Stay organized with collections
Save and categorize content based on your preferences.
Change log for CYBERARK
Date
Changes
2024-06-14
Enhancement:
- Added a regex pattern to map "msg" to "security_result.description".
2024-05-21
Enhancement:
- Updated Grok pattern to retrieve `host`.
- `event.idm.read_only_udm.observer.hostname`: Newly mapped `host` raw log field with `event.idm.read_only_udm.observer.hostname` UDM field.
- Removed word `HostName` from field `cs5`.
- Removed redundant `_auth_mechanism` mapping and added common mapping for `_auth_mechanism`.
- When `user` is present then map `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED`.
- Added flag `has_principal` and `has_target`.
- Set `event.idm.read_only_udm.metadata.event_type` to `NETWORK_CONNECTION` when `has_principal` and `has_target` is true.
- Added conditional check for `user` and domain.
2024-04-30
Enhancement:
- Added "affected user name", "reason", "app" and "device type" fields
in additional UDM field.
2024-04-05
Enhancement:
- Added a Grok pattern to parse the new format of SYSLOG logs.
2022-10-10
- Declared fields "cs2","FileQualifier","msg","shost","dhost".
- Mapped "metadata.event_type" to "STATUS_UPDATE" where "metadata.event_type" is "GENERIC_EVENT" and "shost" is not null and "dhost" is null.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["A regex pattern was added to map \"msg\" to \"security_result.description\" on June 14, 2024."],["On April 30, 2024, fields for \"affected user name,\" \"reason,\" \"app,\" and \"device type\" were added to additional UDM fields."],["A Grok pattern was introduced to parse the new format of SYSLOG logs on April 5, 2024."],["On October 10, 2022, fields \"cs2,\" \"FileQualifier,\" \"msg,\" \"shost,\" and \"dhost\" were declared and mappings were added for specific conditions regarding metadata and host values."]]],[]]
