Change log for GCP_SECURITYCENTER_POSTURE_VIOLATION
| Date | Changes |
|---|---|
| 2025-12-04 | Updated fields and events mappings by removing existing mappings and introducing more accurate ones. - security_result.detection_fields[compliances_id]: Mapped `compliances.ids` raw log field with `security_result.detection_fields[compliances_id]` UDM field. - about.labels[compliance_ids]: Removed mapping of `compliances.ids` from `about.labels[compliance_ids]` UDM field. - security_result.detection_fields[compliances_version]: Mapped `compliances.version` raw log field with `security_result.detection_fields[compliances_version]` UDM field. - about.labels[compliance_version]: Removed mapping of `compliances.version` from `about.labels[compliance_version]` UDM field. - security_result.detection_fields[compliances_standard]: Mapped `compliances.standard` raw log field with `security_result.detection_fields[compliances_standard]` UDM field. - about.labels[compliances_standard]: Removed mapping of `compliances.standard` from `about.labels[compliances_standard]` UDM field. - target.resource.attribute.labels[kubernetes_pods_ns]: Mapped `kubernetes.pods.ns` raw log field with `target.resource.attribute.labels[kubernetes_pods_ns]` UDM field. - target.resource_ancestors.attribute.labels[kubernetes_pods_ns]: Removed mapping of `kubernetes.pods.ns` from `target.resource_ancestors.attribute.labels[kubernetes_pods_ns]` UDM field. - target.resource.attribute.labels[kubernetes_pods_name]: Mapped `kubernetes.pods.name` raw log field with `target.resource.attribute.labels[kubernetes_pods_name]` UDM field. - target.resource_ancestors.name: Removed mapping of `kubernetes.pods.name` from `target.resource_ancestors.name` UDM field. - additional.fields[externalSystems_assignees]: Mapped `externalSystems.assignees` raw log field with `additional.fields[externalSystems_assignees]` UDM field. - about.resource.attribute.labels[externalSystems_assignees]: Removed mapping of `externalSystems.assignees` from `about.resource.attribute.labels[externalSystems_assignees]` UDM field. - target.resource.attribute.labels[kubernetes_pods_containers_uri]: Mapped `kubernetes.pods.containers.uri` raw log field with `target.resource.attribute.labels[kubernetes_pods_containers_uri]` UDM field. - target.resource_ancestors.attribute.labels[kubernetes_pods_containers_uri]: Removed mapping of `kubernetes.pods.containers.uri` from `target.resource_ancestors.attribute.labels[kubernetes_pods_containers_uri]` UDM field. - target.resource.attribute.labels[kubernetes.pods.containers.labels]: Mapped `kubernetes.pods.containers.labels` raw log field with `target.resource.attribute.labels[kubernetes.pods.containers.labels]` UDM field. - target.resource_ancestors.attribute.labels[kubernetes.pods.containers.labels]: Removed mapping of `kubernetes.pods.containers.labels` from `target.resource_ancestors.attribute.labels[kubernetes.pods.containers.labels]` UDM field. - target.resource.attribute.labels[resource_projectName]: Mapped `resource.projectName` raw log field with `target.resource.attribute.labels[resource_projectName]` UDM field for events `Exfiltration: BigQuery Data Extraction`,`Exfiltration: BigQuery Data to Google Drive`,`Exfiltration: BigQuery Data Exfiltration`,`Exfiltration: CloudSQL Restore Backup to External Organization`. - principal.resource.name: Removed mapping of `resource.projectName` from `principal.resource.name` UDM field for events `Exfiltration: BigQuery Data Extraction`,`Exfiltration: BigQuery Data to Google Drive`,`Exfiltration: BigQuery Data Exfiltration`,`Exfiltration: CloudSQL Restore Backup to External Organization`. - target.resource.attribute.labels[resource_gcpMetadata_project]: Mapped `resource.gcpMetadata.project` raw log field with `target.resource.attribute.labels[resource_gcpMetadata_project]` UDM field. - principal.resource.name: Removed mapping of `resource.gcpMetadata.project` from `principal.resource.name` UDM field. - additional.fields[database_userName]: Mapped `database.userName` raw log field with `additional.fields[database_userName]` UDM field for event `Exfiltration: CloudSQL Over-Privileged Grant`. - principal.user.userid: Removed mapping of `database.userName` from `principal.user.userid` UDM field for event `Exfiltration: CloudSQL Over-Privileged Grant`. - target.resource.attribute.labels[kubernetes_pods_containers_name]: Mapped `kubernetes.pods.containers.name` raw log field with `target.resource.attribute.labels[kubernetes_pods_containers_name]` UDM field. - target.resource_ancestors.attribute.labels[kubernetes_pods_containers_name]: Removed mapping of `kubernetes.pods.containers.name` from `target.resource_ancestors.attribute.labels[kubernetes_pods_containers_name]` UDM field. - target.resource.attribute.labels[kubernetes_pods_containers_createTime]: Mapped `kubernetes.pods.containers.createTime` raw log field with `target.resource.attribute.labels[kubernetes_pods_containers_createTime]` UDM field. - target.resource_ancestors.attribute.labels[kubernetes_pods_containers_createTime]: Removed mapping of `kubernetes.pods.containers.createTime` from `target.resource_ancestors.attribute.labels[kubernetes_pods_containers_createTime]` UDM field. - target.resource.attribute.labels[kubernetes_pods_containers_imageId]: Mapped `kubernetes.pods.containers.imageId` raw log field with `target.resource.attribute.labels[kubernetes_pods_containers_imageId]` UDM field. - target.resource_ancestors.attribute.labels[kubernetes_pods_containers_imageId]: Removed mapping of `kubernetes.pods.containers.imageId` from `target.resource_ancestors.attribute.labels[kubernetes_pods_containers_imageId]` UDM field. - target.resource_ancestors.name: Mapped `resource.parent` raw log field with `target.resource_ancestors.name` UDM field. - target.resource.attribute.labels[resource_parent]: Removed mapping of `resource.parent` from `target.resource.attribute.labels[resource_parent]` UDM field. - target.resource.attribute.labels[resource_name]: Newly mapped `resource_name` raw log field with target.resource.name UDM field. |
| 2025-11-19 | - target.application: Removed mapping of `finding.sourceProperties.posture_name`,`sourceProperties.posture_name`,`sourceProperties.name` from `target.application` UDM field.
- target.application: Mapped `resource.service' raw log field with `target.application` UDM field. - security_result.rule_name: Mapped `finding.sourceProperties.posture_name`,`sourceProperties.posture_name`,`sourceProperties.name` raw log field with `security_result.rule_name` UDM field. - security_result.rule_name: Removed mapping of `finding.sourceProperties.changed_policy`,`sourceProperties.changed_policy` from `security_result.rule_name` UDM field. - security_result.detection_fields: Mapped `finding.sourceProperties.changed_policy`,`sourceProperties.changed_policy` raw log field with `security_result.detection_fields` UDM field. |
| 2025-09-30 | - target.file.full_path: Newly mapped `finding.file.path` raw log field with `target.file.full_path` UDM field for the first file object entry.
- about.file.full_path: Newly mapped `finding.file.path` raw log field with `about.file.full_path` UDM field for all file entries except the first one. - target.file.size: Newly mapped `finding.file.size` raw log field with `target.file.size` UDM field for file for the first file object entry. - about.file.size: Newly mapped `finding.file.size` raw log field with `about.file.size` UDM field for all file entries except the first one. - target.file.sha256: Newly mapped `finding.file.sha256` raw log field with `target.file.sha256` UDM field for the first file object entry. - about.file.sha256: Newly mapped `finding.file.sha256` raw log field with `about.file.sha256` UDM field for all file entries except the first one. - additional.fields : Newly mapped `finding.file.hashedSize` raw log field with `additional.fields` UDM field. - additional.fields : Newly mapped `finding.file.partiallyHashed` raw log field with `additional.fields` UDM field. - additional.fields : Newly mapped `finding.file.contents` raw log field with `additional.fields` UDM field. - additional.fields : Newly mapped `finding.file.diskPath.partitionUuid` raw log field with `additional.fields` UDM field. - additional.fields : Newly mapped `finding.file.diskPath.relativePath` raw log field with `additional.fields` UDM field. - additional.fields : Newly mapped `finding.file.operations.type` raw log field with `additional.fields` UDM field. |
| 2025-06-23 | - Updated the security_result.url_back_to_product UDM field base URL value from https://console.cloud.google.com/ to https://console.us.cloud.google.com for location 'us'.
- Updated the security_result.url_back_to_product UDM field base URL value from https://console.cloud.google.com/ to https://console.eu.cloud.google.com for location 'eu'. |
| 2025-04-09 | - Updated the security_result.url_back_to_product UDM field base URL value from https://console.cloud.google.com/ to https://console.sa.cloud.google.com for location 'sa'.
|
| 2025-02-07 | - Updated the mapping for "security_result.url_back_to_product" UDM field. Added the project ID value from the raw log field value "resource.projectDisplayName" to end of the URL mapped to "security_result.url_back_to_product" UDM field with the prefix ";?project=".
|
| 2024-11-21 | - Added support for the v2 version of the SCC API, and the following fields are included as part of the update
- resource.gcpMetadata.project - resource.gcpMetadata.projectDisplayName - resource.gcpMetadata.parent - resource.gcpMetadata.parentDisplayName - resource.gcpMetadata.folders.resourceFolder - resource.gcpMetadata.folders.resourceFolderDisplayName - resource.gcpMetadata.organization |
| 2024-03-20 | - Newly created parser.
|