Change log for OBSIDIAN
| Date | Changes |
|---|---|
| 2025-11-08 | Enhancement:
- Newly created parser. - "event.idm.read_only_udm.metadata.product_log_id": Newly mapped "metadata_data.product_log_id" raw log field with "event.idm.read_only_udm.metadata.product_log_id" UDM field. - "event.idm.read_only_udm.metadata.product_version": Newly mapped "metadata_data.product_version" raw log field with "event.idm.read_only_udm.metadata.product_version" UDM field. - "event.idm.read_only_udm.metadata.product_event_type": Newly mapped "metadata_data.product_event_data_type" raw log field with "event.idm.read_only_udm.metadata.product_event_type" UDM field. - "event.idm.read_only_udm.metadata.product_deployment_id": Newly mapped "metadata_data.product_deployment_id" raw log field with "event.idm.read_only_udm.metadata.product_deployment_id" UDM field. - "event.idm.read_only_udm.metadata.description": Newly mapped "metadata_data.description" raw log field with "event.idm.read_only_udm.metadata.description" UDM field. - "event.idm.read_only_udm.metadata.log_type": Newly mapped "metadata_data.log_type" raw log field with "event.idm.read_only_udm.metadata.log_type" UDM field. - "event.idm.read_only_udm.network.http.user_agent": Newly mapped "network_data.http.user_agent" raw log field with "event.idm.read_only_udm.network.http.user_agent" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "additional_data.principal_data_enrichment.product_object_id", "additional_data.principal_data_enrichment.references.databricks.databricks.ServicePrincipal.active", "additional_data.principal_data_enrichment.references.databricks.databricks.ServicePrincipal.applicationId", "additional_data.principal_data_enrichment.references.databricks.databricks.ServicePrincipal.displayName", "additional_data.principal_data_enrichment.references.databricks.databricks.ServicePrincipal.id", "additional_data.principal_data_enrichment.references.databricks.databricks.ServicePrincipal.roles", "additional_data.raw_event", "version", "user_identity.email", "service_name", "request_id", "audit_level", "event_data_id", "additional_data.target_data_enrichment.product_object_id", "additional_data.target_data_enrichment.references.zoom.zoom.Meeting.id", "additional_data.target_data_enrichment.references.zoom.zoom.Meeting.topic", "additional_data.target_data_enrichment.references.zoom.zoom.Meeting.type", "additional_data.target_data_enrichment.references.zoom.zoom.Meeting.uuid", "principal_data.resource.resource_type", "raw_event_data_data_type" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.principal.user.product_object_id": Newly mapped "principal_data.user.product_object_id" raw log field with "event.idm.read_only_udm.principal.user.product_object_id" UDM field. - "event.idm.read_only_udm.principal.user.userid": Newly mapped "principal_data.user.userid" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field. - "event.idm.read_only_udm.principal.user.user_display_name": Newly mapped "principal_data.user.user_display_name" raw log field with "event.idm.read_only_udm.principal.user.user_display_name" UDM field. - "event.idm.read_only_udm.principal.application": Newly mapped "principal_data.application" raw log field with "event.idm.read_only_udm.principal.application" UDM field. - "event.idm.read_only_udm.principal.ip": Newly mapped "principal_data.ip" raw log field with "event.idm.read_only_udm.principal.ip" UDM field. - "event.idm.read_only_udm.principal.asset.ip": Newly mapped "principal_data.ip" raw log field with "event.idm.read_only_udm.principal.asset.ip" UDM field. - "event.idm.read_only_udm.principal.ip": Newly mapped "principal_data.ip_geo_artifact.ip" raw log field with "event.idm.read_only_udm.principal.ip" UDM field. - "event.idm.read_only_udm.principal.asset.ip": Newly mapped "principal_data.ip_geo_artifact.ip" raw log field with "event.idm.read_only_udm.principal.asset.ip" UDM field. - "event.idm.read_only_udm.principal.location.city": Newly mapped "principal_data.ip_geo_artifact.location.city" raw log field with "event.idm.read_only_udm.principal.location.city" UDM field. - "event.idm.read_only_udm.principal.location.country_or_region": Newly mapped "principal_data.ip_geo_artifact.location.country_or_region" raw log field with "event.idm.read_only_udm.principal.location.country_or_region" UDM field. - "event.idm.read_only_udm.principal.location.region_coordinates.latitude": Newly mapped "principal_data.ip_geo_artifact.location.region_coordinates.latitude" raw log field with "event.idm.read_only_udm.principal.location.region_coordinates.latitude" UDM field. - "event.idm.read_only_udm.principal.location.region_coordinates.longitude": Newly mapped "principal_data.ip_geo_artifact.location.region_coordinates.longitude" raw log field with "event.idm.read_only_udm.principal.location.region_coordinates.longitude" UDM field. - "event.idm.read_only_udm.principal.location.state": Newly mapped "principal_data.ip_geo_artifact.location.state" raw log field with "event.idm.read_only_udm.principal.location.state" UDM field. - "event.idm.read_only_udm.principal.user.email_addresses": Newly mapped "principal_data.user.email_addresses" raw log field with "event.idm.read_only_udm.principal.user.email_addresses" UDM field. - "event.idm.read_only_udm.principal.user.phone_numbers": Newly mapped "principal_data.user.phone_numbers" raw log field with "event.idm.read_only_udm.principal.user.phone_numbers" UDM field. - "event.idm.read_only_udm.metadata.event_timestamp": Newly mapped "metadata_data.event_data_timestamp" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field. - "event.idm.read_only_udm.metadata.collected_timestamp": Newly mapped "metadata_data.collected_timestamp" raw log field with "event.idm.read_only_udm.metadata.collected_timestamp" UDM field. - "event.idm.read_only_udm.metadata.ingested_timestamp": Newly mapped "metadata_data.ingested_timestamp" raw log field with "event.idm.read_only_udm.metadata.ingested_timestamp" UDM field. - "event.idm.read_only_udm.metadata.product_log_id": Newly mapped "action_id" raw log field with "event.idm.read_only_udm.metadata.product_log_id" UDM field. - "event.idm.read_only_udm.target.resource.name": Newly mapped "raw.settings.tenant" raw log field with "event.idm.read_only_udm.target.resource.name" UDM field. - "event.idm.read_only_udm.target.application": Newly mapped "raw.service.serviceId" raw log field with "event.idm.read_only_udm.target.application" UDM field. - "event.idm.read_only_udm.security_result.description": Newly mapped "message_data" raw log field with "event.idm.read_only_udm.security_result.description" UDM field. - "event.idm.read_only_udm.security_result.severity": Newly mapped "severity" raw log field with "event.idm.read_only_udm.security_result.severity" UDM field. - "event.idm.read_only_udm.security_result.summary": Newly mapped "raw.summary" raw log field with "event.idm.read_only_udm.security_result.summary" UDM field. - "event.idm.read_only_udm.security_result.rule_id": Newly mapped "raw.setting_id" raw log field with "event.idm.read_only_udm.security_result.rule_id" UDM field. - "event.idm.read_only_udm.security_result.category_details": Newly mapped "raw.transition" raw log field with "event.idm.read_only_udm.security_result.category_details" UDM field. - "event.idm.read_only_udm.security_result.url_back_to_product": Newly mapped "url" raw log field with "event.idm.read_only_udm.security_result.url_back_to_product" UDM field. - "event.idm.read_only_udm.metadata.product_event_type": Newly mapped "raw.event_data_type" raw log field with "event.idm.read_only_udm.metadata.product_event_type" UDM field. - "event.idm.read_only_udm.security_result.rule_name": Newly mapped "raw.name" raw log field with "event.idm.read_only_udm.security_result.rule_name" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "raw.compliant", "raw.standards", "principal_data.ip_geo_artifact.as_owner", "raw.value.boolean", "raw.old_value.boolean", "raw.recommendation.value.boolean", "raw.from_state", "raw.to_state", "raw.accepted", "raw.is_tuned", "raw.org_id", "raw.posture_type", "raw.config_url_path", "raw.settings.control", "raw.domains" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.principal.resource.attribute.labels": Newly mapped "workspace_id" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - "event.idm.read_only_udm.network.http.response_code": Newly mapped "response.status_code" raw log field with "event.idm.read_only_udm.network.http.response_code" UDM field. - "event.idm.read_only_udm.principal.resource.resource_subtype": Newly mapped "principal_data.resource.resource_subtype" raw log field with "event.idm.read_only_udm.principal.resource.resource_subtype" UDM field. - "event.idm.read_only_udm.metadata.event_type": Newly mapped "event.idm.read_only_udm.metadata.event_type" to "USER_RESOURCE_ACCESS" if "has_target_resource" is true and "has_user" is true, else if "has_principal" is true then mapped to "STATUS_UPDATE", else mapped to "GENERIC_EVENT". |