Change log for KUBERNETES_AUDIT
| Date | Changes |
|---|---|
| 2025-01-24 | Enhancement:
- Added "on_error" when mapping "annotations.authorization.k8s.io/reason" to "security_result.description". - Mapped "objectRef.name" to "additional.fields". - Mapped "objectRef.namespace" to "additional.fields". - Mapped "objectRef.resource" to "additional.fields". - Mapped "objectRef.apiVersion" to "additional.fields". - Mapped "responseObject.metadata.annotations.volume.kubernetes.io/selected-node" to "additional.fields". - Mapped "responseObject.metadata.annotations.volume.kubernetes.io/storage-provisioner" to "additional.fields". - Mapped "responseObject.metadata.annotations.control-plane.alpha.kubernetes.io/leader" to "additional.fields". - Mapped "holderIdentity" to "additional.fields". - Mapped "leaseDurationSeconds" to "additional.fields". - Mapped "acquireTime" to "additional.fields". - Mapped "renewTime" to "additional.fields". - Mapped "leaderTransitions" to "additional.fields". - Mapped "labels.os.type" to "_principal.platform". - Mapped "responseObject.metadata.managedFields" to "additional.fields". - Mapped "responseObject.status.images" to "additional.fields". |
| 2024-12-03 | Enhancement:
- Added support to parse new format of JSON logs. |
| 2023-08-21 | Enhancement:
- Parsed new format JSON logs. - Based on 'verb', identified the specific "event_types". - Mapped following additional fields : - 'kind' to 'metadata.product_event_type'. - 'apiVersion' to 'metadata.product_version'. - 'auditID' to 'metadata.product_log_id'. - 'stage' to 'metadata.description'. - 'requestURI' to 'target.url'. - 'userAgent' to 'network.http.user_agent'. - 'verb' to 'network.http.method'. - 'responseStatus.code' to 'network.http.response_code'. - 'user.username' to 'principal.user.user_display_name'. - 'user.uid' to 'principal.user.userid'. - 'user.groups' to 'principal.user.group_identifiers'. - 'sourceIPs' to 'principal.ip'. - 'objectRef.resource' to 'target.resource.resource_subtyp'. - 'annotations.authorization.k8s.io/decision' to 'security_result.action'. - 'annotations.authorization.k8s.io/reason' to 'security_result.description'. - 'stageTimestamp' to 'metadata.collected_timestamp'. |
| 2022-07-14 | Newly created parser
|