Change log for SAP_SM20
Date | Changes |
---|---|
2025-07-07 | - Added support for new pattern of SYSLOG logs.
- `event.idm.read_only_udm.network.session_id`: Newly mapped `session_id` raw log field with `event.idm.read_only_udm.network.session_id` UDM field. - `event.idm.read_only_udm.target.application`: Newly mapped `application` raw log field with `event.idm.read_only_udm.target.application` UDM field. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `resource_id` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - `event.idm.read_only_udm.principal.hostname`: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. - `event.idm.read_only_udm.principal.asset.hostname`: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field. - `event.idm.read_only_udm.principal.ip`: Newly mapped `ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `date` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. |
2024-04-16 | - Mapped "ALGSYSTEM" to "principal.hostname" and "principal.asset.hostname".
|
2024-01-29 | - Added support for newly ingested logs.
- Mapped "WP_PID" to "target.process.pid". - Mapped "WP_SERVER" to "intermediary.hostname". - Mapped "WP_STATUS" to "security_result.summary". - Mapped "INSTANCE_NAME" to "principal.hostname" and "principal.asset.hostname". - Mapped "TXSEVERITY" to "security_result.severity". - Mapped "TXSUBCLSID" to "security_result.description". - Mapped "ALGSYSTEM" to "principal.hostname" and "principal.asset.hostname". - If "ALGLTERM" is an IP address, then mapped it to "target.ip" and "target.asset.ip", else mapped it to "target.hostname" and "target.asset.hostname". - Mapped "ALGCLIENT" and "ALGINST" to "target.resource.attribute.labels". - Mapped "ALGUSER" to "target.user.userid". - Mapped "ALGTEXT" to "metadata.description". - If "ALGTEXT" is nearly equals to "logon successful" and "has_principal" and "has_target" is equals to "true" then "metadata.event_type" is set to "USER_LOGIN". - Mapped "WP_TYP", "ALGREPNA", "ALGAREA", "ALGFILENO", "ALGFILEPOS", "ALGSUBID", "UTCDIFF", "ALGTASKNO", "ALGTASKTYPE", "ALGTCODE" to "additional.fields". |
2023-12-07 | - Newly created parser.
|