Change log for CIPHERTRUST_MANAGER
| Date | Changes |
|---|---|
| 2025-04-23 | - Added a Grok pattern to parse the unparsed logs.
- Added a gsub to parse the unparsed logs. - 'event.idm.read_only_udm.src.user.product_object_id': Newly mapped `cust_client_id' raw log field with 'event.idm.read_only_udm.src.user.product_object_id' UDM field. - 'event.idm.read_only_udm.principal.user.userid': Newly mapped `user_id' raw log field with 'event.idm.read_only_udm.principal.user.userid' UDM field. - Added "has_user" flag as a conditional check for 'user_id' raw log field to populate "USER_UNCATEGORIZED" event_type. - 'event.idm.read_only_udm.target.application': Newly mapped `service_name' raw log field with 'event.idm.read_only_udm.target.application' UDM field. - 'event.idm.read_only_udm.additional.fields': Newly mapped 'record_type_id', 'details.aliases', 'details_algorithm', 'details_assignSelfAsOwner', 'details_emptyMaterial', 'details_feature', 'details_undeletable', 'details_unexportable', 'details_xts', 'details_padded', 'details_generateKeyId', 'details_id', 'details_objectType' and 'details_ownerId' raw log fields with 'event.idm.read_only_udm.additional.fields' UDM field. - 'event.idm.read_only_udm.target.resource.attribute.labels' - Newly mapped 'details_name', 'details_uri' and 'details_usageMask' raw log field with 'event.idm.read_only_udm.target.resource.attribute.labels' UDM field. - 'event.idm.read_only_udm.target.file.size' - Newly mapped 'details.size' raw log field with 'event.idm.read_only_udm.target.file.size' UDM field. - Added a gsub to map the 'principal' raw log field to 'log_principal. - 'event.idm.read_only_udm.additional.fields': Mapped 'details.label', 'details.domain', 'details.switch_domain_id', 'details.user_id', 'details.refresh_token_id', 'details.renew_refresh_token', 'details.user_metadata_current_persistedData', 'details.refresh_token_counts.labels', 'details_scope', 'details.refresh_token_counts.no_label', 'details.refresh_token_counts.total', 'details.user_metadata.current_domain.id', 'details.user_metadata.current_domain.name', 'details.meta.permissions', 'details.meta.ownerId', 'details.meta.customAttributes', 'details.errorMessage', 'details.zone_id', 'details.client_type', 'details.grant_type', 'details.client_name', 'details.username', 'details.idType', 'details.identifier', 'details.client_id', 'details.auth_domain', 'details.connection', 'details.userid', 'details.codeDesc', 'details.code' and 'details.Internal' raw log fields with third variable to map to 'event.idm.read_only_udm.additional.fields' UDM field. - 'event.idm.read_only_udm.security_result.description': Newly mapped 'prev_msg' raw log field with 'event.idm.read_only_udm.security_result.description' UDM field. - 'event.idm.read_only_udm.security_result.severity_details': Newly mapped 'severity' raw log field with 'event.idm.read_only_udm.security_result.severity_details' UDM field. - 'event.idm.read_only_udm.security_result.action': Newly mapped 'success' raw log field with 'event.idm.read_only_udm.security_result.action' UDM field. - 'event.idm.read_only_udm.security_result.detection_fields': Newly mapped 'details.usage' raw log field with 'event.idm.read_only_udm.security_result.detection_fields' UDM field. |
| 2024-06-24 | Newly created parser.
|