Change log for TANIUM_QUESTION

Date	Changes
2025-03-26	- event.idm.readonly_udm.metadata.product_log_id :Newly mapped "ActionId" raw log field with "event.idm.readonly_udm.metadata.product_log_id" UDM field. - event.idm.readonly_udm.metadata.description : Newly mapped "ActionName" raw log field with "event.idm.readonly_udm.metadata.description" UDM field. - event.idm.readonly_udm.target.resource.attribute.labels : Newly mapped "PackageName" raw log field with "event.idm.readonly_udm.target.resource.attribute.labels" UDM field. - event.idm.readonly_udm.additional.fields : Newly mapped "Comment" raw log field with "event.idm.readonly_udm.additional.fields" UDM field. - event.idm.readonly_udm.security_result.summary :Newly mapped "Status" raw log field with "event.idm.readonly_udm.security_result.summary" UDM field. - event.idm.readonly_udm.principal.user.userid : Newly mapped "Issuer" raw log field with "event.idm.readonly_udm.principal.user.userid" UDM field. - event.idm.readonly_udm.principal.user.attribute.labels : Newly mapped "SourceId" raw log field with "event.idm.readonly_udm.principal.user.attribute.labels" UDM field. - event.idm.readonly_udm.target.process.command_line : Newly mapped "Command" raw log field with "event.idm.readonly_udm.target.process.command_line" UDM field. - event.idm.readonly_udm.target.user.userid : Newly mapped "Approver" raw log field with "event.idm.readonly_udm.target.user.userid" UDM field. - event.idm.readonly_udm.principal.hostname : Newly mapped "src_hostname" raw log field with "event.idm.readonly_udm.principal.hostname" and "principal.asset.hostname" UDM fields." - event.idm.readonly_udm.additional.fields : Newly mapped "InsertTime" raw log field with "event.idm.readonly_udm.additional.fields" UDM field. - event.idm.readonly_udm.additional.fields : Newly mapped "Expiration" raw log field with "event.idm.readonly_udm.additional.fields" UDM field. - event.idm.readonly_udm.metadata.product_event_type : Newly mapped "eventtype" raw log field with "event.idm.readonly_udm.metadata.product_event_type" UDM field. - event.idm.readonly_udm.target.process.file.full_path : Newly mapped "Level" raw log field with "event.idm.readonly_udm.target.process.file.full_path" UDM field. - event.idm.readonly_udm.target.process.pid : Newly mapped "Process" raw log field with "event.idm.readonly_udm.target.process.pid" UDM field. - event.idm.readonly_udm.principal.resource.attribute.labels : Newly mapped "ComputerName" raw log field with "event.idm.readonly_udm.principal.resource.attribute.labels" UDM field. - event.idm.readonly_udm.principal.ip : Newly mapped "TaniumClientIPAddress" raw log field with "event.idm.readonly_udm.principal.ip" and "event.idm.readonly_udm.principal.asset.ip" UDM field. - Added conditional checks before mapping "metadata.event_type". - Added kv filter for parsing key-value pairs from kv_data field. - Added json filter for parsing json data from json_data field.
2025-01-23	- Newly created parser.

Date

Changes

2025-03-26

- event.idm.readonly_udm.metadata.product_log_id :Newly mapped "ActionId" raw log field with "event.idm.readonly_udm.metadata.product_log_id" UDM field.
- event.idm.readonly_udm.metadata.description : Newly mapped "ActionName" raw log field with "event.idm.readonly_udm.metadata.description" UDM field.
- event.idm.readonly_udm.target.resource.attribute.labels : Newly mapped "PackageName" raw log field with "event.idm.readonly_udm.target.resource.attribute.labels" UDM field.
- event.idm.readonly_udm.additional.fields : Newly mapped "Comment" raw log field with "event.idm.readonly_udm.additional.fields" UDM field.
- event.idm.readonly_udm.security_result.summary :Newly mapped "Status" raw log field with "event.idm.readonly_udm.security_result.summary" UDM field.
- event.idm.readonly_udm.principal.user.userid : Newly mapped "Issuer" raw log field with "event.idm.readonly_udm.principal.user.userid" UDM field.
- event.idm.readonly_udm.principal.user.attribute.labels : Newly mapped "SourceId" raw log field with "event.idm.readonly_udm.principal.user.attribute.labels" UDM field.
- event.idm.readonly_udm.target.process.command_line : Newly mapped "Command" raw log field with "event.idm.readonly_udm.target.process.command_line" UDM field.
- event.idm.readonly_udm.target.user.userid : Newly mapped "Approver" raw log field with "event.idm.readonly_udm.target.user.userid" UDM field.
- event.idm.readonly_udm.principal.hostname : Newly mapped "src_hostname" raw log field with "event.idm.readonly_udm.principal.hostname" and "principal.asset.hostname" UDM fields."
- event.idm.readonly_udm.additional.fields : Newly mapped "InsertTime" raw log field with "event.idm.readonly_udm.additional.fields" UDM field.
- event.idm.readonly_udm.additional.fields : Newly mapped "Expiration" raw log field with "event.idm.readonly_udm.additional.fields" UDM field.
- event.idm.readonly_udm.metadata.product_event_type : Newly mapped "eventtype" raw log field with "event.idm.readonly_udm.metadata.product_event_type" UDM field.
- event.idm.readonly_udm.target.process.file.full_path : Newly mapped "Level" raw log field with "event.idm.readonly_udm.target.process.file.full_path" UDM field.
- event.idm.readonly_udm.target.process.pid : Newly mapped "Process" raw log field with "event.idm.readonly_udm.target.process.pid" UDM field.
- event.idm.readonly_udm.principal.resource.attribute.labels : Newly mapped "ComputerName" raw log field with "event.idm.readonly_udm.principal.resource.attribute.labels" UDM field.
- event.idm.readonly_udm.principal.ip : Newly mapped "TaniumClientIPAddress" raw log field with "event.idm.readonly_udm.principal.ip" and "event.idm.readonly_udm.principal.asset.ip" UDM field.
- Added conditional checks before mapping "metadata.event_type".
- Added kv filter for parsing key-value pairs from kv_data field.
- Added json filter for parsing json data from json_data field.

2025-01-23

- Newly created parser.