Change log for PAN_CASB
| Date | Changes |
|---|---|
| 2025-04-19 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly Mapped HTTP2Connection raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `LogSetting` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `InboundInterface` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `OutboundInterface` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `Application` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `VirtualLocation` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `CaptivePortal` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `Subtype` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `URLCategoryList` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `SessionID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `RepeatCount` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ConfigVersion` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `URLCategory` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `DirectionOfAttack` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `SequenceNo` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `PacketID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `DestinationAddress` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `VirtualSystemName` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `IMSI` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ParentSessionID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `Tunnel` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ApplicationRisk` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ContentVersion` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `TimeGeneratedHighResolution` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `ApplicationCategory` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `ApplicationSubcategory` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `LogType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `SourceLocation` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `CloudHostname` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `CortexDataLakeTenantID` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `FlowType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `InboundInterfaceDetailsType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `LogSource` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `OutboundInterfaceDetailsType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `PanoramaSN` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `PlatformType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Action` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel1` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel2` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel3` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel4` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.severity: Newly Mapped `Severity` raw log field with `event.idm.read_only_udm.security_result.severity` UDM Field. - event.idm.read_only_udm.security_result.rule_id: Newly Mapped `RuleUUID` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM Field. - event.idm.read_only_udm.security_result.rule_name: Newly Mapped `Rule` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM Field. - event.idm.read_only_udm.network.ip_protocol: Newly Mapped `Protocol` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM Field. - event.idm.read_only_udm.target.location.name: Newly Mapped `ToZone` raw log field with `event.idm.read_only_udm.target.location.name` UDM Field. - event.idm.read_only_udm.principal.ip : Newly Mapped `SourceAddress` raw log field with `event.idm.read_only_udm.principal.ip` UDM Field. - event.idm.read_only_udm.principal.asset.ip: Newly Mapped `SourceAddress` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM Field. - event.idm.read_only_udm.target.ip: Newly Mapped `DestinationAddress` raw log field with `event.idm.read_only_udm.target.ip` UDM Field. - event.idm.read_only_udm.target.asset.ip: Newly Mapped `DestinationAddress` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM Field. - event.idm.read_only_udm.principal.nat_ip: Newly Mapped `NATSource` raw log field with `event.idm.read_only_udm.principal.nat_ip` UDM Field. - event.idm.read_only_udm.target.nat_ip: Newly Mapped `NATDestination` raw log field with `event.idm.read_only_udm.target.nat_ip` UDM Field. - event.idm.read_only_udm.principal.user.userid : Newly Mapped `SourceUser` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.target.user.userid: Newly Mapped `DestinationUser` raw log field with `event.idm.read_only_udm.target.user.userid` UDM Field. - event.idm.read_only_udm.principal.port : Newly Mapped `SourcePort` raw log field with `event.idm.read_only_udm.principal.port` UDM Field. - event.idm.read_only_udm.target.port: Newly Mapped `DestinationPort` raw log field with `event.idm.read_only_udm.target.port` UDM Field. - event.idm.read_only_udm.principal.nat_port: Newly Mapped `NATSourcePort` raw log field with `event.idm.read_only_udm.principal.nat_port` UDM Field. - event.idm.read_only_udm.target.nat_port: Newly Mapped `NATDestinationPort` raw log field with `event.idm.read_only_udm.target.nat_port` UDM Field. - event.idm.read_only_udm.target.url: Newly Mapped `URL` raw log field with `event.idm.read_only_udm.target.url` UDM Field. - event.idm.read_only_udm.principal.asset.asset_id: Newly Mapped `DeviceSN` raw log field with `event.idm.read_only_udm.principal.asset.asset_id` UDM Field. - event.idm.read_only_udm.principal.location.name: Newly Mapped `FromZone` raw log field with `event.idm.read_only_udm.principal.location.name` UDM Field. - event.idm.read_only_udm.target.location.country_or_region: Newly Mapped `DestinationLocation` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM Field. - event.idm.read_only_udm.principal.ip: Newly Mapped `X-Forwarded-For` raw log field with `event.idm.read_only_udm.principal.ip` UDM Field. - event.idm.read_only_udm.principal.hostname: Newly Mapped `DeviceName` raw log field with `event.idm.read_only_udm.principal.hostname` UDM Field. - event.idm.read_only_udm.principal.asset.hostname: Newly Mapped `DeviceName` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM Field. - event.idm.read_only_udm.target.location.country_or_region : Newly Mapped `Location` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM Field. - event.idm.read_only_udm.principal.administrative_domain: Newly Mapped `SourceUserDomain` raw log field with `event.idm.read_only_udm.principal.administrative_domain` UDM Field. - event.idm.read_only_udm.principal.user.userid: Newly Mapped `SourceUserName` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.target.application: Newly Mapped `TunneledApplication` raw log field with `event.idm.read_only_udm.target.application` UDM Field. - event.idm.read_only_udm.target.url : Newly Mapped `URLDomain` raw log field with `event.idm.read_only_udm.target.url` UDM Field. - event.idm.read_only_udm.metadata.vendor_name: Newly Mapped `VendorName` raw log field with `event.idm.read_only_udm.metadata.vendor_name` UDM Field. |
| 2025-02-19 | Enhancement:
- Added support to parse new format of logs. |
| 2025-02-19 | Enhancement:
- Added support to parse new format of logs. |
| 2025-02-06 | Enhancement:
- Added support to parse LEEF format of logs. |
| 2024-12-10 | Enhancement:
- Added support to parse SYSLOG+CSV format of logs. |
| 2022-11-25 | -Fix Added to support for logs having multiple events.Used Disambiguation_Key
Mapped alertId to idm.read_only_udm.metadata.product_log_id Mapped event_type Mapped vendor_name Mapped Product_event_type Mapped description and ur_back_to_product Mapped accountId to target.hostname Mapped region to target.location.country_or_region Mapped resourceName to target.resource.name,resourceId to target.resource.product_object_id,target.resource.attribute,target.resource.attribute.cloud Mapped target.resource.attribute.cloud.environment,accountname to target.resource.attribute.cloud.environment.project.id Mapped target.resource.attribute.labels. Mapped security_result.rule_id,security_result.rule_name,security_result.detection_fields Mapped security_result.description Mapped groupId to target.user Mapped privateIpaddress to target.ip and macAddress to target.mac |
| 2022-10-07 | Newly Created Parser.
|