Change log for SNOWFLAKE
| Date | Changes |
|---|---|
| 2025-04-15 | Enhancement:
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped `column4` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.metadata.product_version: Newly mapped `column6` raw log field with `event.idm.read_only_udm.metadata.product_version` UDM field. - event.idm.read_only_udm.principal.application: Newly mapped `APPLICATION` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - event.idm.read_only_udm.principal.platform: Newly mapped `OS` raw log field with `event.idm.read_only_udm.principal.platform` UDM field. - event.idm.read_only_udm.principal.platform_version: Newly mapped `OS_VERSION` raw log field with `event.idm.read_only_udm.principal.platform_version` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `PYTHON_VERSION` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `PYTHON_RUNTIME` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `PYTHON_COMPILER` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `OCSP_MODE` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `TRACING` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `column10` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field - Added a Grok Pattern to handle new csv pattern logs when both json and csv filters are failing. |
| 2025-04-09 | Enhancement:
- event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `column2` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `column7` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `column10` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `column17` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `column9` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `column71` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `column3` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `column4` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.metadata.product_version: Newly mapped `column6` raw log field with `event.idm.read_only_udm.metadata.product_version` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `column11` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.principal.application: Newly mapped `column8` raw log field with `event.idm.read_only_udm.principal.application` UDM field. |
| 2025-03-05 | Enhancement:
- Changed mapping of "START_TIME" from "security_result.detection_fields" to "metadata.event_timestamp". |
| 2025-01-16 | Enhancement:
- Added support for parsing arrays of JSON. |
| 2025-01-08 | Enhancement:
- Mapped "CLIENT_IP" to "principal.ip". - Mapped "EVENT_ID", "EVENT_TYPE", "FIRST_AUTHENTICATION_FACTOR", "IS_SUCCESS", "REPORTED_CLIENT_TYPE", and "REPORTED_CLIENT_VERSION" to "security_result.detection_fields". - Added "CSV" filter to parse new format logs. |
| 2024-08-12 | Enhancement:
- Newly created parser. |