Change log for ONEIDENTITY_TPAM
| Date | Changes |
|---|---|
| 2025-04-10 | - event.idm.read_only_udm.metadata.product_event_type: Mapped "eventid" along with "logmsg" raw log fields with "event.idm.read_only_udm.metadata.product_event_type" UDM field.
- Added gsubs in order to handle "event.idm.read_only_udm.additional.fields" for new format of kv logs. |
| 2025-03-11 | - Mapped "logtype" to "metadata.vendor_name"
- Mapped "logmessage" to "metadata.product_name" - Mapped "version" to "metadata.product_version" - Mapped "logmsg" to "metadata.product_event_type" - Mapped "hostname" to "principal.hostname" and "principal.asset.hostname" - Mapped "groupName" to "principal.group.group_display_name" - Mapped "duid" to "target.user.userid" - Mapped "duser" to "target.user.user_display_name" - Mapped "msg" to "metadata.description" - Mapped "destinationDnsDomain" to "target.domain.name" - Mapped "requestUrl" to "target.url" - Mapped "reason" to "security_result.summary" - Mapped "cn1" to "target.resource.product_object_id" - Mapped "cs1" to "principal.user.attribute.roles" - Mapped "cs2", "cs3", "cs4", "cs5", "cs6" to "additional.fields" - Mapped "deviceCustomDate1" to "security_result.detection_fields" |