Change log for CLAUDE_COMPLIANCE_LOGS
| Date | Changes |
|---|---|
| 2026-05-18 | - Newly created parser.
- `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `ingested_at` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.metadata.description`: Newly mapped `name`, and `chat_name` raw log fields with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.principal.user.email_addresses`: Newly mapped `user_email_address`, `user_email`, `actor_user_email`, `email_address`, `actor_unauthenticated_email_address`, and `actor_unauthenticated_email_adds` raw log fields with `event.idm.read_only_udm.principal.user.email_addresses` UDM field. - `event.idm.read_only_udm.target.user.email_addresses`: if `type` is `sso_login_initiated` then Newly mapped `actor_unauthenticated_email_address`, and `actor_unauthenticated_email_adds` raw log fields with `event.idm.read_only_udm.target.user.email_addresses` UDM field. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `actor_ip_address` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. - `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip`: Newly mapped `actor_ip_address` raw log field with `event.idm.read_only_udm.target.ip` and UDM fields when `type` is `sso_login_initiated`. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `actor_user_id`, and `user_id` raw log fields with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.principal.user.role_name`: Newly mapped `role` raw log field with `event.idm.read_only_udm.principal.user.role_name` UDM field. - `event.idm.read_only_udm.principal.resource.resource_subtype`: Newly mapped `source_type` raw log field with `event.idm.read_only_udm.principal.resource.resource_subtype` UDM field. - `event.idm.read_only_udm.target.file.full_path`: Newly mapped `path`, and `file_path` raw log fields with `event.idm.read_only_udm.target.file.full_path` UDM field. - `event.idm.read_only_udm.target.file.names`: Newly mapped `filename` raw log field with `event.idm.read_only_udm.target.file.names` UDM field. - `event.idm.read_only_udm.target.file.size`: Newly mapped `size_bytes` raw log field with `event.idm.read_only_udm.target.file.size` UDM field. - `event.idm.read_only_udm.target.file.mime_type`: Newly mapped `mime_type`, and `content_type` raw log fields with `event.idm.read_only_udm.target.file.mime_type` UDM field. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `claude_chat_id` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `skill_name` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `url` raw log field with `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `actor_user_agent` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - `event.idm.read_only_udm.network.http.method`: Newly mapped `request_method` raw log field with `event.idm.read_only_udm.network.http.method` UDM field. - `event.idm.read_only_udm.network.http.response_code`: Newly mapped `status_code` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field. - `event.idm.read_only_udm.about.file.mime_type`: Newly mapped `artifacts_artifact_type` raw log field with `event.idm.read_only_udm.about.file.mime_type` UDM field. - `event.idm.read_only_udm.about.resource.product_object_id`: Newly mapped `artifacts_id` raw log field with `event.idm.read_only_udm.about.resource.product_object_id` UDM field. - `event.idm.read_only_udm.about.file.names`: Newly mapped `artifacts_title` raw log field with `event.idm.read_only_udm.about.file.names` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `created_at`, `content_type`, `content_text`, `updates.current_value`, `updates.previous_value`, `updates.type`, `request_body`, `request_id`, `actor_type`, `gso_log_type`, `updated_at`, `deleted_at`, `claude_project_id`, `chat_id`, `file_id`, and `actor.api_key_id`,`organization_name' raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `organization_id`, `organization_uuid` , `project_id`, `project_name` and `environment` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.about.resource.attribute.labels`: Newly mapped `integration_type`, `skill_id`, and `claude_file_id` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.metadata.event_type`: Newly mapped `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED`when principal user and principal machine are present. - `event.idm.read_only_udm.metadata.event_type`: Newly mapped `event.idm.read_only_udm.metadata.event_type` to `STATUS_UPDATE` when principal is present. - `event.idm.read_only_udm.metadata.event_type`: Newly mapped `event.idm.read_only_udm.metadata.event_type` to 'USER_LOGIN' when target user and target machine details are present and `type` is `sso_login_initiated`. |