Change log for NONAME_API_SECURITY
| Date | Changes |
|---|---|
| 2025-04-17 | - "event.idm.read_only_udm.principal.user.userid": Newly mapped "APIInformation.accountId" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field.
- "event.idm.read_only_udm.principal.resource.id": Newly mapped "attacker.id" raw log field with "event.idm.read_only_udm.principal.resource.id" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "attacker.identifier" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.principal.resource.type": Newly mapped "attacker.identifierType" raw log field with "event.idm.read_only_udm.principal.resource.type" UDM field. - "event.idm.read_only_udm.security_result.confidence_details": Newly mapped "attacker.confidence" raw log field with "event.idm.read_only_udm.security_result.confidence_details" UDM field. - "event.idm.read_only_udm.principal.ip": Newly mapped "attacker.IP" raw log field with "event.idm.read_only_udm.principal.ip" UDM field. - "event.idm.read_only_udm.principal.asset.ip": Newly mapped "attacker.IP" raw log field with "event.idm.read_only_udm.principal.asset.ip" UDM field. - "event.idm.read_only_udm.metadata.event_timestamp": Newly mapped "createdAt" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field. - "event.idm.read_only_udm.metadata.description": Newly mapped "description" raw log field with "event.idm.read_only_udm.metadata.description" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "id" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.target.url": Newly mapped "link" raw log field with "event.idm.read_only_udm.target.url" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "module" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.security_result.severity": Newly mapped "severity" raw log field with "event.idm.read_only_udm.security_result.severity" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "status" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.security_result.summary": Newly mapped "type" raw log field with "event.idm.read_only_udm.security_result.summary" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "type" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "lastActivity" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.target.resource.resource_type": Newly mapped "APIInformation.apiType" raw log field with "event.idm.read_only_udm.target.resource.resource_type" UDM field. - "event.idm.read_only_udm.extensions.auth.auth_details": Newly mapped "APIInformation.auth" raw log field with "event.idm.read_only_udm.extensions.auth.auth_details" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "APIInformation.internetAccessed" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "APIInformation.internetFacing" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "APIInformation.owner" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.target.resource.name": Newly mapped "APIInformation.resourceGroupName" raw log field with "event.idm.read_only_udm.target.resource.name" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "APIInformation.source" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.target.hostname": Newly mapped "host" raw log field with "event.idm.read_only_udm.target.hostname" UDM field. - "event.idm.read_only_udm.network.http.method": Newly mapped "method" raw log field with "event.idm.read_only_udm.network.http.method" UDM field. - "event.idm.read_only_udm.network.http.path": Newly mapped "path" raw log field with "event.idm.read_only_udm.network.http.path" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "triggeredOn" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "apiAirids" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.destinationIp" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.host" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.method" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.path" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.requestTs" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.statusCode" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.pharmas" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.drugName" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.prescriberStates" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.prescriberCities" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.prescriberIds" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.prescriberZips" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.formularies" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.startDate" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.endDate" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestBody.prescriberTaxonomyCodes" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.x-forwarded-for" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.content-length" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.accept" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.host" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.user-agent" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.content-type" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.header.typ" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.header.alg" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.header.x5t" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.header.kid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.aud" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.iss" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.iat" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.nbf" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.exp" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.aio" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.appid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.appidacr" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.idp" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.oid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.rh" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.roles" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.sub" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.tid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.uti" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.requestHeaders.authorization.jwt.payload.ver" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.responseBody" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.responseHeaders.x-custom-header" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.responseHeaders.user-agent" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.responseHeaders.host" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.responseHeaders.correlationid" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.sample.responseHeaders.content-type" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.principal.ip": Newly mapped "evidence.sourceIp" raw log field with "event.idm.read_only_udm.principal.ip" UDM field. - "event.idm.read_only_udm.principal.asset.ip": Newly mapped "evidence.sourceIp" raw log field with "event.idm.read_only_udm.principal.asset.ip" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "evidence.statusCode" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. |
| 2024-06-08 | - Newly created parser.
|