Change log for TENABLE_ADS
Date | Changes |
---|---|
2025-07-25 | Enhancement:
- Added Grok patterns to retrieve AccountCn, LimitMemberCount, PrivilegesPath, ParentContainer, GroupCn, GroupMemberCount. - event.idm.read_only_udm.principal.process.pid: Newly mapped PID raw log field to event.idm.read_only_udm.principal.process.pid. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped eventId raw log field to event.idm.read_only_udm.metadata.product_log_id. - event.idm.read_only_udm.metadata.description: Newly mapped meta_description raw log field to event.idm.read_only_udm.metadata.description. - Renamed "messagetype" to "addition.messagetype", "alertid" to "addition.alertid", "tenable_codename" to "addition.tenable_codename", "AD_Reason_Codename" to "addition.AD_Reason_Codename", "expiry_date" to "addition.expiry_date", "usnchanged" to "addition.usnchanged", "AccountCn" to "addition.AccountCn", "GroupCn" to "addition.GroupCn", "LimitMemberCount" to "addition.LimitMemberCount", "PrivilegesPath" to "addition.PrivilegesPath", "ParentContainer" to "addition.ParentContainer", "GroupMemberCount" to "addition.GroupMemberCount", and "ComputerCn" to "addition.ComputerCn". - event.idm.read_only_udm.additional.fields: Newly mapped messagetype, alertid, AccountCn, GroupCn, LimitMemberCount, PrivilegesPath, ParentContainer, GroupMemberCount and ComputerCn raw log fields to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped tenable_codename, AD_Reason_Codename and expiry_date raw log fields to event.idm.read_only_udm.security_result.detection_fields. |
2025-07-02 | Enhancement:
- Added a Grok pattern to parse dropping logs. - `event.idm.read_only_udm.principal.asset.hostname`: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field. - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. |
2025-01-23 | Enhancement:
- Added support for new format of syslog logs. - Mapped "adObject_1" and "adObject_2" to "principal.user.group_identifiers". - Added condition check and on_error when mapping "adObject" to "principal.user.group_identifiers". - Mapped "expiry_date" to "sec_results.detection_fields". - Mapped "last_login_time" to "principal.user.last_login_time". - Mapped "operating_system" to "principal.asset.platform_software.platform". - Mapped "operating_system_version" to "principal.asset.platform_software.platform_version". |
2023-11-06 | - Newly created parser.
|