Change log for IMPERVA_CEF
| Date | Changes |
|---|---|
| 2026-05-21 | Enhancement:
- `event.idm.read_only_udm.security_result.action_details`: Newly mapped `kv.act` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - Added a grok pattern on `kv.request` to extract `target_host`. - `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `target_host` log field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field if log event is "Illegal Resource Access". - `event.idm.read_only_udm.target.resource.name`: Newly mapped `kv.sourceServiceName` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. |
| 2026-04-30 | Enhancement:
- `event.idm.read_only_udm.metadata.description`: Newly mapped `organization` log field with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `log_type` log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.principal.location.city`: Newly mapped `cicode` raw log field with `event.idm.read_only_udm.principal.location.city` UDM field. - `event.idm.read_only_udm.principal.location.country_or_region`: Newly mapped `ccode` raw log field with `event.idm.read_only_udm.principal.location.country_or_region` UDM field. - `event.idm.read_only_udm.network.organization_name`: Newly mapped `Customer` raw log field with `event.idm.read_only_udm.network.organization_name` UDM field. - `event.idm.read_only_udm.network.tls.version`: Newly mapped `tls_version` log field with `event.idm.read_only_udm.network.tls.version` UDM field. - `event.idm.read_only_udm.network.tls.cipher`: Newly mapped `tls_cipher` raw log field with `event.idm.read_only_udm.network.tls.cipher` UDM field. - `event.idm.read_only_udm.target.port`: Newly mapped `cpt` raw log field with `event.idm.read_only_udm.target.port` UDM field. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `fileId` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - `event.idm.read_only_udm.security_result.category_details`: Newly mapped `dproc` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM field. - `event.idm.read_only_udm.security_result.threat_id`: Newly mapped `severity` log field with `event.idm.read_only_udm.security_result.threat_id` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `deviceFacility`, `deviceExternalId` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `end` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - Added a grok pattern on `ver` to extract `tls_version`, `tls_cipher`. |
| 2024-09-12 | Enhancement:
- Added support for new log patterns. |
| 2023-03-07 | Newly created parser. |