Change log for VMWARE_HORIZON
| Date | Changes |
|---|---|
| 2025-07-17 | Enhancement
- Added support for parsing new format of SYSLOG+kv logs. - event.idm.read_only_udm.additional.fields: Newly mapped `ProductLogId` raw log field with `event.idm.read_only_udm.additional.fields`. - event.idm.read_only_udm.principal.resource.id: Newly mapped `DesktopId` raw log field with `event.idm.read_only_udm.principal.resource.id`. - event.idm.read_only_udm.principal.user.userid: Newly mapped `userid` raw log field with `event.idm.read_only_udm.principal.user.userid`. - event.idm.read_only_udm.principal.hostname: Removed mapping of `DesktopDisplayName` from `event.idm.read_only_udm.principal.hostname` as it is more appropriate to map it to `event.idm.read_only_udm.principal.resource.name`. - event.idm.read_only_udm.principal.resource.name: Mapped `DesktopDisplayName` raw log field with `event.idm.read_only_udm.principal.resource.name`. - Removed duplicate mapping of `DesktopDisplayName` raw log field from `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `MachineName` raw log field with `event.idm.read_only_udm.principal.hostname`. - event.idm.read_only_udm.target.user.user_display_name: Removed mapping of `UserDisplayName` from `event.idm.read_only_udm.target.user.user_display_name` as it is not a target userdisplayname. - event.idm.read_only_udm.principal.user.userid: mapped `UserDisplayName` raw log field with `event.idm.read_only_udm.principal.user.userid`. - event.idm.read_only_udm.principal.user.userid: Newly mapped `UserId` raw log field with `event.idm.read_only_udm.principal.user.userid`. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED` when `has_user` is `true`. |
| 2025-02-06 | Enhancement
- Added support for a new pattern of SYSLOG logs. - Mapped "usr" to "target.user.userid". - Mapped "MachineId" to "principal.asset.asset_id". - Mapped "int_host" to "intermediary.hostname". - Mapped "ip_1" to "principal.ip". - Mapped "port_number" to "principal.port". - Added a conditional check when mapping "event_type" to "USER_LOGOUT", "USER_LOGIN", "STATUS_UNCATEGORIZED", "STATUS_SHUTDOWN", and "STATUS_UPDATE". |
| 2024-10-25 | Feature Request:
Enhancement - Added support to parse unparsed logs. |
| 2022-08-15 | Feature Request:
- Changed mapping for "MachineName" from "principal.asset.hostname" to "intermediary.hostname". |