Change log for AZURE_FRONT_DOOR

Date	Changes
2025-08-06	Enhancement: event.idm.read_only_udm.principal.ip: Removed mapping of origin_ip from event.idm.read_only_udm.principal.ip UDM field which is the IP address of the entity that is the target of the action or event. event.idm.read_only_udm.target.ip: Mapped origin_ip raw log field to event.idm.read_only_udm.target.ip UDM field. event.idm.read_only_udm.principal.asset.ip: Removed mapping of origin_ip from event.idm.read_only_udm.principal.asset.ip UDM field which is the IP address of the entity that is the target of the action or event. event.idm.read_only_udm.target.asset.ip: Mapped origin_ip raw log field to event.idm.read_only_udm.target.asset.ip UDM field. event.idm.read_only_udm.target.url: Removed mapping of properties.requestUri from event.idm.read_only_udm.target.url UDM field because requestUri should be associated with the principal that made the request. event.idm.read_only_udm.principal.url: Mapped properties.requestUri raw log field to event.idm.read_only_udm.principal.url UDM field. event.idm.read_only_udm.target.resource.product_object_id: Removed mapping of resourceId from event.idm.read_only_udm.target.resource.product_object_id UDM field because this field is for a vendor-specific identifier for the target resource. It is not for a generic ID. event.idm.read_only_udm.target.resource.id: Mapped resourceId raw log field to event.idm.read_only_udm.target.resource.id UDM field. event.idm.read_only_udm.additional.fields: Removed mapping of operationName from event.idm.read_only_udm.additional.fields UDM field because operationName is a string that represents a specific operation or action that occurred on the Azure Front Door. event.idm.read_only_udm.metadata.description: Mapped operationName raw log field to event.idm.read_only_udm.metadata.description UDM field. event.idm.read_only_udm.metadata.vendor_name: Newly mapped "Microsoft" static value to event.idm.read_only_udm.metadata.vendor_name UDM field. event.idm.read_only_udm.metadata.product_name: Newly mapped "Azure Front Door" static value to event.idm.read_only_udm.metadata.product_name UDM field. event.idm.read_only_udm.metadata.product_log_id: Newly mapped properties.trackingReference raw log field to event.idm.read_only_udm.metadata.product_log_id UDM field. event.idm.read_only_udm.network.application_protocol: Newly mapped properties.requestProtocol raw log field to event.idm.read_only_udm.network.application_protocol UDM field. event.idm.read_only_udm.network.http.method: Newly mapped properties.httpMethod raw log field to event.idm.read_only_udm.network.http.method UDM field. event.idm.read_only_udm.network.http.response_code: Newly mapped properties.httpStatusCode raw log field to event.idm.read_only_udm.network.http.response_code UDM field. event.idm.read_only_udm.network.received_bytes: Newly mapped properties.responseBytes raw log field to event.idm.read_only_udm.network.received_bytes UDM field. event.idm.read_only_udm.network.sent_bytes: Newly mapped properties.requestBytes raw log field to event.idm.read_only_udm.network.sent_bytes UDM field. event.idm.read_only_udm.network.tls.version_protocol: Newly mapped properties.securityProtocol raw log field to event.idm.read_only_udm.network.tls.version_protocol UDM field. event.idm.read_only_udm.principal.location.country_or_region: Newly mapped properties.clientCountry raw log field to event.idm.read_only_udm.principal.location.country_or_region UDM field. event.idm.read_only_udm.principal.hostname: Newly mapped properties.hostName raw log field to event.idm.read_only_udm.principal.hostname UDM field. event.idm.read_only_udm.principal.asset.hostname: Newly mapped properties.hostName raw log field to event.idm.read_only_udm.principal.asset.hostname UDM field. event.idm.read_only_udm.security_result.action_details: Newly mapped properties.ErrorInfo raw log field to event.idm.read_only_udm.security_result.action_details UDM field. event.idm.read_only_udm.security_result.rule_name: Newly mapped properties.routingRuleName raw log field to event.idm.read_only_udm.security_result.rule_name UDM field. event.idm.read_only_udm.target.hostname: Newly mapped properties.originName raw log field to event.idm.read_only_udm.target.hostname UDM field. event.idm.read_only_udm.target.asset.hostname: Newly mapped properties.originName raw log field to event.idm.read_only_udm.target.asset.hostname UDM field. event.idm.read_only_udm.target.url: Newly mapped properties.originUrl raw log field to event.idm.read_only_udm.target.url UDM field. event.idm.read_only_udm.security_result.action: Newly mapped sec_result_action raw log field to event.idm.read_only_udm.security_result.action UDM field. event.idm.read_only_udm.network.application_protocol_version: Newly mapped properties.httpVersion raw log field to event.idm.read_only_udm.network.application_protocol_version UDM field. event.idm.read_only_udm.network.tls.client.server_name: Newly mapped properties.sni raw log field to event.idm.read_only_udm.network.tls.client.server_name UDM field. event.idm.read_only_udm.network.http.user_agent: Newly mapped properties.userAgent raw log field to event.idm.read_only_udm.network.http.user_agent UDM field. event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped properties.userAgent raw log field to event.idm.read_only_udm.network.http.parsed_user_agent UDM field. event.idm.read_only_udm.network.http.referral_url: Newly mapped properties.referer raw log field to event.idm.read_only_udm.network.http.referral_url UDM field. event.idm.read_only_udm.network.tls.cipher: Newly mapped properties.securityCipher raw log field to event.idm.read_only_udm.network.tls.cipher UDM field. event.idm.read_only_udm.network.tls.curve: Newly mapped properties.securityCurves raw log field to event.idm.read_only_udm.network.tls.curve UDM field. event.idm.read_only_udm.intermediary.hostname: Newly mapped properties.endpoint raw log field to event.idm.read_only_udm.intermediary.hostname UDM field. event.idm.read_only_udm.additional.fields: Newly mapped properties.cacheStatus, properties.domain, properties.timeToFirstByte, properties.timeTaken, properties.edgeActionsStatusCode, and properties.pop raw log fields with event.idm.read_only_udm.additional.fields UDM field. event.idm.read_only_udm.security_result.detection_fields: Newly mapped properties.result and properties.clientJA4FingerPrint raw log fields with event.idm.read_only_udm.security_result.detection_fields UDM field.
2024-12-13	Created new parser.

Date

Changes

2025-08-06

Enhancement:
event.idm.read_only_udm.principal.ip: Removed mapping of origin_ip from event.idm.read_only_udm.principal.ip UDM field which is the IP address of the entity that is the target of the action or event.
event.idm.read_only_udm.target.ip: Mapped origin_ip raw log field to event.idm.read_only_udm.target.ip UDM field.
event.idm.read_only_udm.principal.asset.ip: Removed mapping of origin_ip from event.idm.read_only_udm.principal.asset.ip UDM field which is the IP address of the entity that is the target of the action or event.
event.idm.read_only_udm.target.asset.ip: Mapped origin_ip raw log field to event.idm.read_only_udm.target.asset.ip UDM field.
event.idm.read_only_udm.target.url: Removed mapping of properties.requestUri from event.idm.read_only_udm.target.url UDM field because requestUri should be associated with the principal that made the request.
event.idm.read_only_udm.principal.url: Mapped properties.requestUri raw log field to event.idm.read_only_udm.principal.url UDM field.
event.idm.read_only_udm.target.resource.product_object_id: Removed mapping of resourceId from event.idm.read_only_udm.target.resource.product_object_id UDM field because this field is for a vendor-specific identifier for the target resource. It is not for a generic ID.
event.idm.read_only_udm.target.resource.id: Mapped resourceId raw log field to event.idm.read_only_udm.target.resource.id UDM field.
event.idm.read_only_udm.additional.fields: Removed mapping of operationName from event.idm.read_only_udm.additional.fields UDM field because operationName is a string that represents a specific operation or action that occurred on the Azure Front Door.
event.idm.read_only_udm.metadata.description: Mapped operationName raw log field to event.idm.read_only_udm.metadata.description UDM field.
event.idm.read_only_udm.metadata.vendor_name: Newly mapped "Microsoft" static value to event.idm.read_only_udm.metadata.vendor_name UDM field.
event.idm.read_only_udm.metadata.product_name: Newly mapped "Azure Front Door" static value to event.idm.read_only_udm.metadata.product_name UDM field.
event.idm.read_only_udm.metadata.product_log_id: Newly mapped properties.trackingReference raw log field to event.idm.read_only_udm.metadata.product_log_id UDM field.
event.idm.read_only_udm.network.application_protocol: Newly mapped properties.requestProtocol raw log field to event.idm.read_only_udm.network.application_protocol UDM field.
event.idm.read_only_udm.network.http.method: Newly mapped properties.httpMethod raw log field to event.idm.read_only_udm.network.http.method UDM field.
event.idm.read_only_udm.network.http.response_code: Newly mapped properties.httpStatusCode raw log field to event.idm.read_only_udm.network.http.response_code UDM field.
event.idm.read_only_udm.network.received_bytes: Newly mapped properties.responseBytes raw log field to event.idm.read_only_udm.network.received_bytes UDM field.
event.idm.read_only_udm.network.sent_bytes: Newly mapped properties.requestBytes raw log field to event.idm.read_only_udm.network.sent_bytes UDM field.
event.idm.read_only_udm.network.tls.version_protocol: Newly mapped properties.securityProtocol raw log field to event.idm.read_only_udm.network.tls.version_protocol UDM field.
event.idm.read_only_udm.principal.location.country_or_region: Newly mapped properties.clientCountry raw log field to event.idm.read_only_udm.principal.location.country_or_region UDM field.
event.idm.read_only_udm.principal.hostname: Newly mapped properties.hostName raw log field to event.idm.read_only_udm.principal.hostname UDM field.
event.idm.read_only_udm.principal.asset.hostname: Newly mapped properties.hostName raw log field to event.idm.read_only_udm.principal.asset.hostname UDM field.
event.idm.read_only_udm.security_result.action_details: Newly mapped properties.ErrorInfo raw log field to event.idm.read_only_udm.security_result.action_details UDM field.
event.idm.read_only_udm.security_result.rule_name: Newly mapped properties.routingRuleName raw log field to event.idm.read_only_udm.security_result.rule_name UDM field.
event.idm.read_only_udm.target.hostname: Newly mapped properties.originName raw log field to event.idm.read_only_udm.target.hostname UDM field.
event.idm.read_only_udm.target.asset.hostname: Newly mapped properties.originName raw log field to event.idm.read_only_udm.target.asset.hostname UDM field.
event.idm.read_only_udm.target.url: Newly mapped properties.originUrl raw log field to event.idm.read_only_udm.target.url UDM field.
event.idm.read_only_udm.security_result.action: Newly mapped sec_result_action raw log field to event.idm.read_only_udm.security_result.action UDM field.
event.idm.read_only_udm.network.application_protocol_version: Newly mapped properties.httpVersion raw log field to event.idm.read_only_udm.network.application_protocol_version UDM field.
event.idm.read_only_udm.network.tls.client.server_name: Newly mapped properties.sni raw log field to event.idm.read_only_udm.network.tls.client.server_name UDM field.
event.idm.read_only_udm.network.http.user_agent: Newly mapped properties.userAgent raw log field to event.idm.read_only_udm.network.http.user_agent UDM field.
event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped properties.userAgent raw log field to event.idm.read_only_udm.network.http.parsed_user_agent UDM field.
event.idm.read_only_udm.network.http.referral_url: Newly mapped properties.referer raw log field to event.idm.read_only_udm.network.http.referral_url UDM field.
event.idm.read_only_udm.network.tls.cipher: Newly mapped properties.securityCipher raw log field to event.idm.read_only_udm.network.tls.cipher UDM field.
event.idm.read_only_udm.network.tls.curve: Newly mapped properties.securityCurves raw log field to event.idm.read_only_udm.network.tls.curve UDM field.
event.idm.read_only_udm.intermediary.hostname: Newly mapped properties.endpoint raw log field to event.idm.read_only_udm.intermediary.hostname UDM field.
event.idm.read_only_udm.additional.fields: Newly mapped properties.cacheStatus, properties.domain, properties.timeToFirstByte, properties.timeTaken, properties.edgeActionsStatusCode, and properties.pop raw log fields with event.idm.read_only_udm.additional.fields UDM field.
event.idm.read_only_udm.security_result.detection_fields: Newly mapped properties.result and properties.clientJA4FingerPrint raw log fields with event.idm.read_only_udm.security_result.detection_fields UDM field.

2024-12-13

Created new parser.