Change log for PAN_PRISMA_CA
| Date | Changes |
|---|---|
| 2024-06-21 | Enhancement:
- Added support for a new pattern of unparsed JSON logs. |
| 2024-06-18 | Enhancement:
- Mapped "policyLabels" to "additional.fields". - Mapped "policyType" to "security_result.detection_fields". |
| 2024-06-17 | Enhancement:
- Mapped "resource.unifiedAssetId" to "principal.asset.asset_id". - Mapped "policyName" to "security_result.description". - Mapped "resource.resourceConfigJsonAvailable", "resource.resourceDetailsAvailable", and "policy.deleted" to "additional.fields". - Mapped "policy.recommendation", "policy.policyType", and "policy.description" to "security_result.detection_fields". - Mapped "resource.url" to "principal.url". - Mapped "reason" to "security_result.summary". - Mapped "resource.region" to "principal.location.state". - Mapped "resource.regionId" to "principal.location.country_or_region". - Mapped "resource.resourceType" to "target.resource.resource_subtype". - Mapped "resource.accountId" to "target.resource.product_object_id" and "target.resource.id". - Mapped "resource.url" to "principal.url".' - Mapped "reason" to "security_result.summary". - If "resource.cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM". |
| 2023-12-10 | Enhancement:
- Added a Grok pattern to extract JSON part. - Mapped "resourceId" to "principal.resource.product_object_id". - Mapped "accountId" to "target.resource.product_object_id". - Mapped "alertRuleName" to "security_result.rule_name". - Mapped "accountName" to "target.resource.name". - Mapped "hasFinding" to "security_result.detection_fields". - Mapped "resourceRegionId" to "principal.cloud.availability_zone". - Mapped "source" to "principal.application". - Mapped "callbackUrl" to "metadata.url_back_to_product". - Mapped "alertRuleId" to "security_result.rule_id". - Mapped "alertId" to "security_result.detection_fields". - Mapped "policyLabels" to "additional.fields". - Mapped "policyName" to "security_result.description". - Mapped "resourceName" to "principal.resource.name". - Mapped "resourceRegion" to "principal.location.country_or_region". - Mapped "policyDescription" to "security_result.detection_fields". - Mapped "policyRecommendation" to "security_result.detection_fields". - Mapped "resourceCloudService" to "principal.resource.attribute.labels". - Mapped "resource.url" to "principal.url". - Mapped "alertTs" to "security_result.detection_fields". - Mapped "firstSeen" to "principal.asset.first_seen_time". - Mapped "lastSeen" to "principal.asset.last_discover_time". - Mapped "reason" to "security_result.summary". - Mapped "alertStatus" to "security_result.detection_fields". - If "severity" value is "HIGH", set "security_result.severity" to "HIGH". - If "cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM". |
| 2023-08-17 | Newly created parser.
|