Change log for CODE42_INCYDR
| Date | Changes |
|---|---|
| 2025-09-24 | - Added gsub for the `message` data field to parse the logs in the correct format.
- `event.idm.read_only_udm.additional.fields`: Newly mapped `source.domains`, `destination.domains`, `source.domains`, `destination.domains`, `paste.mimeTypes`, `paste.visibleContentSize`, `origin`, `evnt.inserted` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `risk.activityTier`, `risk.activityTier` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.principal.resource.attribute.labels` : Newly mapped `source_tabs.title`, `source_tabs.url` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - Corrected the mapping for the `file.archiveId` raw log field and mapped to `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - Corrected the mapping for the `source.email.from` raw log field and mapped to `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. |
| 2024-12-10 | - Newly created parser
|