Change log for DUO_ADMIN
| Date | Changes |
|---|---|
| 2026-05-15 | Enhancement:
- `event.idm.read_only_udm.additional.fields`: Removed mapping of `description.role` from `event.idm.read_only_udm.additional.fields` UDM field. As it is suitable to be mapped with `event.idm.read_only_udm.target.user.attribute.roles.name` UDM field. - `event.idm.read_only_udm.target.user.attribute.roles.name`: When `action` is related to login, Mapped `description.role` raw log field with `event.idm.read_only_udm.target.user.attribute.roles.name` UDM field - `event.idm.read_only_udm.principal.user.attribute.roles.name`: When `action` is not related to login, Mapped `description.role` raw log field with `event.idm.read_only_udm.principal.user.attribute.roles.name` UDM field - `event.idm.read_only_udm.additional.fields`: Removed mapping of `description.status` from `event.idm.read_only_udm.additional.fields` UDM field. As this is suitable to be mapped with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.security_result.description`: Mapped `description.status` raw log field with `event.idm.read_only_udm.security_result.description` UDM field - `event.idm.read_only_udm.target.user.phone_numbers`: Newly mapped `description.phone` raw log field with `event.idm.read_only_udm.target.user.phone_numbers` UDM field - Added a grok pattern on `username` to extract `resource_name` and `app`. - `event.idm.read_only_udm.principal.resource.name`: Newly mapped `resource_name` raw log field with `event.idm.read_only_udm.principal.resource.name` UDM field - `event.idm.read_only_udm.principal.application`: Newly mapped `app` raw log field with `event.idm.read_only_udm.principal.application` UDM field - `event.idm.read_only_udm.additional.fields`: Newly mapped `description.is_temporary_password`, `description.hardtoken`, `description.restricted_by_admin_units` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. |
| 2025-01-02 | Enhancement:
- Mapped "description.webauthnkey" and "description.credential_name" to "additional.fields". - Mapped "description.owner_type" to "principal.user.role_name". - Mapped "description.owner_name" to "principal.user.user_display_name". - Mapped "description.owner_id" to "principal.user.attribute.labels". |
| 2024-12-23 | Enhancement:
- Added a Grok pattern to extract "trust-monitor" event from "triage_event_uri" and mapped it to "metadata.product_event_type". - Changed the mapping of "surfaced_auth.access_device.browser" from "target.resource.attribute.labels" to "principal.resource.attribute.labels". - Changed the mapping of "surfaced_auth.access_device.browser_version" from "target.resource.attribute.labels" to "principal.resource.attribute.labels". |
| 2024-12-05 | Enhancement:
- Mapped "triage_event_uri" to "metadata.url_back_to_product". |
| 2024-10-23 | Enhancement:
- Added support to handle JSON logs. |
| 2024-08-27 | Enhancement:
- Mapped "description.count", "description.valid_secs", "description.remaining_uses", "description.bypass", "description.bypass_code_ids.0", "description.user_id", "description.directory", and "description.users" to "additional.fields". |
| 2024-08-08 | Enhancement:
- Mapped "description.os_version" to "principal.platform_version". - Mapped "description.lastname" to "principal.user.last_name". - Mapped "description.firstname" to "principal.user.first_name". - Mapped "description.name" to "principal.user.user_display_name". - Mapped "description.email" to "principal.user.email_addresses". - Mapped "description.phones.phone1.pname" to "principal.user.user_display_name". - Mapped "description.phones.phone1.number" to "target.user.phone_numbers". - Mapped "description.uname" to "target.user.email_addresses" or "target.user.userid" based on its format. - Mapped "description.country_code", "description.manufacturer", "description.model", "description.biometrics_status", "description.tampered_status", "description.passcode_status", "description.phones.phone1.type", "description.phones.phone1.extension", "description.phones.phone1.notes", "description.phones.phone1.predelay", "description.phones.phone1.postdelay", "object", "actionlabel", "description.role", "description.subaccount_role", "description.administrative_units", "description.Users_added", "description.Users_modified", "description.Users_removed", "description.Users_seen", and "description.status" to "additional.fields". |
| 2023-03-10 | Newly created parser.
|