Change log for IMPERVA_DRA
| Date | Changes |
|---|---|
| 2025-10-24 | - event.idm.read_only_udm.src.ip: Newly mapped `srcHosts` raw log field with `event.idm.read_only_udm.src.ip` UDM fields.
- event.idm.read_only_udm.src.asset.ip: Newly mapped `srcHosts` raw log field with `event.idm.read_only_udm.src.asset.ip` UDM fields. - event.idm.read_only_udm.src.hostname: Newly mapped `srcHosts` raw log field with `event.idm.read_only_udm.src.hostname` UDM fields. - event.idm.read_only_udm.src.asset.hostname: Newly mapped `srcHosts` raw log field with `event.idm.read_only_udm.src.asset.hostname` UDM fields. - event.idm.read_only_udm.target.hostname: Newly mapped `dstHosts` raw log field with `event.idm.read_only_udm.target.hostname` these UDM fields. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `dstHosts` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM fields. - The date filter for `event_timestamp` was updated to rebase the timestamp. - Parser logic was updated to iterate over array-based raw log fields (srcIps, sourceApps, dstIps, destinationAccount, destination, destinationType) and map individual elements to their corresponding UDM fields. - Added conditional check for srcHosts to map to either IP or hostname UDM fields based on its format. - Added conditional check for dstIps. If a value is not a valid IP, it is mapped to event.idm.read_only_udm.additional.fields. |
| 2025-10-02 | - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field.
- event.idm.read_only_udm.principal.user.userid: Newly mapped `srcUsers` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `srcIps` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `srcIps` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `srcHosts` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `srcHosts` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field. - event.idm.read_only_udm.principal.application: Newly mapped `sourceApps` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `dstIps` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `dstIps` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `dstHosts` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `dstHosts` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `destinationAccount` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `destination` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.target.resource.resource_subtype: Newly mapped `destinationType` raw log field with `event.idm.read_only_udm.target.resource.resource_subtype` UDM field. - event.idm.read_only_udm.target.resource.type: Newly mapped `accessedTables` raw log field with `event.idm.read_only_udm.target.resource.type` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `securityEventTimestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `actionType` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `severity`, `numOfAccessedObjects`, `userAction`, `clusterNames` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly added dynamic mapping of `severity` raw log field to key "severity" within `event.idm.read_only_udm.additional.fields` if severity matches (?i)test-severity. - event.idm.read_only_udm.security_result.severity: Changed mapping for event.idm.read_only_udm.security_result.severity from a direct mapping of severity to a conditional mapping based on the value of the severity raw field. |
| 2024-09-26 | - Newly created parser.
|