Change log for GITLAB
| Date | Changes |
|---|---|
| 2025-05-07 | Enhancement:
- event.idm.read_only_udm.target.resource.type: Newly mapped `object_kind` raw log field with `event.idm.read_only_udm.target.resource.type` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `user.avatar_url` raw log field with `security_result.detection_fields` UDM field. - event.idm.read_only_udm.principal.user.email_addresses: Newly mapped `user.email` raw log field with `event.idm.read_only_udm.principal.user.email_addresses` and `event.idm.read_only_udm.principal.user.attribute.labels` UDM field. - event.idm.read_only_udm.principal.resource.id: Newly mapped `user.id` raw log field with `event.idm.read_only_udm.principal.resource.id` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `user.name` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `user.username` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.target.user.role_description: Newly mapped `repository.description` raw log field with `event.idm.read_only_udm.target.user.role_description` UDM field. - event.idm.read_only_udm.target.url: Newly mapped `repository.homepage` raw log field with `event.idm.read_only_udm.target.url` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `repository.name` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.user.email_addresses: Newly mapped `repository.url` raw log field with `event.idm.read_only_udm.target.user.email_addresses` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.avatar_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `project.default_branch` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.security_result.description: Newly mapped `project.description` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.git_http_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.git_ssh_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `project.homepage` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `project.http_url` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `project.id` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.name` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.principal.namespace: Newly mapped `project.namespace` raw log field with `event.idm.read_only_udm.principal.namespace` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.path_with_namespace` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.ssh_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.src.url: Newly mapped `project.url` raw log field with `event.idm.read_only_udm.src.url` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `project.web_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `object_attributes.source.avatar_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.target.user.email_addresses: Newly mapped `object_attributes.last_commit.author.email` raw log field with `event.idm.read_only_udm.target.user.email_addresses` UDM field. - event.idm.read_only_udm.src.user.userid: Newly mapped `object_attributes.last_commit.author.name` raw log field with `event.idm.read_only_udm.src.user.userid` UDM field. - event.idm.read_only_udm.principal.resource.id: Newly mapped `object_attributes.last_commit.id` raw log field with `event.idm.read_only_udm.principal.resource.id` UDM field. - event.idm.read_only_udm.metadata.description: Newly mapped `object_attributes.last_commit.message` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `object_attributes.last_commit.timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `object_attributes.last_commit.title` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.network.http.referral_url: Newly mapped `object_attributes.last_commit.url` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `merge_request.source.avatar_url` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.target.user.email_addresses: Newly mapped `merge_request.last_commit.author.email` raw log field with `event.idm.read_only_udm.target.user.email_addresses` UDM field. - event.idm.read_only_udm.src.user.userid: Newly mapped `merge_request.last_commit.author.name` raw log field with `event.idm.read_only_udm.src.user.userid` UDM field. - event.idm.read_only_udm.principal.resource.id: Newly mapped `merge_request.last_commit.id` raw log field with `event.idm.read_only_udm.principal.resource.id` UDM field. - event.idm.read_only_udm.metadata.description: Newly mapped `merge_request.last_commit.message` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `merge_request.last_commit.timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `merge_request.last_commit.title` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.network.http.referral_url: Newly mapped `merge_request.last_commit.url` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field. |
| 2025-03-05 | Enhancement:
- Added support for unparsed logs. |
| 2025-01-22 | Enhancement:
- Added support for unparsed logs. |
| 2024-12-19 | Enhancement:
- Fixed the issue for "metadata.event_type". |
| 2024-04-08 | Enhancement:
- Mapped "custom_message.action" to "security_result.summary". - Mapped "ip_address" to "principal.ip". - Mapped "applicationProtocol" to "network.application_protocol". - Mapped "details.author_name"" to "principal.user.email_addresses" - Mapped "author_id" to "principal.user.userid". - Mapped "target_id" to "target.resource.id". - Mapped "details.entity_path" to "target.file.full_path". - Mapped "event_type" to "product_event_type". - Mapped "target_type", "entity_type" and "target_details" to "resource.attribute.labels". |
| 2023-10-20 | - Mapped the fields starting with "db_" to "additional_fields".
- Mapped the fields starting with "redis_" to "additional_fields". - Mapped "severity" or "jsonPayload.severity" to "security_result.severity" when the value is either "ERROR" or "NOTICE". - Mapped "jsonPayload.correlation_id" to "principal.asset_id". - Mapped "unmapped fields of jsonPayload" to "additional_fields". - Mapped "jsonPayload.worker_id" to "principal.application". - Mapped "jsonPayload.method" to "network.http.method". - Mapped "jsonPayload.pid" to "target.process.pid". - Mapped "jsonPayload.status" to "network.http.response_code". - Mapped "resource.labels.zone" to "target.cloud.availability_zone". - Mapped "resource.type" to "target.cloud.environment". - Mapped "jsonPayload.meta_user" to "target.user.userid". - Mapped "jsonPayload.username" to "principal.user.userid". - Mapped "jsonPayload.remote_ip" to "principal.ip". - Mapped "jsonPayload.ua" to "network.http.user_agent". - Mapped "jsonPayload.meta_client_id" to "target.user.userid". - Mapped "jsonPayload.path" to "target.process.file.full_path". - Mapped "protoPayload.authenticationInfo.principalEmail" to "principal.user.email_addresses". - Mapped additional fields in "protoPayload" to "additional.fields". - Provided a conditional check that required mapping is present before mapping the "metadata.event_type". |
| 2023-10-10 | - Mapped "jsonPayload.details.as" to "principal.resource.attribute.labels" and "principal.user.role_name".
- Set "principal_role.type" to "ADMINISTRATOR" for logs having "jsonPayload.details.as" equals to "Owner". - Set "principal_role.type" to "SERVICE_ACCOUNT" for logs having "jsonPayload.details.as" set to either "Developer", "Maintainer", or "Reporter". - Set "principal_role.type" to "TYPE_UNSPECIFIED" for logs having "jsonPayload.details.as" equals to "Guest". - Mapped "jsonPayload.details.add" to "principal.resource.attribute.labels". - Mapped "jsonPayload.entity_type" to "target.resource.attribute.labels". |
| 2023-08-31 | - Newly created parser.
|