Change log for PAN_CASB
| Date | Changes |
|---|---|
| 2025-07-09 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly Mapped `VirtualSystemID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ApplicationTechnology` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.metadata.product_event_type: Newly Mapped `LogType`-`Subtype` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM Field . - event.idm.read_only_udm.additional.fields: Newly Mapped `Subtype` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field when `Subtype` is null. - event.idm.read_only_udm.security_result.action_details: Newly Mapped `action_value` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM Field. - event.idm.read_only_udm.security_result.threat_name: Newly Mapped `ThreatNameFirewall` raw log field with `event.idm.read_only_udm.security_result.threat_name` UDM Field. - event.idm.read_only_udm.network.session_id: Newly Mapped `SessionID` raw log field with `event.idm.read_only_udm.network.session_id` UDM Field. - event.idm.read_only_udm.principal.hostname: Newly Mapped `DeviceName` raw log field with `event.idm.read_only_udm.principal.hostname` UDM Field. - event.idm.read_only_udm.principal.asset.hostname: Newly Mapped `DeviceName` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM Field. - event.idm.read_only_udm.target.location.country_or_region: Newly Mapped `Location` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM Field. - event.idm.read_only_udm.target.application: Newly Mapped `TunneledApplication` raw log field with `event.idm.read_only_udm.target.application` UDM Field. - event.idm.read_only_udm.target.url: Newly Mapped `URLDomain` raw log field with `event.idm.read_only_udm.target.url` UDM Field. - event.idm.read_only_udm.principal.user.userid: Newly Mapped `SourceUserName` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Changed the key name from `ThreatCategory` to `thr_category` for raw log field `ThreatCategory`. |
| 2025-07-07 | Enhancement:
- event.idm.read_only_udm.security_result.action: Newly Mapped `action` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - Set `action` to `ALLOW` when column28 is `allow`, `alert`, `override`. - Set `action` to `BLOCK` when column28 is `drop-packet`, `drop`, `deny`, `drop ICMP`, `block`, `block-url`, `block-ip`, `block-continue`, `block-override`, `override-lockout`, `random-drop`, `sinkhole`. - Set `action` to `FAIL` when column28 is `reset-client`, `reset-server`, `reset-both`. - event.idm.read_only_udm.principal.location.country_or_region: Newly Mapped `column35` raw log field with `event.idm.read_only_udm.principal.location.country_or_region` UDM Field. - event.idm.read_only_udm.security_result.rule_id: Newly Mapped `column61` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM Field. - event.idm.read_only_udm.security_result.category_details: Newly Mapped `column94`, `column97` and `column98` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM Field. - event.idm.read_only_udm.event1.idm.read_only_udm.network.session_id: Newly Mapped `column21` raw log field with `event.idm.read_only_udm.event1.idm.read_only_udm.network.session_id` UDM Field. |
| 2025-06-13 | Enhancement:
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `ThreatCategory` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.metadata.product_event_type: Newly Mapped `LogType`-`SubType` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM Field and ,when `SubType` is null added the `SubType` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.principal.file.names: Newly Mapped `FileName` raw log field with `event.idm.read_only_udm.principal.file.names` UDM Field. - event.idm.read_only_udm.principal.file.mime_type: Newly Mapped `FileType` raw log field with `event.idm.read_only_udm.principal.file.mime_type` UDM Field |
| 2025-05-22 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly Mapped `LogType` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. |
| 2025-04-19 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly Mapped HTTP2Connection raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `LogSetting` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `InboundInterface` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `OutboundInterface` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `Application` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `VirtualLocation` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `CaptivePortal` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `Subtype` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `URLCategoryList` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `SessionID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `RepeatCount` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ConfigVersion` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `URLCategory` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `DirectionOfAttack` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `SequenceNo` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `PacketID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `DestinationAddress` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `VirtualSystemName` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `IMSI` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ParentSessionID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `Tunnel` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ApplicationRisk` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `ContentVersion` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `TimeGeneratedHighResolution` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `ApplicationCategory` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `ApplicationSubcategory` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `LogType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `SourceLocation` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `CloudHostname` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `CortexDataLakeTenantID` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `FlowType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `InboundInterfaceDetailsType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `LogSource` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `OutboundInterfaceDetailsType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `PanoramaSN` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `PlatformType` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Action` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel1` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel2` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel3` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `DGHierarchyLevel4` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.severity: Newly Mapped `Severity` raw log field with `event.idm.read_only_udm.security_result.severity` UDM Field. - event.idm.read_only_udm.security_result.rule_id: Newly Mapped `RuleUUID` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM Field. - event.idm.read_only_udm.security_result.rule_name: Newly Mapped `Rule` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM Field. - event.idm.read_only_udm.network.ip_protocol: Newly Mapped `Protocol` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM Field. - event.idm.read_only_udm.target.location.name: Newly Mapped `ToZone` raw log field with `event.idm.read_only_udm.target.location.name` UDM Field. - event.idm.read_only_udm.principal.ip : Newly Mapped `SourceAddress` raw log field with `event.idm.read_only_udm.principal.ip` UDM Field. - event.idm.read_only_udm.principal.asset.ip: Newly Mapped `SourceAddress` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM Field. - event.idm.read_only_udm.target.ip: Newly Mapped `DestinationAddress` raw log field with `event.idm.read_only_udm.target.ip` UDM Field. - event.idm.read_only_udm.target.asset.ip: Newly Mapped `DestinationAddress` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM Field. - event.idm.read_only_udm.principal.nat_ip: Newly Mapped `NATSource` raw log field with `event.idm.read_only_udm.principal.nat_ip` UDM Field. - event.idm.read_only_udm.target.nat_ip: Newly Mapped `NATDestination` raw log field with `event.idm.read_only_udm.target.nat_ip` UDM Field. - event.idm.read_only_udm.principal.user.userid : Newly Mapped `SourceUser` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.target.user.userid: Newly Mapped `DestinationUser` raw log field with `event.idm.read_only_udm.target.user.userid` UDM Field. - event.idm.read_only_udm.principal.port : Newly Mapped `SourcePort` raw log field with `event.idm.read_only_udm.principal.port` UDM Field. - event.idm.read_only_udm.target.port: Newly Mapped `DestinationPort` raw log field with `event.idm.read_only_udm.target.port` UDM Field. - event.idm.read_only_udm.principal.nat_port: Newly Mapped `NATSourcePort` raw log field with `event.idm.read_only_udm.principal.nat_port` UDM Field. - event.idm.read_only_udm.target.nat_port: Newly Mapped `NATDestinationPort` raw log field with `event.idm.read_only_udm.target.nat_port` UDM Field. - event.idm.read_only_udm.target.url: Newly Mapped `URL` raw log field with `event.idm.read_only_udm.target.url` UDM Field. - event.idm.read_only_udm.principal.asset.asset_id: Newly Mapped `DeviceSN` raw log field with `event.idm.read_only_udm.principal.asset.asset_id` UDM Field. - event.idm.read_only_udm.principal.location.name: Newly Mapped `FromZone` raw log field with `event.idm.read_only_udm.principal.location.name` UDM Field. - event.idm.read_only_udm.target.location.country_or_region: Newly Mapped `DestinationLocation` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM Field. - event.idm.read_only_udm.principal.ip: Newly Mapped `X-Forwarded-For` raw log field with `event.idm.read_only_udm.principal.ip` UDM Field. - event.idm.read_only_udm.principal.hostname: Newly Mapped `DeviceName` raw log field with `event.idm.read_only_udm.principal.hostname` UDM Field. - event.idm.read_only_udm.principal.asset.hostname: Newly Mapped `DeviceName` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM Field. - event.idm.read_only_udm.target.location.country_or_region : Newly Mapped `Location` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM Field. - event.idm.read_only_udm.principal.administrative_domain: Newly Mapped `SourceUserDomain` raw log field with `event.idm.read_only_udm.principal.administrative_domain` UDM Field. - event.idm.read_only_udm.principal.user.userid: Newly Mapped `SourceUserName` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.target.application: Newly Mapped `TunneledApplication` raw log field with `event.idm.read_only_udm.target.application` UDM Field. - event.idm.read_only_udm.target.url : Newly Mapped `URLDomain` raw log field with `event.idm.read_only_udm.target.url` UDM Field. - event.idm.read_only_udm.metadata.vendor_name: Newly Mapped `VendorName` raw log field with `event.idm.read_only_udm.metadata.vendor_name` UDM Field. |
| 2025-02-19 | Enhancement:
- Added support to parse new format of logs. |
| 2025-02-19 | Enhancement:
- Added support to parse new format of logs. |
| 2025-02-06 | Enhancement:
- Added support to parse LEEF format of logs. |
| 2024-12-10 | Enhancement:
- Added support to parse SYSLOG+CSV format of logs. |
| 2022-11-25 | -Fix Added to support for logs having multiple events.Used Disambiguation_Key
Mapped alertId to idm.read_only_udm.metadata.product_log_id Mapped event_type Mapped vendor_name Mapped Product_event_type Mapped description and ur_back_to_product Mapped accountId to target.hostname Mapped region to target.location.country_or_region Mapped resourceName to target.resource.name,resourceId to target.resource.product_object_id,target.resource.attribute,target.resource.attribute.cloud Mapped target.resource.attribute.cloud.environment,accountname to target.resource.attribute.cloud.environment.project.id Mapped target.resource.attribute.labels. Mapped security_result.rule_id,security_result.rule_name,security_result.detection_fields Mapped security_result.description Mapped groupId to target.user Mapped privateIpaddress to target.ip and macAddress to target.mac |
| 2022-10-07 | Newly Created Parser.
|