Change log for NETAPP_ONTAP
| Date | Changes |
|---|---|
| 2025-06-25 | Enhancement:
- event.idm.read_only_udm.principal.ip: Newly mapped `accessLocation` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `accessLocation` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.asset_id: Newly mapped `deviceId` raw log field with `event.idm.read_only_udm.principal.asset_id` UDM field. - event.idm.read_only_udm.principal.asset.asset_id: Newly mapped `deviceId` raw log field with `event.idm.read_only_udm.principal.asset.asset_id` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `deviceName` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `deviceName` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field. - event.idm.read_only_udm.principal.administarative_domain: Newly mapped `domain` raw log field with `event.idm.read_only_udm.principal.administarative_domain` UDM field. - event.idm.read_only_udm.target.file.names: Newly mapped `entityName` raw log field with `event.idm.read_only_udm.target.file.names` UDM field. - event.idm.read_only_udm.target.file.full_path: Newly mapped `entityPath` raw log field with `event.idm.read_only_udm.target.file.full_path` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `entityType`, and `extension` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `entityAccessedTime` and `alertTimestamp` raw log fields with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `userDisplayName` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `userId` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `volumeId`, `volumeName`, `alertType`, `attributes.dataDestructionDetectedEntityCount`, and `attributes.changePercentage` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED` if `has_principal_user` is `true`. |
| 2025-03-21 | Enhancement:
- Mapped "severity" to "security_result.severity_details". - Added Grok patterns to support new pattern of Syslog logs. - Mapped "file_extn" to "security_result.detection_fields". - Added gsubs to avoid new lines in "message". - Added gsub to avoid additional quotations in "description". |
| 2024-08-29 | - Added support to parse unparsed logs.
- Mapped "descr" to "security_result.summary". - Mapped "uid" to "metadata.product_log_id". - Mapped "product_name" to "principal.hostname". |
| 2023-04-03 | Newly created parser.
|