Change log for MYSQL
| Date | Changes |
|---|---|
| 2025-12-04 | - event.idm.read_only_udm.principal.ip: Newly mapped `login.ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly mapped `login.ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `login.user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `account.user` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.intermediary.hostname: Newly mapped `inter_host` raw log field with `event.idm.read_only_udm.intermediary.hostname` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `target_host` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `target_host` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `target_ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `target_ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.network.session_id: Newly mapped `connection_id` raw log field with `event.idm.read_only_udm.network.session_id` UDM field. - event.idm.read_only_udm.target.process.command_line: Newly mapped `general_data.command` raw log field with `event.idm.read_only_udm.target.process.command_line` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `general_data.query` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.network.ip_protocol: Newly mapped `connection_data.connection_type` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `general_data.sql_command`, `event_data`, `general_data.status`, `class`, `Status` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.extensions.auth.type: Newly mapped a static 'MACHINE' value with `event.idm.read_only_udm.extensions.auth.type` UDM field. - If connection_type contains tcp/ip, event.idm.read_only_udm.network.ip_protocol is set to TCP. |
| 2025-04-03 | - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `sql_query`, `value`, `num`, `ns`, `itemid`, `value_min`, `value_avg`, `value_max` and `query_id` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `clock` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field - Added a Grok pattern to parse the unparsed logs. |
| 2024-07-05 | Enhancement:
- Added the Grok patterns to parse the unparsed logs. - Mapped "inner_message" to "security_result.description" - Mapped "summary" to "security_result.summary" - Mapped "path" to "principal.file.full_path" - Mapped "logtype" to "metadata.product_event_type" |