Change log for SILVERFORT
Date | Changes |
---|---|
2025-08-01 | Enhancement:
- Removed unnecessary `gsub` function. - Modified the parser to extract JSON from the `message_copy` field using a grok pattern. - Refactored parser logic to extract data from `json_msg` field. - Modified the `auth_count`field mapping to convert the value to string. |
2025-07-08 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped `id` and `auth_count` log fields with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.last_discovered_time: Newly mapped `end_time` log fields with `event.idm.read_only_udm.security_result.last_discovered_time` UDM field. - event.idm.read_only_udm.security_result.first_discovered_time: Newly mapped `start_time` log fields with `event.idm.read_only_udm.security_result.first_discovered_time` UDM field. - event.idm.read_only_udm.metadata.description: Newly mapped `kind` log fields with `event.idm.read_only_udm.metadata.description` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `status`, `users.identifierType`, `users.type`, `mainEntities.identifierType` and `mainEntities.type` log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `users.displayName` log fields with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `users.identifier` log fields with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.target.user.user_display_name: Newly mapped `mainEntities.displayName` log fields with `event.idm.read_only_udm.target.user.user_display_name` UDM field. - event.idm.read_only_udm.target.asset.asset_id: Newly mapped `mainEntities.identifier` log fields with `event.idm.read_only_udm.target.asset.asset_id` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `syslog_id` log fields with `event.idm.read_only_udm.metadata.product_log_id` UDM field. |
2023-12-11 | Enhancement:
- Mapped "cs8", "cs9", "cs10", "cs11", and "cs12" to "additional.fields". |
2023-11-29 | Enhancement:
- Added mapping of "severity" to "security_result.detection_fields". |
2023-10-11 | Enhancement:
- Mapped "email","userid" to "target.user.email_addresses","target.user.userid". - When the "target" and "principal" are not present, set "metadata.event_type" to "GENERIC_EVENT". |
2023-01-09 | Bugfix-
-Replaced '\"' with an empty string in the message. -Added not null check for cs3 and cs6 fields prior mapping to UDM. |