Stay organized with collections
Save and categorize content based on your preferences.
Change log for XITING_XAMS
Date
Changes
2024-09-26
Enhancement:
- Changed mapping for "sapClassName" from "security_result.description" to "security_result.category_details".
- Mapped "sapEventId" to "metadata.product_event_type".
- Mapped "duser" to "principal.user.userid".
- Mapped "cs3" to "target.user.userid".
- Mapped "suser" to "principal.user.userid".
- When "column5" is having "/XITING/SA_S_SAL_PROTOCOL" as value then mapped "Security Audit Log" as "metadata.product_name" and "SAP" as "metadata.vendor_name".
- Mapped "event_name_value" to "metadata.description".
- Changed mapping for "msg" from "metadata.description" to "security_result.description".
- Mapped "client" to "additional.fields".
2024-09-05
Enhancement:
- Mapped "sapTsUtc" to "metadata.event_timestamp".
- Mapped "sapClassName", "cs2" to "additional.fields".
- When "sapEventId" is "AU7", then mapped the following:
- "sapEventId" to "deviceEventClassID".
- Changed cs_4 label key to "Client".
- "column6" to "eventName".
- "cs3" as "Report" in "additional.fields".
- Changed cs_5 label key to "ParamC".
- Mapped "shost" to "principal.application".
- Mapped "suser" to "principal.user.user_display_name".
2024-08-12
Enhancement:
- Mapped "sourceAddress" to principal.ip.
- Mapped CEF header ip and host to intermediate.ip and intermediate.hostname respectively.
2024-03-13
- Updated mapping for raw fields "sapEventId", "devicePayloadId", "sapTsTime", and "sapTsDate".
- Updated parser with conditional mapping.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe XITING_XAMS change log documents enhancements to data mapping, including updates to fields like "sapClassName," "sapEventId," and "duser," aligning them with new categories and structures.\u003c/p\u003e\n"],["\u003cp\u003eSeveral fields have been redirected to "additional.fields" within the data structure, including "client," "sapClassName", and "cs2", providing a centralized space for supplemental information.\u003c/p\u003e\n"],["\u003cp\u003eConditional mapping was introduced, enabling specific mapping changes when a certain condition is met, as seen with the "AU7" value in "sapEventId".\u003c/p\u003e\n"],["\u003cp\u003eUpdates have been made to several mappings and labels, including "msg", "cs_4", "cs_5", "shost" and more, which affects data categorization and presentation.\u003c/p\u003e\n"],["\u003cp\u003eThe parsing logic for raw data fields such as "sapEventId", "devicePayloadId", "sapTsTime", and "sapTsDate" have been modified and now leverage conditional mapping.\u003c/p\u003e\n"]]],[],null,["# Change log for XITING_XAMS\n=========================="]]