Change log for GCP_DNS_ATD

Date	Changes
2025-07-25	- Newly created parser. - event.idm.read_only_udm.metadata.product_name: Newly mapped "Google Cloud DNS Threat Detector" to event.idm.read_only_udm.metadata.product_name. - event.idm.read_only_udm.metadata.vendor_name: Newly mapped "Google Cloud" to event.idm.read_only_udm.metadata.vendor_name. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `record.insertId` raw log field to event.idm.read_only_udm.metadata.product_log_id. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `record.timestamp` raw log field to event.idm.read_only_udm.metadata.event_timestamp. - event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `record.receiveTimestamp` raw log field to event.idm.read_only_udm.metadata.collected_timestamp. - event.idm.read_only_udm.network.dns.response_code: Newly mapped `record.jsonPayload.dnsQuery.responseCode` raw log field to event.idm.read_only_udm.network.dns.response_code. - event.idm.read_only_udm.network.dns.answers: Newly mapped `record.jsonPayload.dnsQuery.rdata` raw log field to event.idm.read_only_udm.network.dns.answers. - event.idm.read_only_udm.network.dns.questions.name: Newly mapped `record.jsonPayload.dnsQuery.queryName` raw log field to event.idm.read_only_udm.network.dns.questions.name. - event.idm.read_only_udm.target.ip: Newly mapped `record.jsonPayload.dnsQuery.destinationIp` raw log field to event.idm.read_only_udm.target.ip. - event.idm.read_only_udm.target.asset.ip: Newly mapped `record.jsonPayload.dnsQuery.destinationIp` raw log field to event.idm.read_only_udm.target.asset.ip. - event.idm.read_only_udm.principal.ip: Newly mapped `record.jsonPayload.dnsQuery.sourceIp` raw log field to event.idm.read_only_udm.principal.ip. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `record.jsonPayload.dnsQuery.sourceIp` raw log field to event.idm.read_only_udm.principal.asset.ip. - event.idm.read_only_udm.principal.resource.id: Newly mapped `record.jsonPayload.dnsQuery.vmInstanceId` raw log field to event.idm.read_only_udm.principal.resource.id. - event.idm.read_only_udm.network.ip_protocol: Newly mapped `record.jsonPayload.dnsQuery.protocol` raw log field to event.idm.read_only_udm.network.ip_protocol. - event.idm.read_only_udm.principal.resource.product_object_id: Newly mapped `record.resource.labels.id` raw log field to event.idm.read_only_udm.principal.resource.product_object_id. - event.idm.read_only_udm.principal.location.name: Newly mapped `record.resource.labels.location` raw log field to event.idm.read_only_udm.principal.location.name. - event.idm.read_only_udm.principal.location.country_or_region: Newly mapped `record.jsonPayload.dnsQuery.location` raw log field to event.idm.read_only_udm.principal.location.country_or_region. - event.idm.read_only_udm.principal.resource.type: Newly mapped `record.resource.type` raw log field to event.idm.read_only_udm.principal.resource.type. - event.idm.read_only_udm.security_result.threat_id: Newly mapped `record.jsonPayload.threatInfo.threatId` raw log field to `event.idm.read_only_udm.security_result.threat_id`. - event.idm.read_only_udm.security_result.description: Newly mapped `record.jsonPayload.threatInfo.threatDescription` raw log field to `event.idm.read_only_udm.security_result.description`. - event.idm.read_only_udm.security_result.severity: Newly mapped `record.severity` raw log field to `event.idm.read_only_udm.security_result.severity`. - event.idm.read_only_udm.security_result.confidence: Newly mapped `record.jsonPayload.threatInfo.confidence` raw log field to `event.idm.read_only_udm.security_result.confidence`. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `record.jsonPayload.dnsQuery.vmProjectNumber` and `record.jsonPayload.dnsQuery.projectNumber` raw log fields to event.idm.read_only_udm.principal.resource.attribute.labels. - event.idm.read_only_udm.additional.fields: Newly mapped `record.jsonPayload.dnsQuery.authAnswer`, `record.jsonPayload.dnsQuery.queryTime`, `record.logName`, `record.jsonPayload.partnerId` and `record.jsonPayload.detectionTime` raw log fields to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `record.jsonPayload.dnsQuery.responseCode`, `record.jsonPayload.threatInfo.threatIndicatorType`, `record.jsonPayload.threatInfo.threatIndicator`, `record.jsonPayload.threatInfo.threatFeed`, `record.jsonPayload.threatInfo.category`, `record.jsonPayload.threatInfo.type`, `record.jsonPayload.threatInfo.threat`, `record.jsonPayload.threatInfo.severity` and `record.resource.labels.resource_container` raw log fields to `event.idm.read_only_udm.security_result.detection_fields`.

Date

Changes

2025-07-25

- Newly created parser.
- event.idm.read_only_udm.metadata.product_name: Newly mapped "Google Cloud DNS Threat Detector" to event.idm.read_only_udm.metadata.product_name.
- event.idm.read_only_udm.metadata.vendor_name: Newly mapped "Google Cloud" to event.idm.read_only_udm.metadata.vendor_name.
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `record.insertId` raw log field to event.idm.read_only_udm.metadata.product_log_id.
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `record.timestamp` raw log field to event.idm.read_only_udm.metadata.event_timestamp.
- event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `record.receiveTimestamp` raw log field to event.idm.read_only_udm.metadata.collected_timestamp.
- event.idm.read_only_udm.network.dns.response_code: Newly mapped `record.jsonPayload.dnsQuery.responseCode` raw log field to event.idm.read_only_udm.network.dns.response_code.
- event.idm.read_only_udm.network.dns.answers: Newly mapped `record.jsonPayload.dnsQuery.rdata` raw log field to event.idm.read_only_udm.network.dns.answers.
- event.idm.read_only_udm.network.dns.questions.name: Newly mapped `record.jsonPayload.dnsQuery.queryName` raw log field to event.idm.read_only_udm.network.dns.questions.name.
- event.idm.read_only_udm.target.ip: Newly mapped `record.jsonPayload.dnsQuery.destinationIp` raw log field to event.idm.read_only_udm.target.ip.
- event.idm.read_only_udm.target.asset.ip: Newly mapped `record.jsonPayload.dnsQuery.destinationIp` raw log field to event.idm.read_only_udm.target.asset.ip.
- event.idm.read_only_udm.principal.ip: Newly mapped `record.jsonPayload.dnsQuery.sourceIp` raw log field to event.idm.read_only_udm.principal.ip.
- event.idm.read_only_udm.principal.asset.ip: Newly mapped `record.jsonPayload.dnsQuery.sourceIp` raw log field to event.idm.read_only_udm.principal.asset.ip.
- event.idm.read_only_udm.principal.resource.id: Newly mapped `record.jsonPayload.dnsQuery.vmInstanceId` raw log field to event.idm.read_only_udm.principal.resource.id.
- event.idm.read_only_udm.network.ip_protocol: Newly mapped `record.jsonPayload.dnsQuery.protocol` raw log field to event.idm.read_only_udm.network.ip_protocol.
- event.idm.read_only_udm.principal.resource.product_object_id: Newly mapped `record.resource.labels.id` raw log field to event.idm.read_only_udm.principal.resource.product_object_id.
- event.idm.read_only_udm.principal.location.name: Newly mapped `record.resource.labels.location` raw log field to event.idm.read_only_udm.principal.location.name.
- event.idm.read_only_udm.principal.location.country_or_region: Newly mapped `record.jsonPayload.dnsQuery.location` raw log field to event.idm.read_only_udm.principal.location.country_or_region.
- event.idm.read_only_udm.principal.resource.type: Newly mapped `record.resource.type` raw log field to event.idm.read_only_udm.principal.resource.type.
- event.idm.read_only_udm.security_result.threat_id: Newly mapped `record.jsonPayload.threatInfo.threatId` raw log field to `event.idm.read_only_udm.security_result.threat_id`.
- event.idm.read_only_udm.security_result.description: Newly mapped `record.jsonPayload.threatInfo.threatDescription` raw log field to `event.idm.read_only_udm.security_result.description`.
- event.idm.read_only_udm.security_result.severity: Newly mapped `record.severity` raw log field to `event.idm.read_only_udm.security_result.severity`.
- event.idm.read_only_udm.security_result.confidence: Newly mapped `record.jsonPayload.threatInfo.confidence` raw log field to `event.idm.read_only_udm.security_result.confidence`.
- event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `record.jsonPayload.dnsQuery.vmProjectNumber` and `record.jsonPayload.dnsQuery.projectNumber` raw log fields to event.idm.read_only_udm.principal.resource.attribute.labels.
- event.idm.read_only_udm.additional.fields: Newly mapped `record.jsonPayload.dnsQuery.authAnswer`, `record.jsonPayload.dnsQuery.queryTime`, `record.logName`, `record.jsonPayload.partnerId` and `record.jsonPayload.detectionTime` raw log fields to event.idm.read_only_udm.additional.fields.
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped `record.jsonPayload.dnsQuery.responseCode`, `record.jsonPayload.threatInfo.threatIndicatorType`, `record.jsonPayload.threatInfo.threatIndicator`, `record.jsonPayload.threatInfo.threatFeed`, `record.jsonPayload.threatInfo.category`, `record.jsonPayload.threatInfo.type`, `record.jsonPayload.threatInfo.threat`, `record.jsonPayload.threatInfo.severity` and `record.resource.labels.resource_container` raw log fields to `event.idm.read_only_udm.security_result.detection_fields`.