Change log for GCP_VPC_FLOW
Date | Changes |
---|---|
2025-07-31 | Enhancement -
- Refactor the code to swap the values of principal.* and target.* fields (ip, asset.ip, port) when network.direction == "INBOUND" and jsonPayload.reporter == "DEST". - event.idm.read_only_udm.additional.fields: Newly mapped "jsonPayload.rtt_msec" raw log field with "event.idm.read_only_udm.additional.fields". - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "jsonPayload.src_google_service.type" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels". - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped "jsonPayload.dest_gke_details.service.service_name","jsonPayload.dest_gke_details.service.service_namespace" raw log field with "event.idm.read_only_udm.target.resource.attribute.labels". - Added a conditional checks of "jsonPayload.reporter" not equals to "DEST". - event1.idm.read_only_udm.target.ip, event1.idm.read_only_udm.target.asset.ip: Newly mapped "principal.ip" field with "event1.idm.read_only_udm.target.ip" and "event1.idm.read_only_udm.target.asset.ip" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.principal.ip, event1.idm.read_only_udm.principal.asset.ip: Newly mapped "target.ip" field with "event1.idm.read_only_udm.principal.ip" and "event1.idm.read_only_udm.principal.asset.ip" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.target.port : Newly mapped "principal.port" field with "event1.idm.read_only_udm.target.port" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.principal.port: Newly mapped "target.port" field with "event1.idm.read_only_udm.principal.port" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.target.ip, event1.idm.read_only_udm.target.asset.ip: Newly mapped "target.ip" field with "event1.idm.read_only_udm.target.ip" and "event1.idm.read_only_udm.target.asset.ip" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.principal.ip, event1.idm.read_only_udm.principal.asset.ip: Newly mapped "principal.ip" field with "event1.idm.read_only_udm.principal.ip" and "event1.idm.read_only_udm.principal.asset.ip" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.target.port : Newly mapped "target.port" field with "event1.idm.read_only_udm.target.port" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST". - event1.idm.read_only_udm.principal.port: Newly mapped "principal.port" field with "event1.idm.read_only_udm.principal.port" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST". |
2024-10-24 | Enhancement -
- Interchanged mapping of "principal.ip", "principal.port" with "target.ip" and "target.port" respectively. |
2024-03-15 | Enhancement -
- Mapped "jsonPayload.src_gke_details.pod.pod_namespace", "jsonPayload.src_gke_details.pod.pod_name", "jsonPayload.src_gke_details.cluster.cluster_name", "jsonPayload.src_gke_details.cluster.cluster_location" to "principal.resource.attribute.labels". - Mapped "jsonPayload.dest_gke_details.pod.pod_namespace", "jsonPayload.dest_gke_details.pod.pod_name", "jsonPayload.dest_gke_details.cluster.cluster_name", "jsonPayload.dest_gke_details.cluster.cluster_location" to "target.resource.attribute.labels". |
2023-05-23 | Enhancement -
- Mapped 'metadata.event_type' to 'USER_RESOURCE_ACCESS' when field 'logName' does not contain 'vpc_flows'. - Mapped 'timestamp' to 'events.timestamp'. - Mapped 'textPayload', 'labels.tunnel_id' to 'additional.fields'. - Mapped 'resource.labels.region' to 'target.location.country_or_region'. - Added null checks for various fields wherever required. |
2023-04-10 | Enhancement -
- Set "target.resource.attribute.cloud.environment" to "GOOGLE_CLOUD_PLATFORM". - Set "target.resource.name" to the full resource name value. |
2022-07-22 | Enhancement:
- Mapped "resource.labels.location" to "principal.location.name". - Mapped "resource.labels.subnetwork_id" to "target.user.attribute.labels". - Mapped "logName" to "security_result.category_details". |