Change log for CHROME_MANAGEMENT
| Date | Changes |
|---|---|
| 2025-08-14 | - principal.ip: Newly mapped `local_ips` raw log field with `principal.ip` UDM field for extensionTelemetryEvent event
- target.ip: Newly mapped `remote_ip` raw log field with `target.ip` UDM field for extensionTelemetryEvent event - principal.asset.attribute.labels: Newly mapped `device_fqdn` raw log field with `principal.asset.attribute.labels` UDM field for extensionTelemetryEvent event - principal.network.carrier_name: Newly mapped `network_name` raw log field with `principal.network.carrier_name` UDM field for extensionTelemetryEvent event - about.ip: Removed mapping of `remote_ip` from `about.ip` UDM field for dangerousDownloadEvent, contentTransferEvent, urlNavigationEvent, suspiciousUrlEvent and urlFilteringInterstitialEvent event in order to introduce a more accurate mapping. - target.ip: Mapped `remote_ip` raw log field with `target.ip` UDM field for dangerousDownloadEvent, contentTransferEvent, urlNavigationEvent, suspiciousUrlEvent and urlFilteringInterstitialEvent event - about.domain.name: Removed mapping of `device_fqdn` from `about.domain.name` UDM field for urlNavigationEvent, suspiciousUrlEvent and urlFilteringInterstitialEvent event in order to introduce a more accurate mapping. - principal.asset.attribute.labels: Mapped `device_fqdn` raw log field with `principal.asset.attribute.labels` UDM field for urlNavigationEvent, suspiciousUrlEvent and urlFilteringInterstitialEvent event |
| 2025-07-03 | - Mapped `security_result.action` as "ALLOW" if raw log field "event.result" contains "EVENT_RESULT_ALLOWED" and mapped `security_result.action` as "BLOCK" if raw log field "event.result" contains "EVENT_RESULT_BLOCKED".
|
| 2025-04-18 | `urlNavigationEvent`,`suspiciousUrlEvent`, and `urlFilteringInterstitialEvent`: Added support for the event `urlNavigationEvent`,`suspiciousUrlEvent`,`urlFilteringInterstitialEvent` and relevant corresponding raw log fields.
|
| 2025-04-04 | `dangerousDownloadEvent`,`contentTransferEvent`: Added support for the event `dangerousDownloadEvent`,`contentTransferEvent` and relevant corresponding raw log fields.
|
| 2024-10-11 | - Updated mappings "PROFILE_USER_NAME" field in Chrome Management to be consistent with Workspace activity "chrome" application logs.
- Updated mapping for "event.type", "event.reason" and "device_user" fields. - Added mapping for "TRIGGER_TYPE" and "VIRTUAL_DEVICE_ID" fields. |
| 2024-09-20 | - Added support of the new event type "extensionTelemetryEvent".
|
| 2024-03-13 | - Added support for the following fields in event 'sensitiveDataEvent': "transfer_method".
|
| 2024-02-28 | - Added support for the following fields in event 'browserExtensionInstallEvent': "extension_action", "extension_version", "extension_source".
|
| 2024-02-14 | - Updated event validation check for `USER_LOGIN` and `USER_RESOURCE_UPDATE_CONTENT` event types.
|
| 2023-11-29 | - Aligned "principal/target.hostname" and "principal/target.asset.hostname" mapping.
|
| 2023-09-06 | - Updated the mapping of the "device_id" field from 'principal.asset.asset_id' to 'principal.asset.product_object_id'.
|
| 2023-07-26 | - Updated the mapping of the "profile_user" field from 'target.user.user_display_name' to 'principal.user.email_addresses'.
|
| 2023-07-12 | - Added support for the following fields in event 'urlFilteringInterstitialEvent': "clickedThrough", "event_result", "threat_type", "triggered_rule_info.action", "triggered_rule_info.rule_id", "triggered_rule_info.rule_name", and "triggered_rule_info.url_category".
|
| 2023-06-28 | - Promoted "CHROME_MANAGEMENT" parser to default.
- For the field mapping reference, see Collect Chrome Management logs. |