Change log for CA_SSO_WEB
| Date | Changes |
|---|---|
| 2026-04-17 | Enhancement:
- Added a grok pattern to parse new format of syslogs. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `prod_log_id` raw log field to `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.security_result.priority_details`: Newly mapped `syslog_priority` raw log field to `event.idm.read_only_udm.security_result.priority_details` UDM field. - `event.idm.read_only_udm.intermediary.ip` and `event.idm.read_only_udm.intermediary.asset.ip`: Newly mapped `syslog_host` to `event.idm.read_only_udm.intermediary.ip` and `event.idm.read_only_udm.intermediary.asset.ip` when `syslog_host` is an IP address. - `event.idm.read_only_udm.intermediary.hostname` and `event.idm.read_only_udm.intermediary.asset.hostname`: Newly mapped `syslog_host` to `event.idm.read_only_udm.intermediary.hostname` and `event.idm.read_only_udm.intermediary.asset.hostname` when `syslog_host` is not an IP address. - `event.idm.read_only_udm.target.application`: Newly mapped `target_app` raw log field to `event.idm.read_only_udm.target.application` UDM field. |
| 2024-06-25 | Enhancement:
- Added a Grok pattern to parse newly ingested syslog format. |
| 2022-08-08 | Enhancement -
- Added the header. - Added conditional check and grok pattern for the field 'ClientIp' mapped to 'principal.ip'. - Added conditional checks for the fields : - 'Action' mapped to 'network.http.method'. - 'AgentName' mapped to 'target.hostname'. - 'sm_user' mapped to 'target.user.email_addresses' - 'sm_group' mapped to 'target.user.group_identifiers'. |