Change log for REMEDIANT_SECUREONE
| Date | Changes |
|---|---|
| 2025-06-11 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped `persistent`, `access.type`, `access.tokenId`, `access.tokenType`, `targetSystem.cn`, `targetSystem.distinguishedName`, `targetSystem.policy.strict_secure`, `targetSystem.policy.secure`, `targetSystem.policy.scan`, `targetSystem.policy.manage_local_sids` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.principal.user.attribute.labels: Newly mapped `user.domain`, `access.user.domain_netbios`, `access.user.objectSid` raw log fields with `event.idm.read_only_udm.principal.user.attribute.labels` UDM field. - event.idm.read_only_udm.principal.user.windows_sid: Newly mapped `user.sid` raw log field with `event.idm.read_only_udm.principal.user.windows_sid` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `user.user` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. |
| 2024-12-12 | - When "strict_secure" is false & "secure" is false mapped key to a "Protect Mode" and set the value to "Disabled" to "security_result.detection_fields".
- When "strict_secure" is false & "secure" is true mapped key to a "Protect Mode" and set the value to "JITA" to "security_result.detection_fields". - When "strict_secure" is false & "secure" is false mapped key to a "Protect Mode" and set the value to "DENY" to "security_result.detection_fields". - When "scan" is true mapped key to a "Scan Mode" and set the value to "Enabled" to "security_result.detection_fields". - When "scan" is false mapped key to a "Scan Mode" and set the value to "Disabled" to "security_result.detection_fields". |
| 2024-11-27 | - Mapped "failover_dc","initial_dc","ldapName","sync_end_ts" ,and "sync_start_ts" to "additional.fields".
|
| 2023-12-08 | New:
- Newly created parser. |