Change log for APPIAN_CLOUD
Date | Changes |
---|---|
2025-02-12 | - Changed "metadata.vendor_name" mapping from "APPIAN_CLOUD" to "Appian".
- Changed "metadata.product_name" mapping from "APPIAN_CLOUD" to "Cloud Platform". |
2025-01-24 | - Added Grok patterns to parse the logs.
- Mapped "src_host" to "intermediary.hostname". - Mapped "sqlcmd" to "security_result.detection_fields". - Mapped "oid" to "target.resource.product_object_id". - Mapped "detail" to "security_result.severity_details". - Mapped "thread" to "additional.fields". - Mapped "document_name" to "target.files.names". - Mapped "hash" to "target.file.md5". - Mapped "src_ip1" to "target.ip" and "target.asset.ip". - Mapped "name" to "target.resource.resource_subtype". - Mapped "msg" and "reason" to "security_result.summary". - Mapped "hostname" to "principal.hostname" and "principal.asset.hostname". - Mapped "details" to "security_result.description" and "security_result.detection_fields". - Mapped "user" to "principal.user.product_object_id". - Mapped "action" to "target.resource.resource_subtype" and "target.resource.attribute.labels". - Mapped "original_value", "setting_new_value", "setting_old_value", and "new_value" to "target.resource.attribute.labels". - Mapped "username" to "principal.user.userid". - Mapped "property" to "target.resource.name". - Mapped "modified_by_uuid" to "principal.user.product_object_id". - Mapped "modified_by_username" to "principal.user.userid". - Mapped "page_involved", "site_involved", and "page_group_involved" to "target.resource.attribute.labels". - Mapped "total_thread_count", "daemon_thread_count", used_heap_space", "available_heap_space", "tenured_generation_usage_after_collection", "tenured_generation_used", "tenured_generation_available", "permanent_generation_used", and "permanent_generation_available" to "additional.fields". - Mapped "young_collection_count", "young_cllection_time", "tenured_collection_count", "tenured_collection_time", "cpu_core_count", "total_system_memory", "used_system_memory", "total_swap_space", "used_swap_space", "load_average", and "session_count" to "additional.fields". - Mapped "record_type_name" to "target.resource.name". - Mapped "record_identifier", "record_type_url_stub", "view", "filters", "environment", and "site_url_stub" to "target.resource.attribute.labels". - Mapped "data_store", "entity", and "operation_type" to "additional.fields". - Mapped "action1" to "security_result.summary". - Mapped "user_uuid" to "target.user.product_object_id". - Mapped "operation_name", "prepare_time", "transform_time", and "execute_time" to "additional.fields". - Mapped "operation_detail" to "security_result.summary". - Mapped "object" to "security_result.summary". - Mapped "host" to "principal.hostname" and "principal.asset.hostname". - Mapped "database" to "target.resource.name". - Mapped "retcode" to "additional.fields". - Mapped "connectionid" to "network.session.id". - Mapped "queryid" to "target.resource.product_object_id". - When "userid" is emailaddress, mapped these fields to "principal.user.userid", and "principal.user.email_address". - Mapped "server_host" to "target.hostname" and "target.asset.hostname". - Mapped "minimum_execution_time", "execution_count", "status_code_1xx_count", "status_code_2xx_count", "status_code_3xx_count", "status_code_4xx_count", "status_code_5xx_count", "minimum_response_size", "maximum_response_time", "maximum_response_size", "mean_execution_time", and "maximum_response_size" to "security_result.detection_fields". - Mapped "http_method" to "network.http.method". - Mapped "act" to "security_result.action". - When "message" is "record-usage" or "sites-usage", then "metadata.event_type" is "USER_RESOURCE_ACCESS". - When message is "admin-console-audit", then "metadata.event_type" is "USER_RESOURCE_UPDATE_CONTENT". - When message is "delete", then "metadata.event_type" is "USER_RESOURCE_DELETION". |
2024-11-14 | - Newly created parser.
|