Change log for MYSQL
| Date | Changes |
|---|---|
| 2026-02-23 | Enhancement:
- Replaced "has_principal" from merge condition to replace condition, to correctly parse the event_type. |
| 2026-02-19 | - Added the Grok patterns to parse the unparsed csv and syslog logs
`event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `mysql_timestamp`, `event_date`, `event_time`, `csv_timestamp` raw log field(s) with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `mysql_action`, `log_category`, `csv_mysql_action`, `csv_mysql_connection_type` raw log field(s) with `event.idm.read_only_udm.metadata.product_event_type` UDM field. `event.idm.read_only_udm.metadata.description`: Newly mapped `event_message`, `resolution_error` raw log field(s) with `event.idm.read_only_udm.metadata.description` UDM field. `event.idm.read_only_udm.principal.application`: Newly mapped `component` raw log field with `event.idm.read_only_udm.principal.application` UDM field. `event.idm.read_only_udm.principal.ip`, `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `mysql_hostname` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. `event.idm.read_only_udm.principal.ip`, `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `csv_hostname_ip` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. `event.idm.read_only_udm.principal.user.userid`: Newly mapped `mysql_username`, `csv_username` raw log field(s) with `event.idm.read_only_udm.principal.user.userid` UDM field. `event.idm.read_only_udm.target.hostname`, `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `csv_target_hostname` raw log field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM fields. `event.idm.read_only_udm.target.resource.name`: Newly mapped `csv_database_name` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `mysql_sql_query`, `csv_mysql_sql_query` raw log field(s) with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. `event.idm.read_only_udm.network.session_id`: Newly mapped `mysql_thread_id`, `csv_connection_id` raw log field(s) with `event.idm.read_only_udm.network.session_id` UDM field. `event.idm.read_only_udm.security_result.rule_id`: Newly mapped `mysql_message_id` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM field. `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `target_mysql_hostname` raw log field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field. `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `csv_mysql_connection_type` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. |
| 2025-12-04 | - event.idm.read_only_udm.principal.ip: Newly mapped `login.ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly mapped `login.ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `login.user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `account.user` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.intermediary.hostname: Newly mapped `inter_host` raw log field with `event.idm.read_only_udm.intermediary.hostname` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `target_host` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `target_host` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `target_ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `target_ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.network.session_id: Newly mapped `connection_id` raw log field with `event.idm.read_only_udm.network.session_id` UDM field. - event.idm.read_only_udm.target.process.command_line: Newly mapped `general_data.command` raw log field with `event.idm.read_only_udm.target.process.command_line` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `general_data.query` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.network.ip_protocol: Newly mapped `connection_data.connection_type` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `general_data.sql_command`, `event_data`, `general_data.status`, `class`, `Status` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.extensions.auth.type: Newly mapped a static 'MACHINE' value with `event.idm.read_only_udm.extensions.auth.type` UDM field. - If connection_type contains tcp/ip, event.idm.read_only_udm.network.ip_protocol is set to TCP. |
| 2025-04-03 | - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `sql_query`, `value`, `num`, `ns`, `itemid`, `value_min`, `value_avg`, `value_max` and `query_id` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `clock` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field - Added a Grok pattern to parse the unparsed logs. |
| 2024-07-05 | Enhancement:
- Added the Grok patterns to parse the unparsed logs. - Mapped "inner_message" to "security_result.description" - Mapped "summary" to "security_result.summary" - Mapped "path" to "principal.file.full_path" - Mapped "logtype" to "metadata.product_event_type" |