Change log for ILLUMIO_CORE
| Date | Changes |
|---|---|
| 2025-12-29 | Enhancement:
- Added new grok patterns to parse new format of syslog logs. - event.idm.read_only_udm.security_result.summary: Newly mapped `outcome` raw log field with event.idm.read_only_udm.security_result.summary UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `shost`, `program` raw log fields with event.idm.read_only_udm.security_result.detection_fields UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.security_result.severity: Newly mapped `level` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field. |
| 2025-12-11 | Enhancement:
- Added a new grok pattern to support new format of logs. - event.idm.read_only_udm.additional.fields: Newly mapped "org_id" raw log field with "org_id" as the key with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped "network" raw log field with "network" as the key with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "src.dm" raw log field with "src_dm" as the key with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "src.os" raw log field with "src_os" as the key with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped "src.vt_type" raw log field with "src_vt_type" as the key with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Removed explicit mappings for "src_labels.env", "src_labels.app", and "src_labels.role" and "src_labels" is handled dynamically using for loop iterating through "src_labels", mapping each key-value pair (except loc) with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field with the key prefixed by "src_". - event.idm.read_only_udm.target.resource.attribute.labels: Removed explicit mappings for "dst_labels.env", "dst_labels.app", and "dst_labels.role" and "dst_labels" is handled dynamically using for loop iterating through "dst_labels", mapping each key-value pair (except loc) with "event.idm.read_only_udm.target.resource.attribute.labels" UDM field with the key prefixed by "dst_". |
| 2024-11-14 | Enhancement:
- When there is no principal machine data available, then mapped "metadata.event_type" to "GENERIC_EVENT". - Mapped "uuid","change_type","href","name","hostname" labels to "sec_res.detection_fields" |
| 2024-04-18 | Enhancement:
- Enhanced parser to additionally support SYSLOG+CEF log formats. |
| 2024-02-21 | Enhancement:
- Enhanced parser to additionally support SYSLOG and SYSLOG+JSON log formats. |
| 2023-03-14 | Newly created parser.
|