Stay organized with collections
Save and categorize content based on your preferences.
Change log for CLOUDFLARE_AUDIT
Date
Changes
2023-11-27
Enhancement:
- Added a Grok pattern to match new log format.
- Mapped "ResourceID" to "target.resource.product_object_id".
- Mapped "metainfo_zone_name" to "principal.hostname".
- Mapped "metainfo_user_id" to "principal.user.userid".
- Mapped "metainfo_user_email" to "principal.user.email".
- Mapped "metainfo_user_tag" to "principal.user.product_object_id".
- Mapped "metainfo" fields to "security_result.detection_fields".
- Mapped "newvalue_session_id" to "network.session_id".
- Mapped "NewValue" to "security_result.detection_fields".
- Mapped "OldValue" to "security_result.detection_fields".
- If "ActorID" is present, set "metadata.event_type" to "USER_RESOURCE_ACCESS".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["A new parser for CLOUDFLARE_AUDIT logs was created on 2023-07-09."],["On 2023-11-27, the CLOUDFLARE_AUDIT log parser was enhanced to include a new Grok pattern and several new mappings."],["The update on 2023-11-27 mapped various fields, such as \"ResourceID\", \"metainfo,\" \"newvalue_session_id,\" \"NewValue,\" and \"OldValue,\" to more specific fields within the log structure."],["If the \"ActorID\" field is present in the logs, the 2023-11-27 update sets the \"metadata.event_type\" to \"USER_RESOURCE_ACCESS\"."]]],[]]
