 28, 2016

• Fixed an issue with "Intrusion Prevention Rule Updated" events not having their sourcetype modified.
• Fixed an issue where in some cases a space was included immediately after "CEF:" in the syslog output from Deep Security.
• Removed all inputs from the application itself to make it compatible with Splunk Cloud and to follow Splunk best practices for monitoring files.

Version 1.5.0: March 27, 2016

• Added a single UDP input to handle all Deep Security messages (UDP:1514). The sourcetype is dynamically changed according to the event content.
• Added "Firewall Events by Location" to the "Deep Security Firewall Dashboard" to map the source IP for firewall events.
• Added "Intrusion Prevention Events by Location" to the "Deep Security Intrusion Prevention Dashboard" to map the source IP for intrusion prevention events.

Version 1.4.0: January 2, 2014

• This is the initial release of the Trend Micro Deep Security for Splunk app.