Change log for CISCO_SECURE_WORKLOAD
| Date | Changes |
|---|---|
| 2026-04-14 | Enhancement:
- Added support for KV and SYSLOG format. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `Details.SourceAddress` raw log field to `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. - `event.idm.read_only_udm.principal.port`: Newly mapped `Details.SourcePort` raw log field to `event.idm.read_only_udm.principal.port` UDM field. - `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip`: Newly mapped `Details.DestinationAddress` raw log field to `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM fields. - `event.idm.read_only_udm.target.port`: Newly mapped `Details.DestinationPort` raw log field to `event.idm.read_only_udm.target.port` UDM field. - `event.idm.read_only_udm.network.ip_protocol`: Newly mapped `Details.Protocol` raw log field to `event.idm.read_only_udm.network.ip_protocol` UDM field. - `event.idm.read_only_udm.security_result.action`: Newly mapped `Details.status` raw log field to `event.idm.read_only_udm.security_result.action` UDM field. - `event.idm.read_only_udm.security_result.rule_name`: Newly mapped `alert_name` raw log field to `event.idm.read_only_udm.security_result.rule_name` UDM field. - `event.idm.read_only_udm.principal.user.role_name`: Newly mapped `Details.user_src_role` raw log field to `event.idm.read_only_udm.principal.user.role_name` UDM field. - `event.idm.read_only_udm.principal.location.name`: Newly mapped `Details.user_src_location` raw log field to `event.idm.read_only_udm.principal.location.name` UDM field. - `event.idm.read_only_udm.principal.application`: Newly mapped `Details.user_src_app_name` raw log field to `event.idm.read_only_udm.principal.application` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `Details.ProviderScopes`, `Details.ConsumerScopes`, `Details.IsProviderMalicious`, `Details.IsConsumerMalicious`, `Details.user_src_network_zone`, `Details.user_src_environment`, `Details.user_src_ownership`, `vrf_id`, `scope_name`, `individual_alert`, `summary_alert_freq`, `alert_grain` raw log fields to `event.idm.read_only_udm.additional.fields` UDM field. |
| 2024-12-02 | Newly created parser.
|
| 2024-11-11 | Enhancement:
- Added a new Grok pattern to parse logs in the new SYSLOG+JSON format. - Replaced "key_id","tenat_id" and "event_time" with "keyId","tenantId" and "eventTime". - Mapped "connection" and "event_name" to "additional.fields". - Mapped "pid" to "principal.process.pid". |