Change log for TANIUM_AUDIT
| Date | Changes |
|---|---|
| 2025-11-13 | Enhancement:
- `event.idm.read_only_udm.target.resource.attribute.last_update_time`: Removed mapping of `modification_time` from `event.idm.read_only_udm.target.resource.attribute.last_update_time` UDM field as `modification_time` represents the event's time, not a resource attribute. - `event.idm.read_only_udm.metadata.event_timestamp`: Mapped `modification_time` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `createdAt` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.principal.application`: Newly mapped `state.type` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - `event.idm.read_only_udm.metadata.description`: Newly mapped `state.message` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly `mapped state.legacyType` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `userId` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.security_result.action_details`: Newly mapped `action` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - `event.idm.read_only_udm.principal.resource.attribute.labels`: Newly mapped `table`, `username` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `rowId`, `revision`, `state.count`, `updatedAt`, `personaId` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. |
| 2024-05-16 | Enhancement:
- Added support for JSON logs. - Mapped "object_id" to "target.resource.product_object_id". - Mapped "object_name" to "target.resource.name". - Mapped "audit_name" to "metadata.description". - Mapped "creation_time" to "target.resource.attribute.creation_time". - Mapped "modification_time" to "target.resource.attribute.last_update_time". - Mapped "last_modified_by" and "modifier_user_id" to "principal.resource.attribute.labels". - Mapped "User" to "principal.user.userid". - Mapped "session_id" to "network.session_id". - Mapped "authentication_type" to "principal.user.attribute.labels". - Mapped "ip_address" to "principal.ip" and "principal.asset.ip". - Mapped "audit_row_id", "type", and "audit_type" to "additional.fields". - Mapped "type_name" to "metadata.product_event_type". - Mapped "object_type_name" to "target.resource.attribute.labels". |
| 2023-09-26 | Enhancement:
- Added "on_error" check for date filter. - Added a Grok pattern to support new log format. - Mapped "Issuer", "ActionName", "PackageName", "StartTime", "Expiration", "InsertTime" and "DistributeOver" to "additional.fields". |
| 2022-06-08 |