Change log for TRENDMICRO_VISION_ONE_AUDIT

Date	Changes
2025-09-29	Enhancement: - Modified principal.user.user_role mapping logic to include 'Senior Analyst' as 'ADMINISTRATOR'. - event.idm.read_only_udm.metadata.description: Newly mapped `details.description` raw log field to event.idm.read_only_udm.metadata.description. - event.idm.read_only_udm.security_result.summary: Newly mapped `details.status` and `details.assMitigateStatus` raw log field to event.idm.read_only_udm.security_result.summary. - event.idm.read_only_udm.security_result.description: Newly mapped `details.feedback.description` raw log field to event.idm.read_only_udm.security_result.description. - event.idm.read_only_udm.target.resource.id: Newly mapped `details.workbenchId` raw log field to event.idm.read_only_udm.target.resource.id. - event.idm.read_only_udm.principal.ip: Newly mapped `details.ipAddr` raw log field to event.idm.read_only_udm.principal.ip. - event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `details.identifier.id` raw log field to event.idm.read_only_udm.principal.user.product_object_id. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `details.identifier.type` raw log field to event.idm.read_only_udm.metadata.product_event_type. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `details.identifier.name` and `details.user` raw log field to event.idm.read_only_udm.principal.user.user_display_name. - event.idm.read_only_udm.principal.user.email_addresses: Newly mapped `details.identifier.email` raw log field to event.idm.read_only_udm.principal.user.email_addresses. - event.idm.read_only_udm.principal.resource.resource_subtype: Newly mapped `details.identifier.subType` raw log field to event.idm.read_only_udm.principal.resource.resource_subtype. - event.idm.read_only_udm.metadata.product_deployment_id: Newly mapped `details.traceId` raw log field to event.idm.read_only_udm.metadata.product_deployment_id. - event.idm.read_only_udm.security_result.action_details: Newly mapped `details.action` raw log field to event.idm.read_only_udm.security_result.action_details. - event.idm.read_only_udm.principal.hostname: Newly mapped `removedAgent.hostname` raw log field to event.idm.read_only_udm.principal.hostname. - event.idm.read_only_udm.principal.asset.product_object_id: Newly mapped `removedAgent.xdrDeviceId` raw log field to event.idm.read_only_udm.principal.asset.product_object_id. - event.idm.read_only_udm.principal.resource.type: Newly mapped `details.type` raw log field to event.idm.read_only_udm.principal.resource.type. - event.idm.read_only_udm.principal.resource.product_object_id: Newly mapped `details.instanceId` raw log field to event.idm.read_only_udm.principal.resource.product_object_id. - event.idm.read_only_udm.principal.asset.product_object_id: Newly mapped `details.serverId` raw log field to event.idm.read_only_udm.principal.asset.product_object_id. - event.idm.read_only_udm.principal.group.product_object_id: Newly mapped `details.groupId` raw log field to event.idm.read_only_udm.principal.group.product_object_id. - event.idm.read_only_udm.target.resource.product_object_id: Newly mapped `endpoint.wsDeviceId` raw log field to event.idm.read_only_udm.target.resource.product_object_id. - event.idm.read_only_udm.target.resource.type: Newly mapped `endpoint.xdrDeviceId` raw log field to event.idm.read_only_udm.target.resource.type. - event.idm.read_only_udm.additional.fields: Newly mapped `details.source`, `details.investigationResult`, `details.feedback.reason.id`, `details.feedback.reason.value`, `details.reason`, `details.assTotalAssetsInvolved`, `ass_EventList.Risk event`, `ass_EventList.Asset name`, `ass_EventList.Asset type` and `details.role` raw log field to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `details.requestId` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels.
2025-04-07	- Newly created parser. - "event.idm.read_only_udm.metadata.event_timestamp": Newly mapped "loggedDateTime" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field. - "event.idm.read_only_udm.metadata.collected_timestamp": Newly mapped "ingestedDateTime" raw log field with "event.idm.read_only_udm.metadata.collected_timestamp" UDM field. - "event.idm.read_only_udm.principal.user.userid": Newly mapped "loggedUser" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field. - "event.idm.read_only_udm.principal.user.user_role": Newly mapped "loggedRole" raw log field with "event.idm.read_only_udm.principal.user.user_role" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "category", "activity", "accessType", "result" raw log fields with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.principal.resource.attribute.labels": Newly mapped "uuid" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - "event.idm.read_only_udm.metadata.product_log_id": Newly mapped "uuid" raw log field with "event.idm.read_only_udm.metadata.product_log_id" UDM field.

Date

Changes

2025-09-29

Enhancement:
- Modified principal.user.user_role mapping logic to include 'Senior Analyst' as 'ADMINISTRATOR'.
- event.idm.read_only_udm.metadata.description: Newly mapped `details.description` raw log field to event.idm.read_only_udm.metadata.description.
- event.idm.read_only_udm.security_result.summary: Newly mapped `details.status` and `details.assMitigateStatus` raw log field to event.idm.read_only_udm.security_result.summary.
- event.idm.read_only_udm.security_result.description: Newly mapped `details.feedback.description` raw log field to event.idm.read_only_udm.security_result.description.
- event.idm.read_only_udm.target.resource.id: Newly mapped `details.workbenchId` raw log field to event.idm.read_only_udm.target.resource.id.
- event.idm.read_only_udm.principal.ip: Newly mapped `details.ipAddr` raw log field to event.idm.read_only_udm.principal.ip.
- event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `details.identifier.id` raw log field to event.idm.read_only_udm.principal.user.product_object_id.
- event.idm.read_only_udm.metadata.product_event_type: Newly mapped `details.identifier.type` raw log field to event.idm.read_only_udm.metadata.product_event_type.
- event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `details.identifier.name` and `details.user` raw log field to event.idm.read_only_udm.principal.user.user_display_name.
- event.idm.read_only_udm.principal.user.email_addresses: Newly mapped `details.identifier.email` raw log field to event.idm.read_only_udm.principal.user.email_addresses.
- event.idm.read_only_udm.principal.resource.resource_subtype: Newly mapped `details.identifier.subType` raw log field to event.idm.read_only_udm.principal.resource.resource_subtype.
- event.idm.read_only_udm.metadata.product_deployment_id: Newly mapped `details.traceId` raw log field to event.idm.read_only_udm.metadata.product_deployment_id.
- event.idm.read_only_udm.security_result.action_details: Newly mapped `details.action` raw log field to event.idm.read_only_udm.security_result.action_details.
- event.idm.read_only_udm.principal.hostname: Newly mapped `removedAgent.hostname` raw log field to event.idm.read_only_udm.principal.hostname.
- event.idm.read_only_udm.principal.asset.product_object_id: Newly mapped `removedAgent.xdrDeviceId` raw log field to event.idm.read_only_udm.principal.asset.product_object_id.
- event.idm.read_only_udm.principal.resource.type: Newly mapped `details.type` raw log field to event.idm.read_only_udm.principal.resource.type.
- event.idm.read_only_udm.principal.resource.product_object_id: Newly mapped `details.instanceId` raw log field to event.idm.read_only_udm.principal.resource.product_object_id.
- event.idm.read_only_udm.principal.asset.product_object_id: Newly mapped `details.serverId` raw log field to event.idm.read_only_udm.principal.asset.product_object_id.
- event.idm.read_only_udm.principal.group.product_object_id: Newly mapped `details.groupId` raw log field to event.idm.read_only_udm.principal.group.product_object_id.
- event.idm.read_only_udm.target.resource.product_object_id: Newly mapped `endpoint.wsDeviceId` raw log field to event.idm.read_only_udm.target.resource.product_object_id.
- event.idm.read_only_udm.target.resource.type: Newly mapped `endpoint.xdrDeviceId` raw log field to event.idm.read_only_udm.target.resource.type.
- event.idm.read_only_udm.additional.fields: Newly mapped `details.source`, `details.investigationResult`, `details.feedback.reason.id`, `details.feedback.reason.value`, `details.reason`, `details.assTotalAssetsInvolved`, `ass_EventList.Risk event`, `ass_EventList.Asset name`, `ass_EventList.Asset type` and `details.role` raw log field to event.idm.read_only_udm.additional.fields.
- event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `details.requestId` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels.

2025-04-07

- Newly created parser.
- "event.idm.read_only_udm.metadata.event_timestamp": Newly mapped "loggedDateTime" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field.
- "event.idm.read_only_udm.metadata.collected_timestamp": Newly mapped "ingestedDateTime" raw log field with "event.idm.read_only_udm.metadata.collected_timestamp" UDM field.
- "event.idm.read_only_udm.principal.user.userid": Newly mapped "loggedUser" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field.
- "event.idm.read_only_udm.principal.user.user_role": Newly mapped "loggedRole" raw log field with "event.idm.read_only_udm.principal.user.user_role" UDM field.
- "event.idm.read_only_udm.additional.fields": Newly mapped "category", "activity", "accessType", "result" raw log fields with "event.idm.read_only_udm.additional.fields" UDM field.
- "event.idm.read_only_udm.principal.resource.attribute.labels": Newly mapped "uuid" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field.
- "event.idm.read_only_udm.metadata.product_log_id": Newly mapped "uuid" raw log field with "event.idm.read_only_udm.metadata.product_log_id" UDM field.