Stay organized with collections
Save and categorize content based on your preferences.
Change log for XITING_XAMS
Date
Changes
2024-09-26
Enhancement:
- Changed mapping for "sapClassName" from "security_result.description" to "security_result.category_details".
- Mapped "sapEventId" to "metadata.product_event_type".
- Mapped "duser" to "principal.user.userid".
- Mapped "cs3" to "target.user.userid".
- Mapped "suser" to "principal.user.userid".
- When "column5" is having "/XITING/SA_S_SAL_PROTOCOL" as value then mapped "Security Audit Log" as "metadata.product_name" and "SAP" as "metadata.vendor_name".
- Mapped "event_name_value" to "metadata.description".
- Changed mapping for "msg" from "metadata.description" to "security_result.description".
- Mapped "client" to "additional.fields".
2024-09-05
Enhancement:
- Mapped "sapTsUtc" to "metadata.event_timestamp".
- Mapped "sapClassName", "cs2" to "additional.fields".
- When "sapEventId" is "AU7", then mapped the following:
- "sapEventId" to "deviceEventClassID".
- Changed cs_4 label key to "Client".
- "column6" to "eventName".
- "cs3" as "Report" in "additional.fields".
- Changed cs_5 label key to "ParamC".
- Mapped "shost" to "principal.application".
- Mapped "suser" to "principal.user.user_display_name".
2024-08-12
Enhancement:
- Mapped "sourceAddress" to principal.ip.
- Mapped CEF header ip and host to intermediate.ip and intermediate.hostname respectively.
2024-03-13
- Updated mapping for raw fields "sapEventId", "devicePayloadId", "sapTsTime", and "sapTsDate".
- Updated parser with conditional mapping.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["The XITING_XAMS change log documents enhancements to data mapping, including updates to fields like \"sapClassName,\" \"sapEventId,\" and \"duser,\" aligning them with new categories and structures."],["Several fields have been redirected to \"additional.fields\" within the data structure, including \"client,\" \"sapClassName\", and \"cs2\", providing a centralized space for supplemental information."],["Conditional mapping was introduced, enabling specific mapping changes when a certain condition is met, as seen with the \"AU7\" value in \"sapEventId\"."],["Updates have been made to several mappings and labels, including \"msg\", \"cs_4\", \"cs_5\", \"shost\" and more, which affects data categorization and presentation."],["The parsing logic for raw data fields such as \"sapEventId\", \"devicePayloadId\", \"sapTsTime\", and \"sapTsDate\" have been modified and now leverage conditional mapping."]]],[]]
