Change log for AWS_CLOUDWATCH

Date Changes
2024-11-12 Enhancement
- Added support to parse unparsed logs.
2024-10-18 Enhancement
- Added support to parse unparsed logs.
2024-08-29 Enhancement
- Added support to parse unparsed logs.
- Mapped "connectionTesterClassName" to "principal.hostname".
- Mapped "identityToken" to "principal.user.userid".
- Mapped "jdbcUrl" to "target.url".
- Mapped "driverClass" to "target.application".
- Mapped "uid" to "metadata.product_log_id".
- Mapped "summary" to "security_result.summary".
- Mapped "script" to "security_result.description".
2024-02-12 Enhancement
- Mapped timestamp to UNIX_MS.
2023-09-02 Enhancement
- Added a "kv block" to parse key-value format logs.
- Mapped "SourceIP" to "principal.ip".
- Mapped "prin_host" to "principal.hostname".
- Mapped "User" to "principal.user.userid".
- Mapped "Ciphers" to "network.tls.client.supported_ciphers".
- Mapped "executionId" to "principal.process.pid".
- Mapped "transferDetails.sessionId" to "network.session_id".
- Mapped "transferDetails.username" to "principal.user.user_display_name".
- Mapped "transferDetails.serverId", "workflowId", "details.input.initialFileLocation.etag", "details.input.initialFileLocation.backingStore", "details.input.initialFileLocation.bucket", "details.input.initialFileLocation.key",
"Mode", "Kex" to "additional.fields".
- Mapped "BytesIn" to "network.received_bytes".
- Mapped "Role" to "target.resource.product_object_id".
2023-08-18 Enhancement
- Added a Grok pattern to parse the unparsed raw logs.
2023-07-07 Enhancement
- Added support for 'logEvents'-related JSON logs.
2022-12-17 Enhancement:
- Mapped "CloudType" to "target.resource.attribute.cloud.environment".
- Mapped "AlertId" to "metadata.product_log_id".
- Mapped "ResourceType" to "target.resource.resource_subtype".
- Mapped "ResourceRegion" to "target.location.country_or_region".
- Mapped "Recommendation" to "security_result.detection_fields".
- Mapped "PolicyName","detail.additionalEventData.configRuleName" to "security_result.rule_name".
- Mapped "detail-type" to "metadata.product_event_type".
- Mapped "region","detail.awsRegion" to "principal.location.name".
- Mapped "detail.eventSource" to "target.application".
- Mapped "detail.requestID" to "target.resource.attribute.labels".
- Mapped "detail.userAgent" to "network.http.user_agent".
- Mapped "detail.eventVersion" to "metadata.product_version".
- Mapped "detail.userIdentity.accountId" to "metadata.product_deployment_id".
- Mapped "detail.userIdentity.accessKeyId" to "target.user.userid".
- Mapped "detail.userIdentity.type" to "principal.resource.type".
- Mapped "detail.userIdentity.principalId" to "principal.user.product_object_id".
- Mapped "detail.user.arn" to "target.user.userid".
- Mapped "detail.user.sessionContext.sessionIssuer.userName" to "target.user.user_display_name".
- Mapped "detail.user.mfaAuthenticated" to "principal.user.attribute.labels".
- Mapped "detail.recipientAccountId" to "target.resource.attribute.labels".
- Mapped "detail.managementEvent", "detail.eventType", "detail.readOnly", "detail.eventName", "detail.additionalEventData.notificationJobType", "detail.additionalEventData.managedRuleIdentifier", "duration", "billed_duration", "memory_used" to "additional.fields".
- Mapped "detail.eventCategory" to "security_result.category_details".
- Mapped "detail.eventID" to "metadata.product_log_id".
- Mapped "detail.additionalEventData.configRuleArn" to "security_result.rule_id".
- Mapped "level" to "security_result.severity".
- Mapped "src_port" to "principal.port".
- Mapped "request_id" to "target.resource.attribute.labels".
- Mapped "url" to "target.url".
2022-09-03 Enhancement
- Added grok to parse newly ingested logs.
- Mapped "package" to "event.idm.read_only_udm.principal.process.command_line".
- Mapped "session_id" to "event.idm.read_only_udm.network.session_id".
- Mapped "network_dir" to "event.idm.read_only_udm.network.direction".
- Mapped "port" to "event.idm.read_only_udm.target.port".
- Remapped "digestPublicKeyFingerprint" from "additional.fields" to "event.idm.read_only_udm.target.file.sha1".
- Added other log levels like "AUDIT", "TRACE", "DEBUG", "NOTICE", "ERROR" for severity mapping.
- Duplicated the value in "target.ip" to "principal.ip" to set event_type as "STATUS_UPDATE" thereby reducing generic percentage.
- Added conditions for "event_type" "USER_UNCATEGORIZED", "NETWORK_HTTP", "NETWORK_CONNECTION", "STATUS_UPADTE" to reduce generic percentage.
2022-08-11 Bug Fix - Remapped "digestS3Bucket" to "principal.resource.name".
Remapped "kubernetes.pod_name" to "additional.fields".
2022-05-27 Enhancement - Modified the value stored in metadata.product_name to 'AWS CloudWatch' and metadata.vendor_name to 'AMAZON'.