Change log for VENAFI_ZTPKI
| Date | Changes |
|---|---|
| 2025-10-14 | Enhancement:
- Added a grok pattern to parse new log formats. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `time_stamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `name` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `dvc_ip` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `object` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `object_subsystem` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `event_id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.metadata.description`: Newly mapped `description` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `object_id` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - `event.idm.read_only_udm.target_port`: Newly mapped `value1.value` raw log field with `event.idm.read_only_udm.target_port` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `value1.name`, `text2.value`, `data.name`, `data.value`, `grouping.name`, `grouping.value`, `value2.name`, `value2.value`, `text1.name`, `text2.name` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip`: Newly mapped `text1.value` raw log field with `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM field. - `event.idm.read_only_udm.security_result.severity`: Newly mapped `severity` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field. - `event.idm.read_only_udm.metadata.event_type`: If `has_principal` is true and `has_target` is true, updated to NETWORK_CONNECTION. |
| 2025-03-03 | Enhancement:
- Add support for new pattern of csv logs. - Changed mapping for "policy_id" from "security_result.detection_fields" to "security_result.rule_id". - Changed mapping "common_name" from "principal.resource.attribute.labels" to "principal.user.user_display_name". - Changed mapping for "not_before" from "security_result.detection_fields" to "network.tls.client.certificate.not_before". - Changed mapping for "not_after" from "security_result.detection_fields" to "network.tls.client.certificate.not_after". - Changed mapping for "serial" from "security_result.default_fields" to "network.tls.client.certificate.serial". - Mapped "key_size" and "key_algorithm" to "security_result.detection_fields". - Mapped "fingerprint_sha256" to "network.tls.client.certificate.sha256". - Mapped "fringerprint_sha1" to "network.tls.client.certificate.sha1". - Mapped "policy_name" to "security_result.rule_name". - Mapped "issuer_dn" to "network.tls.client.certificate.issuer". - Changed mapping for "organization_name" from "principal.resource.attribute.labels" to "network.organization_name". |
| 2024-12-20 | Newly created parser.
|