Change log for AWS_AURORA
| Date | Changes |
|---|---|
| 2025-10-24 | Enhancement:
- event.idm.read_only_udm.metadata.product_event_type: Newly mapped `event_type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `table_name` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.target.resource.resource_type: Newly mapped `object_type` raw log field with `event.idm.read_only_udm.target.resource.resource_type` UDM field. - Renamed from column3 to ip_address_1. - Renamed from column3 to ip_address_3. - Renamed from column5 to ip_address_5. - Added new grok patterns to parse additional log formats. - Initialized a new internal field has_target_resource to "false", which is set to "true" based on successful operations. - event.idm.read_only_udm.metadata.event_type: If `op` is (SELECT|READ|QUERY) and has_target_resource is "true", updated to RESOURCE_READ. - event.idm.read_only_udm.metadata.event_type: If `cmd` is (SELECT|select) and has_target_resource is "true", updated to RESOURCE_READ. - event.idm.read_only_udm.metadata.event_type: Default value set to GENERIC_EVENT in the final else block. |
| 2025-09-26 | |
| 2024-01-12 | Enhancement:
- Mapped "logEvents.messageType", "logEvents.owner", "logEvents.logGroup", "logEvents.logStream" to "target.resource.attribute.labels". - Mapped "logEvents.logEvents.message", "logEvents.logEvents.timestamp", "logEvents.logEvents.id" to "securit_result.detection_fields". - Added a Grok pattern to retrieve the IP address from "logEvents.logEvents.message" and mapped "src_data" to "principal.ip". - Mapped "user" to "principal.user.userid". |
| 2023-11-02 | Newly created parser. |