Version 1.5.3: XXX XX, XXXX - Added the ability to modify the host field to represent the Deep Security computer object that generated the event. This is extracted from the dvchost field in the event data. - Fixed a user reported error where there was a typo in the props.conf file which would preventing the ICMP transform from operating correctly. Credit to Chris Bell for reporting the error. - Made a small modification to the deepsecurity-cefheaders transform to account for any RFC3164 compliant systems that may have added a whitespace to the beginning of the syslog message. - Created a field alias for dest from dest_ip as per guidance in CIM. Version 1.5.2: April 4, 2016 - Fixed a typo in the transforms.conf for web reputation events. Credit to Chris Bell for reporting the error. Version 1.5.1: March 28, 2016 - Fixed an issue with "Intrusion Prevention Rule Updated" events not having their sourcetype modified. - Fixed an issue where in some cases a space is included immediately after "CEF:" in the syslog output from Deep Security. - Removed all inputs from the application itself to make it compatible with Splunk Cloud and to follow Splunk best practices of monitoring files. Version 1.5.0: March 27, 2016 - Added a single UDP input to handle all Deep Security messages (UDP:1514). The sourcetype will be dynamically changed according to the event content. - Added "Firewall Events by Location" to the "Deep Security Firewall Dashboard" to map the source IP for Firewall events. - Added "Intrusion Prevention Events by Location" to the "Deep Security Intrusion Prevention Dashboard" to map the source IP for IPS events. Version 1.4.0: January 2, 2014 - This is the initial release of the Trend Micro Deep Security for Splunk App.