Change log for WORKDAY_AUDIT
| Date | Changes |
|---|---|
| 2025-07-28 | Enhancement:
- Added grok patterns to parse unparsed logs. - event.idm.read_only_udm.network.session_id: Newly mapped `sessionid` raw log field with `event.idm.read_only_udm.network.session_id`. - event.idm.read_only_udm.principal.ip: Newly mapped `src_ip` raw log field with `event.idm.read_only_udm.principal.ip`. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `src_ip` raw log field with `event.idm.read_only_udm.principal.asset.ip`. - Removed redundant mapping of `event.idm.read_only_udm.target.asset.hostname`. - event.idm.read_only_udm.network.http.response_code: Newly mapped `status_code` raw log field with `event.idm.read_only_udm.network.http.response_code`. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to "STATUS_UPDATE" if src_ip is not empty. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to "USER_UNCATEGORIZED" if primaryName is not empty. - event.idm.read_only_udm.additional.fields: Newly mapped `context`, `devicetype`, `browser`, `authmethod` raw log fields with `event.idm.read_only_udm.additional.fields`. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `date` raw log fields with `event.idm.read_only_udm.metadata.event_timestamp`. |
| 2025-01-30 | Enhancement:
- "about_*" fields are changed to avoid duplicate fields. - Removed the field "ClassOfInstance" field from "column8". - Mapped "column11" to "SecurityGroupModified". - Mapped "SecurityGroupModified" to "security_result.about.group.group_display_name". - Removed the field "ChangedRelationship" from "target.user.attributes.roles.name". - Removed the field "target.resource.attribute.labels.key/value" from "InstancesRemoved". |
| 2024-11-06 | Enhancement:
- Mapped "ClassOfInstance" to "metadata.description". - Mapped "ChangedRelationship" to "target.user.attribute.roles.name". - Mapped "InstancesRemoved" to "target.resource.attribute.labels". |
| 2024-10-04 | Enhancement:
- Modified the Grok patterns to parse the fields correctly. |
| 2023-12-08 | Newly created parser. |
| 2023-12-08 | Newly created parser. |