Change log for DUO_AUTH
| Date | Changes |
|---|---|
| 2025-02-26 | Enhancement:
- Mapped "adaptive_trust_assessments.more_secure_auth.detected_attack_detectors" to "additional.fields". - Mapped "adaptive_trust_assessments.more_secure_auth.features_version" to "security_result.detection_fields". - Mapped "adaptive_trust_assessments.more_secure_auth.model_version" to "security_result.detection_fields". - Mapped "adaptive_trust_assessments.more_secure_auth.policy_enabled" to "additional.fields". - Mapped "adaptive_trust_assessments.more_secure_auth.preview_mode_enabled" to "additional.fields". - Mapped "adaptive_trust_assessments.more_secure_auth.reason" to "additional.fields". - Mapped "adaptive_trust_assessments.more_secure_auth.trust_level" to "security_result.detection_fields". - Mapped "adaptive_trust_assessments.remember_me.features_version" to "security_result.detection_fields". - Mapped "adaptive_trust_assessments.remember_me.model_version" to "security_result.detection_fields". - Mapped "adaptive_trust_assessments.remember_me.policy_enabled" to "additional.fields". - Mapped "adaptive_trust_assessments.remember_me.preview_mode_enabled" to "additional.fields". - Mapped "adaptive_trust_assessments.remember_me.reason" to "additional.fields". - Mapped "adaptive_trust_assessments.remember_me.trust_level" to "security_result.detection_fields". - Mapped changed for "access_device.browser" from "target.resource.attribute.labels" to "principal.resource.attribute.labels". |
| 2024-11-26 | Enhancement:
- Mapped "application.destination_name" to "target.application". |
| 2024-07-24 | Enhancement:
- Added "duo_mobile_passcode_hotp" in conditional check to map "authMechanism" to "OTP". |
| 2024-06-07 | Enhancement:
- Mapped "access_device.ip" to "principal.hostname" when the value of the field is a hostname. - Aligned "principal.ip" and "principal.asset.ip" mappings. - Aligned "target.ip" and "target.asset.ip" mappings. - Aligned "principal.hostname" and "principal.asset.hostname" mappings. - Aligned "target.hostname" and "target.asset.hostname" mappings. |
| 2024-06-05 | Enhancement:
- Mapped "access_device.ip" to "additional.fields" when the value of the field is in a non-IP format. |
| 2023-10-23 | Enhancement:
- Mapped "msg" to "security_result.summary". - Mapped "auth_stage" to "metadata.product_event_type". - Mapped "status" to "security_result.action" and "security_result.action_details". - Mapped "hostname" to "principal.hostname". - Mapped "username" to "target.user.userid". - Mapped "client_ip" to "target.ip". - Mapped "server_section", "server_section_ikey", "client_section", "log_logger.unpersistable", "log_level.name", "log_level.__class_uuid__", "log_namespace", and "log_source", and "log_format" to "target.resource.attribute.labels". |
| 2023-08-03 | Enhancement:
- As "auth_device.name" sometimes contains a phone number, mapped the same to "target.user.phone_numbers". - Mapped "user.groups" to "target.user.group_identifiers". |