Change log for IBM_CLOUD_ACTIVITY_TRACKER
| Date | Changes |
|---|---|
| 2025-05-29 | Enhancement:
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped "data_requestData_repository" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.metadata.product_event_type: Newly mapped "data_serviceName" raw log field with "event.idm.read_only_udm.metadata.product_event_type" UDM field - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "data_correlationId" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.additional.fields: Newly mapped "data_logSourceCRN" raw log field with "event.idm.read_only_udm.additional.fields" UDM field - event.idm.read_only_udm.security_result.action_details: Newly mapped "data_action" raw log field with "event.idm.read_only_udm.security_result.action_details" UDM field - event.idm.read_only_udm.principal.user.userid: Newly mapped "data_initiator_authnId" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "data_initiator_authnName" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "data_credential_type" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field - event.idm.read_only_udm.principal.ip and event.idm.read_only_udm.principal.asset.ip: Newly mapped "data_initiator_host_address" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip" UDM fields - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "data_initiator_host_addressType" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.network.http.user_agent and event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped "data_initiator_host_agent" raw log field with "event.idm.read_only_udm.network.http.user_agent" and "event.idm.read_only_udm.network.http.parsed_user_agent" UDM fields - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "data_initiator_id" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped "data_initiator_name" raw log field with "event.idm.read_only_udm.principal.user.user_display_name" UDM field - event.idm.read_only_udm.principal.url: Newly mapped "data_initiator_typeURI" raw log field with "event.idm.read_only_udm.principal.url" UDM field - event.idm.read_only_udm.metadata.url_back_to_product: Newly mapped "data_typeURI" raw log field with "event.idm.read_only_udm.metadata.url_back_to_product" UDM field - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "data_dataEvent" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.observer.resource.name: Newly mapped "data_observer_name" raw log field with "event.idm.read_only_udm.observer.resource.name" UDM field - event.idm.read_only_udm.security_result.summary: Newly mapped "data_outcome" raw log field with "event.idm.read_only_udm.security_result.summary" UDM field - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "data_saveServiceCopy" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.network.http.response_code: Newly mapped "data_reason_reasonCode" raw log field with "event.idm.read_only_udm.network.http.response_code" UDM field - event.idm.read_only_udm.security_result.description: Newly mapped "data_reason_reasonType" raw log field with "event.idm.read_only_udm.security_result.description" UDM field - event.idm.read_only_udm.metadata.description: Newly mapped "data_message" raw log field with "event.idm.read_only_udm.metadata.description" UDM field - event.idm.read_only_udm.target.resource.product_object_id: Newly mapped "data_target_id" raw log field with "event.idm.read_only_udm.target.resource.product_object_id" UDM field - event.idm.read_only_udm.target.resource.name: Newly mapped "data_target_name" raw log field with "event.idm.read_only_udm.target.resource.name" UDM field - Added a "has_target_resource" flag before mapping "data_target_name" raw log field with "event.idm.read_only_udm.target.resource.name" UDM field. - event.idm.read_only_udm.target.url: Newly mapped "data_target_typeURI" raw log field with "event.idm.read_only_udm.target.url" UDM field - event.idm.read_only_udm.security_result.severity: Newly mapped "data_severity" raw log field to "event.idm.read_only_udm.security_result.severity" if "severity" is equals to "normal" else mapped to "event.idm.read_only_udm.security_result.severity" UDM field - event.idm.read_only_udm.principal.application: Newly mapped "labels_applicationname" raw log field with "event.idm.read_only_udm.principal.application" UDM field - event.idm.read_only_udm.additional.fields: Newly mapped "labels_subsystemname" raw log field with "event.idm.read_only_udm.additional.fields" UDM field - event.idm.read_only_udm.additional.fields: Newly mapped "labels_computername" raw log field with "event.idm.read_only_udm.additional.fields" UDM field - event.idm.read_only_udm.additional.fields: Newly mapped "labels_threadid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field - event.idm.read_only_udm.intermediary.ip: Newly mapped "labels_ipaddress" raw log field with "event.idm.read_only_udm.intermediary.ip" UDM field - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped "data_eventTime" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field - event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped "meta_data_timestamp" raw log field with "event.idm.read_only_udm.metadata.collected_timestamp" UDM field - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "meta_data_severity" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field - event.idm.read_only_udm.metadata.product_log_id: Newly mapped "meta_data_logid" raw log field with "event.idm.read_only_udm.metadata.product_log_id" UDM field - event.idm.read_only_udm.security_result.priority: Newly mapped "HIGH_PRIORITY" to "event.idm.read_only_udm.security_result.priority" UDM field if "meta_data_priorityclass" is equals to "high" - event.idm.read_only_udm.additional.fields: Newly mapped "meta_data_branchid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field - event.idm.read_only_udm.additional.fields: Newly mapped "meta_data_ingressTimestamp" raw log field with "event.idm.read_only_udm.additional.fields" UDM field - event.idm.read_only_udm.target.group.product_object_id: Newly mapped "data_target_resourceGroupId" raw log field with "event.idm.read_only_udm.target.group.product_object_id" UDM field - Added a conditional check before mapping "USER_RESOURCE_ACCESS" and "USER_RESOURCE_CREATION" to "event.idm.read_only_udm.metadata.event_type" UDM field. - Added a gsub to replace "metadata" with "meta_data" on message field. |
| 2024-09-12 | - Newly created parser.
|