Change log for JUMPCLOUD_DIRECTORY_INSIGHTS
| Date | Changes |
|---|---|
| 2025-10-14 | Enhancement:
- event.idm.read_only_udm.metadata.vendor_name: Changed mapping for `event.idm.read_only_udm.metadata.vendor_name` from "JUMPCLOUD_DIRECTORY_INSIGHTS" to "Jump Cloud". - event.idm.read_only_udm.metadata.product_name: Changed mapping for `event.idm.read_only_udm.metadata.product_name` from "JUMPCLOUD_DIRECTORY_INSIGHTS" to "Directory Platform". |
| 2025-09-25 | Enhancement:
- event.idm.read_only_udm.principal.hostname: Newly mapped data.system.host_name raw log field to event.idm.read_only_udm.principal.hostname. - event.idm.read_only_udm.target.resource.type: Newly mapped data.initiated_by.type raw log field to event.idm.read_only_udm.target.resource.type. - event.idm.read_only_udm.principal.location.name: Newly mapped data.geoip.timezone raw log field to event.idm.read_only_udm.principal.location.name. - event.idm.read_only_udm.target.location.name: Newly mapped data.auth_context.jumpcloud_protect_device.geoip.timezone raw log field to event.idm.read_only_udm.target.location.name. - event.idm.read_only_udm.target.location.state: Newly mapped data.auth_context.jumpcloud_protect_device.geoip.region_name raw log field to event.idm.read_only_udm.target.location.state. - event.idm.read_only_udm.target.location.country_or_region: Newly mapped data.auth_context.jumpcloud_protect_device.geoip.country_code raw log field to event.idm.read_only_udm.target.location.country_or_region. - event.idm.read_only_udm.principal.asset.platform_software.platform_version: Newly mapped data.auth_context.jumpcloud_protect_device.app_version raw log field to event.idm.read_only_udm.principal.asset.platform_software.platform_version. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `data.system.display_name` raw log field to event.idm.read_only_udm.principal.user.user_display_name - event.idm.read_only_udm.principal.asset.platform_software.platform: Newly mapped data.auth_context.jumpcloud_protect_device.os raw log field to event.idm.read_only_udm.principal.asset.platform_software.platform. - event.idm.read_only_udm.target.ip: Newly mapped data.auth_context.jumpcloud_protect_device.ip raw log field to event.idm.read_only_udm.target.ip. - event.idm.read_only_udm.target.asset.ip: Newly mapped data.auth_context.jumpcloud_protect_device.ip raw log field to event.idm.read_only_udm.target.asset.ip. - event.idm.read_only_udm.target.platform_version: Newly mapped data.auth_context.jumpcloud_protect_device.os_version raw log field to event.idm.read_only_udm.target.platform_version. - event.idm.read_only_udm.target.resource.name: Newly mapped data.service raw log field to event.idm.read_only_udm.target.resource.name. - event.idm.read_only_udm.target.user.userid: Newly mapped data.auth_context.jumpcloud_protect_device.username raw log field to event.idm.read_only_udm.target.user.userid. - event.idm.read_only_udm.target.hostname: Newly mapped `dc_1` and `dc_2` raw log field to event.idm.read_only_udm.target.hostname. - event.idm.read_only_udm.target.user.userid: Newly mapped `uid` raw log field to event.idm.read_only_udm.target.user.userid. - event.idm.read_only_udm.target.user.userid: Newly mapped data.outer.username raw log field to event.idm.read_only_udm.target.user.userid. - event.idm.read_only_udm.security_result.description: Newly mapped data.operation_type raw log field to event.idm.read_only_udm.security_result.description. - event.idm.read_only_udm.extensions.auth.auth_details: Newly mapped `data.eap_type` and `data.mech` raw log field to event.idm.read_only_udm.extensions.auth.auth_details. - event.idm.read_only_udm.additional.fields: Removed mapping of data.event_type from event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped data.event_type raw log field to event.idm.read_only_udm.metadata.product_event_type. - event.idm.read_only_udm.additional.fields: Newly mapped `start_tls`, `tls_established`, `error_code`, `operation_number`, `outer.eap_type`, `auth_meta.user_password_enabled`, `auth_meta.device_cert_enabled`, `auth_meta.user_cert_enabled`, `auth_meta.auth_idp`, `auth_meta.userid_type`, `data.error_message`, `data.auth_context.jumpcloud_protect_device.model`, `data.auth_context.auth_methods.jumpcloud_protect.success`, `data.useragent`, `data.mfa`, `data.mfa_meta.type`, `data.provider`, `data.initiated_by.id`, `data.auth_method`, `ou` and `o` raw log field to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `data.username`, `connection_id`, `data.geoip.continent_code` and `data.auth_context.jumpcloud_protect_device.user_id` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `data.auth_context.jumpcloud_protect_device.geoip.region_code`, `data.auth_context.jumpcloud_protect_device.geoip.continent_code`, `auth_context.jumpcloud_protect_device.geoip.latitude`, `auth_context.jumpcloud_protect_device.geoip.longitude` and `data.auth_context.jumpcloud_protect_device.id` raw log field to event.idm.read_only_udm.target.resource.attribute.labels. - event.idm.read_only_udm.principal.resource.type: Newly mapped `auth_type` raw log field to event.idm.read_only_udm.principal.resource.type. - event.idm.read_only_udm.security_result.summary: Newly mapped `nas_mfa_state` raw log field to event.idm.read_only_udm.security_result.summary. - Enhanced USER_LOGIN event detection to include ldap_bind, radius_auth_attempt, and user_login_attempt event types. Prioritized data.auth_context.auth_methods.password.success for determining security_result.action when available. |
| 2025-01-30 | Enhancement:
- Mapped "association_op", "action_source", and "sso_token_success" to "additional.fields". - Mapped "connection_from_name" to "principal.resource.name". - Mapped "connection_from_type" to "principal.resource.resource_type". - Mapped "connection_from_object_id" to "principal.resource.product_object_id". - Mapped "connection_to_name" to "target.resource.name". - Mapped "connection_to_type" to "target.resource.resource_type". - Mapped "connection_to_object_id" to "target.resource.product_object_id". |
| 2024-05-20 | Enhancement:
- Added "gsub" to parse the unparsed invalid JSON logs. - When "data.initiated_by.username" is present, then set "metadata.event_type" to "USER_UNCATEGORIZED". |
| 2024-01-10 | Bug-Fix:
- Removed "gsub" to parse the logs which contain the "false" keyword. |
| 2023-11-21 | Enhancement:
- Added "gsub" to remove the unwanted characters from the logs. |
| 2023-10-31 | Enhancement:
- Added a gsub function to parse dropped logs. |
| 2023-10-16 | Enhancement:
- Handled unparsed JSON logs. |
| 2023-04-11 | Enhancement:
- Handled unparsed JSON logs. |
| 2023-02-20 | Newly created parser.
|