Change log for AWS_RDS
| Date | Changes |
|---|---|
| 2025-03-28 | Enhancement:
- Added grok patterns inorder to parse the logs with new syslog format. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `prod_event_type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `arn` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.network.ip_protocol: Newly mapped `PROTOCOL` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `address_data.HOST` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `address_data.HOST` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.port: Newly mapped `PORT` to `event.idm.read_only_udm.principal.port`. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `SID` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `USER` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `connect_data.HOST` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `connect_data.HOST` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `PROGRAM` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `action_details` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. |
| 2025-03-13 | Enhancement:
- Added support for a new syslog log format. - Added support to parse the new format of "timestamp". |
| 2025-02-20 | Enhancement:
- Added support for a new syslog log format. |
| 2025-02-18 | Enhancement:
- Mapped "src_port" to "principal.port". - Mapped "user_name" to "principal.user.user_display_name". - Mapped "database_name" to "target.resource.name" and set "target.resource.type" to "DATABASE". - Mapped "description" to "metadata.description". |
| 2025-01-30 | Enhancement:
- Added support for new syslog log format. |
| 2024-12-20 | Enhancement:
- Added support for new log format. - Mapped "owner" to "principal.user.userid". - Mapped "logGroup" to "security_result.about.resource.name". - Mapped "logStream" to "security_result.about.resource.attribute.labels". - Mapped "logevent.id" to "metadata.product_log_id". - Mapped "logevent.message" to "security_result.description". - Mapped "resource_name" to "target.resource.name". - Mapped "src_ip" to "principal.ip". - Mapped "tar_ip" to "target.ip". - Mapped "tar_host" to "target.hostname". - Mapped "subscriptionFilters" to "security_result.about.resource.attribute.labels". |
| 2024-10-30 | Enhancement:
- Added support for new log format. - Mapped "type" to "additional.fields". |
| 2024-10-03 | Enhancement:
- Added support for new log format. |
| 2023-04-24 | - Newly created parser.
|