Download topic as PDF
Release history for the Splunk Add-on for McAfee Web Gateway
The latest version of the Splunk Add-on for McAfee Web Gateway is version 2.1.0. See Release notes for the Splunk Add-on for McAfee for release notes of this latest version.
Version 2.0.0
Version 2.0.0 of the Splunk Add-on for McAfee Web Gateway and is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.3, 8.0, 8.1 |
| CIM | 4.18 |
| Platforms | Platform independent |
| Vendor Products | Mcafee Web Gateway 10.0 (Control release)
Mcafee Web Gateway 9.2.4 (Main release) |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 2.0.0 of the Splunk Add-on for McAfee Web Gateway has the following new features.
- Support for McAfee Web Gateway 10.0.0 and McAfee Web Gateway 9.2.4.
- Support for CIM version 4.18.
- Improved search time performance of the Splunk Add-on for McAfee Web Gateway.
- The new log handler manages the null values more efficiently by processing the logs and dropping the NULL key-value pairs before it reaches Splunk.
- The latest version of the add-on no longer extracts or evaluates "NULL" or "-" values as "UNKNOWN" - This will prevent invalid data from entering dashboards and reports.
- The Alert data model was incorrectly mapped to the
mcafee_wg_alerteventtype. The mapping has been removed from this current version. - Fixed the CIM mapping for the Web data model for the
mcafee_wg_webeventtype. Previously, all logs were getting tagged with the Web data model, and now only non-malware logs will be tagged with Web.
Splunk now supports the following fields in the log handler.
| Field Name | Field Description |
|---|---|
| destip | IP address for the destination |
| file_hash_md5 | MD5 digest for the filename |
| file_name | Name of the file |
| cache_control | cache-control |
| rep_level | Reputation Level |
| encoding_type | Type of encoding |
| ssl_cert_sha2 | SSL certificate SHA2-256 |
| ssl_cert_name | Name of the SSL certificate |
| http_referrer | HTTP referrer |
Fixed issues
Version 2.0.0 of the Splunk Add-on for McAfee Web Gateway contains the following fixed issues. If this section is blank, there are no fixed issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2021-01-12 | ADDON-15561 | McAfee Web Gateway Add-on has bad time recognition settings |
Known issues
Version 2.0.0 of the Splunk Add-on for McAfee Web Gateway contains the following known issues. If this section is blank, there are no known issues.
Third-party software attributions
Version 2.0.0 of the Splunk Add-on for McAfee Web Gateway does not incorporate any third-party software or libraries.
Version 1.0.0
Version 1.0.0 of the Splunk Add-on for McAfee Web Gateway was released on January 14, 2016 and is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.2 or later |
| CIM | 4.2 or later |
| Platforms | Platform independent |
| Vendor Products | McAfee Web Gateway 7.3+ |
New features
Version 1.0.0 of the Splunk Add-on for McAfee Web Gateway has the following new features.
| Date | Issue number | Description |
|---|---|---|
| 2015-12-09 | ADDON-6871 | Create a new add-on for McAfee Web Gateway. |
Known issues
Version 1.0.0 of the Splunk Add-on for McAfee Web Gateway contains no known issues.
Third-party software attributions
Version 1.0.0 of the Splunk Add-on for McAfee Web Gateway does not incorporate any third-party software or libraries.
|
PREVIOUS Release notes for the Splunk Add-on for McAfee Web Gateway |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!