Change log for RSA_AUTH_MANAGER
| Date | Changes |
|---|---|
| 2025-10-29 | Enhancement:
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `product_log_id` raw log field to `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `principal_product_object_id` raw log field to `event.idm.read_only_udm.principal.user.product_object_id` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Conditionally mapped from the `custom_last_name` raw log field. If `custom_last_name` contains only "^[a-zA-Z]*$" and is not empty, it is mapped to `event.idm.read_only_udm.principal.user.user_display_name`. Otherwise, `custom_last_name` is not empty, its value is mapped to `event.idm.read_only_udm.additional.fields` under the key `custom_last_name`. - event.idm.read_only_udm.target.resource.type: Newly mapped `Type` raw log field to `event.idm.read_only_udm.target.resource.type` UDM field. - event.idm.read_only_udm.target.user.product_object_id: Newly mapped `tar_product_object_id` raw log field to `event.idm.read_only_udm.target.user.product_object_id` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `path` raw log field to `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `logger_class`, `event_code` and `application_session_id` raw log field to `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `correlation_id` raw log field to `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `principal_hostname` raw log field to `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `principal_security_domain_guid` raw log field to `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.target.user.attribute.labels: Newly mapped `username_1` raw log field to `event.idm.read_only_udm.target.user.attribute.labels` UDM field. |
| 2024-03-13 | Enhancement:
- Modified the Grok pattern to parse the data in the header of the log. |
| 2022-08-09 | Enhancement-Removed the dropped condition, handled and parsed the logs with appropriate GROK pattern.
|
| 2022-06-13 | Enhancement-Removed drop condition for logs with event_name = ACCESS_DIRECTORY.
|