Change log for HASHICORP

Date Changes
2024-11-14 Enhancement:
- Mapped "jsonPayload.auth.policy_results.granting_policies.type", "jsonPayload.auth.policy_results.granting_policies.name", and "jsonPayload.auth.policy_results.granting_policies.namespace_id" to "additional.fields".
- Mapped "jsonPayload.request.namespace.id" to "target.namespace".
2024-10-15 Enhancement:
- Added support to handle JSON logs.
2024-08-28 Enhancement:
- Added a Grok pattern to retrieve "secretname".
- Mapped "jsonPayload.cos.googleapis.com/container_id", "jsonPayload.cos.googleapis.com/container_name", "jsonPayload.cos.googleapis.com/stream" to "additional.fields".
- Mapped "resource.labels.instance_id" to "principal.resource.product_object_id".
- Mapped "principal.resource.attribute.cloud.availability_zone" to "resource.labels.zone".
- Mapped "logName" to "security_result.category_details".
2023-10-26 Enhancement:
- Added a Grok pattern to handle SYSLOG+JSON logs.
2023-09-22 Enhancement:
- Modified mapping for "request.remote_port" from "target.port" to "principal.port".
- Modified mapping for "request.remote_address" from "target.ip" to "principal.ip".
- Mapped "error" to "security_result.description".
- Mapped "resource.labels.namespace_name" to "target.namespace".
- Mapped "resource.labels.pod_name", "resource.labels.container_name" to "additional.fields".
- Mapped "resource.labels.project_id" to "target.cloud.project.name".
- Mapped "resource.labels.location" to "target.location.name".
- Mapped "insertId" to "metadata.product_log_id".
- Mapped "labels.k8s-pod/app_kubernetes_io/instance", "labels.k8s-pod/app_kubernetes_io/name", "labels.k8s-pod/component", "labels.k8s-pod/helm_sh/chart", "labels.k8s-pod/controller-revision-hash", "labels.k8s-pod/vault-initialized", "labels.k8s-pod/vault-version", "labels.k8s-pod/vault-sealed", "labels.k8s-pod/vault-perf-standby", and "labels.k8s-pod/vault-active" to "target.resource.attribute.labels".
- Mapped "labels.compute.googleapis.com/resource_name" to "target.resource.name".
2023-04-26 Enhancement:
- Added a Grok pattern to handle syslog logs.
- Mapped "status" to "network.http.response_code".
- Mapped "runner" to "principal.user.userid"
- Mapped "job_id", "job_status" to "additional.fields".
2023-03-24 Enhancement:
- Mapped "host" to "observer.hostname".
- Mapped "cluster" to "observer.resource.name".
- If log contains cluster, then mapped "cluster" to "observer.resource.resource_type".
- Added JSON block to retrieve data from "_raw" field.
- "httpStatus" mapped to "network.http.response_code".
- "httpUrl" mapped to "target.url".
- "pid" mapped to "target.process.pid".
- "msg" mapped to "metadata.description".
- "url" mapped to "principal.url".
- "hostname" mapped to "observer.hostname".
- "streamingID", "requestId", "httpHeaders.cf-cache-status", "httpHeaders.cf-ray", "httpHeaders.gitlab-lb", "httpHeaders.gitlab-sv", "httpHeaders.x-request-id", "httpHeaders.x-content-type-options", "httpHeaders.x-frame-options", "httpHeaders.ratelimit-limit", "httpHeaders.ratelimit-observed", "httpHeaders.ratelimit-remaining", "httpHeaders.ratelimit-reset", "httpHeaders.ratelimit-resettime", "httpHeaders.server", "httpHeaders.referrer-policy" mapped to "target.resource.attribute.labels".
- "method" mapped to "network.application_protocol".
- "headers.user-agent" mapped to "network.http.parsed_user_agent".
- "httpHeaders.cache-control" mapped to "additional.fields".
- "httpHeaders.content-type", "httpHeaders.content-length", "maskedToken", "headers.accept" mapped to "security_result.about.resource.attribute.labels".
- "headers.x-real-ip" mapped to "principal.ip".
- "headers.x-forwarded-host" mapped to "principal.hostname".
- "headers.x-forwarded-port" mapped to "principal.port".
- "headers.snyk-acting-org-public-id", "headers.snyk-flow-name", "headers.snyk-request-id" mapped to "principal.resource.attribute.labels".
2023-02-09 Newly created parser.