Change log for THALES_MFA

Date	Changes
2025-11-07	Enhancement: - Added new grok patterns to support "LoggedIn","AssignToken","AUTH_ATTEMPT" actcode formats. - 'event.idm.read_only_udm.metadata.description': Newly mapped 'type' raw log field with 'event.idm.read_only_udm.metadata.description' UDM field. - 'event.idm.read_only_udm.target.resource.resource_subtype': Newly mapped 'subtype' raw log field with 'event.idm.read_only_udm.target.resource.resource_subtype' UDM field. - 'event.idm.read_only_udm.intermediary.resource.name': Newly mapped 'deviceProduct' raw log field with 'event.idm.read_only_udm.intermediary.resource.name' UDM field. - 'event.idm.read_only_udm.metadata.product_version': Newly mapped 'deviceVersion' raw log field with 'event.idm.read_only_udm.metadata.product_version' UDM field. - 'event.idm.read_only_udm.security_result.severity_details': Newly mapped 'severity' raw log field with 'event.idm.read_only_udm.security_result.severity_details' UDM field. - 'event.idm.read_only_udm.target.user.user_display_name': Newly mapped 'msgId' raw log field with 'event.idm.read_only_udm.target.user.user_display_name' UDM field.
2022-07-13	Enhancement - - Added on_error for reason,sec_action,security_result field in mutate filter. - Mapped "reason" to "security_result.description". - Mapped "act" field value to "security_result.action_details".

Date

Changes

2025-11-07

Enhancement:
- Added new grok patterns to support "LoggedIn","AssignToken","AUTH_ATTEMPT" actcode formats.
- 'event.idm.read_only_udm.metadata.description': Newly mapped 'type' raw log field with 'event.idm.read_only_udm.metadata.description' UDM field.
- 'event.idm.read_only_udm.target.resource.resource_subtype': Newly mapped 'subtype' raw log field with 'event.idm.read_only_udm.target.resource.resource_subtype' UDM field.
- 'event.idm.read_only_udm.intermediary.resource.name': Newly mapped 'deviceProduct' raw log field with 'event.idm.read_only_udm.intermediary.resource.name' UDM field.
- 'event.idm.read_only_udm.metadata.product_version': Newly mapped 'deviceVersion' raw log field with 'event.idm.read_only_udm.metadata.product_version' UDM field.
- 'event.idm.read_only_udm.security_result.severity_details': Newly mapped 'severity' raw log field with 'event.idm.read_only_udm.security_result.severity_details' UDM field.
- 'event.idm.read_only_udm.target.user.user_display_name': Newly mapped 'msgId' raw log field with 'event.idm.read_only_udm.target.user.user_display_name' UDM field.

2022-07-13

Enhancement -
- Added on_error for reason,sec_action,security_result field in mutate filter.
- Mapped "reason" to "security_result.description".
- Mapped "act" field value to "security_result.action_details".