Change log for SWIFT_AMH
| Date | Changes |
|---|---|
| 2025-11-26 | Enhancement:
- event.idm.read_only_udm.about.labels: Removed mapping of `target.traceId` raw log field from event.idm.read_only_udm.about.labels as it is a deprecacted UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `target.traceId` raw log field to event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.about.labels: Removed mapping of `target.parentSpanId` raw log field from event.idm.read_only_udm.about.labels as it is a deprecacted UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `target.parentSpanId` raw log field to event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.about.labels: Removed mapping of `sag` raw log field from event.idm.read_only_udm.about.labels as it is a deprecacted UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `sag` raw log field to event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.about.labels: Removed mapping of `mr_id` raw log field from event.idm.read_only_udm.about.labels as it is a deprecacted UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `mr_id` raw log field to event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.principal.user.attribute.roles: Newly mapped `user_roles` raw log field to event.idm.read_only_udm.principal.user.attribute.roles UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `suffix` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `component` raw log field to event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `definition` raw log field to event.idm.read_only_udm.target.resource.name UDM field. - event.idm.read_only_udm.security_result.summary: Mapped `event.idm.read_only_udm.security_result.summary` as `Rule execution error` when `sag` is `AMH-RUL-00010`. - event.idm.read_only_udm.security_result.action: Mapped `event.idm.read_only_udm.security_result.action` as `BLOCK` when `sag` is `AMH-RUL-00010`. - event.idm.read_only_udm.additional.fields: Newly mapped `exception`, `invalid_value`, `value_type`, `pattern`, `thread_info`, `logger`, `product_event_id` raw log fields to event.idm.read_only_udm.additional.fields UDM field. |
| 2025-09-23 | Enhancement:
- Enhanced grok pattern to parse `operator` username to event.idm.read_only_udm.src.user.userid mapping to output 'ADMIN' when operator is 'administrator'. - event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `createdAt` raw log field to event.idm.read_only_udm.metadata.collected_timestamp. - event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `data.properties._file_inode.str` raw log field to event.idm.read_only_udm.intermediary.resource.attribute.labels. - event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `data.properties._ecs_agent_version.str` raw log field to event.idm.read_only_udm.intermediary.resource.attribute.labels. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `parentSpanId`, `data.spanId`, `data.traceId` and `offset` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels. - event.idm.read_only_udm.security_result.severity: Newly mapped `data.level` raw log field to event.idm.read_only_udm.security_result.severity. - event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` raw log field to event.idm.read_only_udm.principal.hostname. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `hostname` raw log field to event.idm.read_only_udm.principal.asset.hostname. - event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `uumid` raw log field to event.idm.read_only_udm.principal.user.product_object_id. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `product_object_id` raw log field to event.idm.read_only_udm.metadata.product_log_id. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `product_event_type` raw log field to event.idm.read_only_udm.metadata.product_event_type. - event.idm.read_only_udm.additional.fields: Newly mapped `_id` raw log field to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.principal.asset.creation_time: Newly mapped `data.creationDate` raw log field to event.idm.read_only_udm.principal.asset.creation_time. |
| 2024-03-14 | - Newly created parser.
|