Change log for CYBER_2_IDS
| Date | Changes |
|---|---|
| 2025-09-04 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped `DB`, `NewApps`, `UniqueApps`, `Computers`, `Duration` log field(s) with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.about.application: Newly mapped `app_name` log field(s) with `event.idm.read_only_udm.about.application` UDM field. - event.idm.read_only_udm.about.file.md5: Newly mapped `md5_value` log field(s) with `event.idm.read_only_udm.about.file.md5` UDM field. - event.idm.read_only_udm.about.resource.attribute.labels: Newly mapped `app_version and md5_value` log field(s) with `event.idm.read_only_udm.about.resource.attribute.labels` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` log field(s) with `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `hostname` log field(s) with `event.idm.read_only_udm.principal.asset.hostname` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `principal_ip` log field(s) with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `principal_ip` log field(s) with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.group.group_display_name: Newly mapped `Groups` log field(s) with `event.idm.read_only_udm.principal.group.group_display_name` UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `hostname` log field(s) with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `prod_event_type` log field(s) with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - Refactored the mapping of detection fields and additional fields into security_result.detection_fields and additional.fields respectively, using a loop for dynamic processing. - Added support for parsing timestamps that include Hebrew month names by converting them to numeric representations. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `time1`, `monthnum`, `day`, `time2` log field(s) with event.idm.read_only_udm.metadata.event_timestamp UDM field. |
| 2024-11-28 | - Added a Grok pattern to parse new logs.
|
| 2024-08-21 | - Newly created parser.
|