Change log for GCP_VPC_FLOW

Date Changes
2025-07-31 Enhancement -
- Refactor the code to swap the values of principal.* and target.* fields (ip, asset.ip, port) when network.direction == "INBOUND" and jsonPayload.reporter == "DEST".
- event.idm.read_only_udm.additional.fields: Newly mapped "jsonPayload.rtt_msec" raw log field with "event.idm.read_only_udm.additional.fields".
- event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "jsonPayload.src_google_service.type" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels".
- event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped "jsonPayload.dest_gke_details.service.service_name","jsonPayload.dest_gke_details.service.service_namespace" raw log field with "event.idm.read_only_udm.target.resource.attribute.labels".
- Added a conditional checks of "jsonPayload.reporter" not equals to "DEST".
- event1.idm.read_only_udm.target.ip, event1.idm.read_only_udm.target.asset.ip: Newly mapped "principal.ip" field with "event1.idm.read_only_udm.target.ip" and "event1.idm.read_only_udm.target.asset.ip" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.principal.ip, event1.idm.read_only_udm.principal.asset.ip: Newly mapped "target.ip" field with "event1.idm.read_only_udm.principal.ip" and "event1.idm.read_only_udm.principal.asset.ip" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.target.port : Newly mapped "principal.port" field with "event1.idm.read_only_udm.target.port" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.principal.port: Newly mapped "target.port" field with "event1.idm.read_only_udm.principal.port" if "network.direction" is "INBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.target.ip, event1.idm.read_only_udm.target.asset.ip: Newly mapped "target.ip" field with "event1.idm.read_only_udm.target.ip" and "event1.idm.read_only_udm.target.asset.ip" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.principal.ip, event1.idm.read_only_udm.principal.asset.ip: Newly mapped "principal.ip" field with "event1.idm.read_only_udm.principal.ip" and "event1.idm.read_only_udm.principal.asset.ip" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.target.port : Newly mapped "target.port" field with "event1.idm.read_only_udm.target.port" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST".
- event1.idm.read_only_udm.principal.port: Newly mapped "principal.port" field with "event1.idm.read_only_udm.principal.port" if "network.direction" is "OUTBOUND" and "jsonPayload.reporter" is "DEST".
2024-10-24 Enhancement -
- Interchanged mapping of "principal.ip", "principal.port" with "target.ip" and "target.port" respectively.
2024-03-15 Enhancement -
- Mapped "jsonPayload.src_gke_details.pod.pod_namespace", "jsonPayload.src_gke_details.pod.pod_name",
"jsonPayload.src_gke_details.cluster.cluster_name", "jsonPayload.src_gke_details.cluster.cluster_location" to "principal.resource.attribute.labels".
- Mapped "jsonPayload.dest_gke_details.pod.pod_namespace", "jsonPayload.dest_gke_details.pod.pod_name",
"jsonPayload.dest_gke_details.cluster.cluster_name", "jsonPayload.dest_gke_details.cluster.cluster_location" to "target.resource.attribute.labels".
2023-05-23 Enhancement -
- Mapped 'metadata.event_type' to 'USER_RESOURCE_ACCESS' when field 'logName' does not contain 'vpc_flows'.
- Mapped 'timestamp' to 'events.timestamp'.
- Mapped 'textPayload', 'labels.tunnel_id' to 'additional.fields'.
- Mapped 'resource.labels.region' to 'target.location.country_or_region'.
- Added null checks for various fields wherever required.
2023-04-10 Enhancement -
- Set "target.resource.attribute.cloud.environment" to "GOOGLE_CLOUD_PLATFORM".
- Set "target.resource.name" to the full resource name value.
2022-07-22 Enhancement:
- Mapped "resource.labels.location" to "principal.location.name".
- Mapped "resource.labels.subnetwork_id" to "target.user.attribute.labels".
- Mapped "logName" to "security_result.category_details".