Change log for AWS_SESSION_MANAGER
| Date | Changes |
|---|---|
| 2025-04-30 | Enhancement:
- event.idm.read_only_udm.metadata.product_version: Newly mapped eventVersion raw log field to event.idm.read_only_udm.metadata.product_version UDM field. - event.idm.read_only_udm.principal.cloud.availability_zone: Newly mapped awsRegion raw log field to event.idm.read_only_udm.principal.cloud.availability_zone UDM field. - event.idm.read_only_udm.target.resource.id: Newly mapped target.id raw log field to event.idm.read_only_udm.target.resource.id UDM field. Set event.idm.read_only_udm.target.resource.type to "instance". - event.idm.read_only_udm.principal.user.product_object_id: Newly mapped userIdentity.arn raw log field to event.idm.read_only_udm.principal.user.product_object_id UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped runAsUser raw log field to event.idm.read_only_udm.principal.user.userid UDM field. - event.idm.read_only_udm.network.session_id: Newly mapped sessionId raw log field to event.idm.read_only_udm.network.session_id UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped sessionData array to event.idm.read_only_udm.security_result.detection_fields UDM field, using index as key and the value of the array as value. - JSON: Added support for parsing JSON format logs. - Modified the grok patterns in order to parse the logs with json format, including handling of nested objects (target, userIdentity) and arrays (sessionData). |
| 2023-06-14 | Newly created parser.
|