Change log for AWS_RDS
| Date | Changes |
|---|---|
| 2025-07-09 | Enhancement:
- `substatementId`: Converted `substatementId` to string before mapping to `event.idm.read_only_udm.additional.fields`UDM field. - `event.idm.read_only_udm.target.application`: Newly mapped `clientApplication` raw log field with `event.idm.read_only_udm.target.application` UDM field. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Removed mapping of `serverHost` raw log field from `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields in order to introduce more accurate mappings for the raw log field. - `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip`: Mapped `serverHost` raw log field with `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM fields. - `has_target`: Set `has_target` to `true` if `target.ip` and `target.asset.ip` is not empty. - `event.idm.read_only_udm.additional.fields`: Removed mapping of `commandText` and `command` raw log fields from `event.idm.read_only_udm.additional.fields` UDM field. These changes were made to introduce more accurate mappings for the raw log fields. - `event.idm.read_only_udm.target.process.command_line`: Mapped `commandText` raw log field with `event.idm.read_only_udm.target.process.command_line` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `objectType` and `objectName` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - Added support for new format of logs. - `event.idm.read_only_udm.additional.fields`: Newly mapped `rowCount` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.summary`: Newly mapped `errorMessage` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `command` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly Mapped `rawData`,`attemptsMade` and `attemptEndingTimestamp` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.summary`: Newly mapped `errorCode` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `errorMessage` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.principal.resource.name`: Newly mapped `lambdaARN` raw log field with `event.idm.read_only_udm.principal.resource.name` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `arrivalTimestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `exitCode` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. |
| 2025-03-28 | Enhancement:
- Added grok patterns inorder to parse the logs with new syslog format. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `prod_event_type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `arn` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.network.ip_protocol: Newly mapped `PROTOCOL` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `address_data.HOST` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `address_data.HOST` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.port: Newly mapped `PORT` to `event.idm.read_only_udm.principal.port`. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `SID` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `USER` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `connect_data.HOST` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `connect_data.HOST` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `PROGRAM` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `action_details` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. |
| 2025-03-13 | Enhancement:
- Added support for a new syslog log format. - Added support to parse the new format of "timestamp". |
| 2025-02-20 | Enhancement:
- Added support for a new syslog log format. |
| 2025-02-18 | Enhancement:
- Mapped "src_port" to "principal.port". - Mapped "user_name" to "principal.user.user_display_name". - Mapped "database_name" to "target.resource.name" and set "target.resource.type" to "DATABASE". - Mapped "description" to "metadata.description". |
| 2025-01-30 | Enhancement:
- Added support for new syslog log format. |
| 2024-12-20 | Enhancement:
- Added support for new log format. - Mapped "owner" to "principal.user.userid". - Mapped "logGroup" to "security_result.about.resource.name". - Mapped "logStream" to "security_result.about.resource.attribute.labels". - Mapped "logevent.id" to "metadata.product_log_id". - Mapped "logevent.message" to "security_result.description". - Mapped "resource_name" to "target.resource.name". - Mapped "src_ip" to "principal.ip". - Mapped "tar_ip" to "target.ip". - Mapped "tar_host" to "target.hostname". - Mapped "subscriptionFilters" to "security_result.about.resource.attribute.labels". |
| 2024-10-30 | Enhancement:
- Added support for new log format. - Mapped "type" to "additional.fields". |
| 2024-10-03 | Enhancement:
- Added support for new log format. |
| 2023-04-24 | - Newly created parser.
|