Change log for WIZ_IO
| Date | Changes |
|---|---|
| 2026-01-12 | Enhancement:
- `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `detection.id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.security_result.threat_id`: Newly mapped `detection.threatId` raw log field with `event.idm.read_only_udm.security_result.threat_id` UDM field. - `event.idm.read_only_udm.security_result.url_back_to_product`: Newly mapped `detection.detectionURL` raw log field with `event.idm.read_only_udm.security_result.url_back_to_product` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `detection.threatURL`, `actor.type`, `primaryActor.type`, `triggeringEvent.actor.externalId`, `triggeringEvent.actor.id`, `triggeringEvent.actor.name`, `triggeringEvent.actor.type` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.security_result.summary`: Newly mapped `detection.title` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `detection.description` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.severity`: Newly mapped `detection.severity` raw log field with `event.idm.read_only_udm.severity` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `detection.tdrId`, `detection.tdrSource`, `detection.mitreTactics`, `detection.mitreTechniques`, `account.cloudPlatform`, `account.externalId`, `account.id`, `account.name`, `detection.createdAt`, `detection.primaryResource.externalId`, `detection.primaryResource.id`, `detection.primaryResource.name`, `detection.primaryResource.type`, `detection.triggeringEventsCount`, `triggeringEvent.actorIPMeta.autonomousSystemNumber`, `triggeringEvent.actorIPMeta.autonomousSystemOrganization`, `triggeringEvent.actorIPMeta.country`, `triggeringEvent.actorIPMeta.isForeign`, `triggeringEvent.actorIPMeta.reputationSource`, `triggeringEvent.category`, `triggeringEvent.cloudPlatform`, `triggeringEvent.eventTime`, `triggeringEvent.externalId`, `triggeringEvent.id`, `triggeringEvent.name`, `triggeringEvent.origin`, `triggeringEvent.source`, `triggeringEvent.status` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `detection.timeframe.start` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `detection.timeframe.end` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `actor.externalId` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.principal.user.product_object_id`: Newly mapped `actor.id` raw log field with `event.idm.read_only_udm.principal.user.product_object_id` UDM field. - `event.idm.read_only_udm.principal.user.user_display_name`: Newly mapped `actor.name` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - `event.idm.read_only_udm.target.user.userid`: Newly mapped `primaryActor.externalId` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - `event.idm.read_only_udm.target.user.product_object_id`: Newly mapped `primaryActor.id` raw log field with `event.idm.read_only_udm.target.user.product_object_id` UDM field. - `event.idm.read_only_udm.target.user.user_display_name`: Newly mapped `primaryActor.name` raw log field with `event.idm.read_only_udm.target.user.user_display_name` UDM field. - `event.idm.read_only_udm.metadata.product_version`: Newly mapped `metadata_data.version` raw log field with `event.idm.read_only_udm.metadata.product_version` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `triggeringEvent.cloudProviderUrl` raw log field with `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.security_result.about.resource.attribute.labels`: Newly mapped `triggeringEvent.actorIPMeta.reputation`, `det_resource.type`, `det_resource.externalId`, `det_resource.id`, `det_resource.name`, `det_resource.nativeType`, `det_resource.region` raw log fields with `event.idm.read_only_udm.security_result.about.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `triggeringEvent.actorIP` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM field. - `event.idm.read_only_udm.principal.user.attribute.labels`: Newly mapped `actor.nativeType` raw log field with `event.idm.read_only_udm.principal.user.attribute.labels` UDM field. - `event.idm.read_only_udm.target.user.attribute.labels`: Newly mapped `primaryActor.nativeType` raw log field with `event.idm.read_only_udm.target.user.attribute.labels` UDM field. - `event.idm.read_only_udm.metadata.description`: Newly mapped `triggeringEvent.description` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. |
| 2025-12-12 | Enhancement:
- `event.idm.read_only_udm.additional.fields`: Newly mapped `actor.id`, `trigger.source`, `trigger.updatedFields`, `issue.projects`, `resource.cloudPlatform`, `control.name`, `id`, `threatURL`, `tdrId`, `tdrSource`, `account.cloudPlatform`, `account.externalId`, `account.id`, `account.name`, `primaryActor.id`, `primaryActor.actingAs`, `primaryActor.email`, `primaryActor.nativeType`, `primaryActor.providerUniqueId`, `resource.externalId`, `resource.cloudAccount.cloudPlatform`, `resource.cloudAccount.id`, `resource.cloudAccount.externalId`, `resource.cloudAccount.name`, `primaryResource.nativeType`, `primaryResource.externalId`, `primaryResource.cloudAccount.id`, `primaryResource.cloudAccount.cloudPlatform`, `triggeringEventsCount`, `triggeringEvent.source`, `mitreTactics`, `mitreTechniques` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `trigger.type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.security_result.rule_id`: Newly mapped `trigger.ruleId` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM field. - `event.idm.read_only_udm.security_result.rule_name`: Newly mapped `trigger.ruleName` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM field. - `event.idm.read_only_udm.principal.user.product_object_id`: Newly mapped `trigger.changedBy` raw log field with `event.idm.read_only_udm.principal.user.product_object_id` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `issue.id`, `triggeringEvent.id` raw log fields with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.security_result.action_details`: Newly mapped `issue.status`, `triggeringEvent.status` raw log fields with `event.idm.read_only_udm.security_result.action_details` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `issue.created`, `createdAt`, `timeframe.start` raw log fields with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.target.resource.id`: Newly mapped `resource.id`, `primaryResource.id` raw log fields with `event.idm.read_only_udm.target.resource.id` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `resource.name`, `primaryResource.name` raw log fields with `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.target.resource.type`: Newly mapped `resource.type`, `primaryResource.type` raw log fields with `event.idm.read_only_udm.target.resource.type` UDM field. - `event.idm.read_only_udm.target.cloud.project.id`: Newly mapped `resource.subscriptionId`, `primaryResource.cloudAccount.externalId` raw log fields with `event.idm.read_only_udm.target.cloud.project.id` UDM field. - `event.idm.read_only_udm.target.cloud.project.name`: Newly mapped `resource.subscriptionName`, `primaryResource.cloudAccount.name` raw log fields with `event.idm.read_only_udm.target.cloud.project.name` UDM field. - `event.idm.read_only_udm.target.asset.location.country_or_region`: Newly mapped `resource.region`, `primaryResource.region` raw log fields with `event.idm.read_only_udm.target.asset.location.country_or_region` UDM field. - `event.idm.read_only_udm.security_result.about.resource.attribute.labels`: Newly mapped `resource.status` raw log fields with `event.idm.read_only_udm.security_result.about.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `resource.cloudProviderURL`, `primaryResource.cloudProviderURL`, `triggeringEvent.cloudProviderUrl` raw log fields with `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `control.id`, `risk`, `triggeringEvent.cloudPlatform` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.metadata.description`: Newly mapped `control.description`, `triggeringEvent.description` raw log fields with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.security_result.severity`: Newly mapped `control.severity`, `issue.severity`, `severity` raw log fields with `event.idm.read_only_udm.security_result.severity` UDM field. - `event.idm.read_only_udm.security_result.url_back_to_product`: Newly mapped `control.IssueURL`, `DetectionURL` raw log fields with `event.idm.read_only_udm.security_result.url_back_to_product` UDM field. - `event.idm.read_only_udm.security_result.threat_id`: Newly mapped `threatId` raw log field with `event.idm.read_only_udm.security_result.threat_id` UDM field. - `event.idm.read_only_udm.security_result.summary`: Newly mapped `title`, `triggeringEvent.name` raw log fields with `event.idm.read_only_udm.security_result.summary` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `description` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `timeframe.end` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.principal.ip`: Newly mapped `primaryActor.externalId` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - `event.idm.read_only_udm.principal.resource.type`: Newly mapped `primaryActor.type` raw log field with `event.idm.read_only_udm.principal.resource.type` UDM field. - `event.idm.read_only_udm.target.ip`: Newly mapped `primaryActor.name` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `resource.id` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `resource.nativeType`, `actor.type` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.resource_obj.resource.attribute.labels`: Newly mapped `resource.status` raw log field with `event.idm.read_only_udm.resource_obj.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.target.location.country_or_region`: Newly mapped `resource.region` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM field. - `event.idm.read_only_udm.resource_obj.url`: Newly mapped `resource.cloudProviderURL` raw log field with `event.idm.read_only_udm.resource_obj.url` UDM field. - `event.idm.read_only_udm.observer.ip`: Newly mapped `triggeringEvent.actorIP` raw log field with `event.idm.read_only_udm.observer.ip` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `triggeringEvent.actor.id` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.about_obj.user.user_display_name`: Newly mapped `triggeringEvent.actor.name` raw log field with `event.idm.read_only_udm.about_obj.user.user_display_name` UDM field. - `event.idm.read_only_udm.about_obj.resource.type`: Newly mapped `triggeringEvent.actor.type` raw log field with `event.idm.read_only_udm.about_obj.resource.type` UDM field. - `event.idm.read_only_udm.principal.asset.location.country_or_region`: Newly mapped `triggeringEvent.actorIPMeta.country` raw log field with `event.idm.read_only_udm.principal.asset.location.country_or_region` UDM field. - `event.idm.read_only_udm.principal.labels`: Newly mapped `triggeringEvent.actorIPMeta.reputation`, `triggeringEvent.actorIPMeta.reputationSource`, `triggeringEvent.actorIPMeta.autonomousSystemOrganization`, `triggeringEvent.actorIPMeta.autonomousSystemNumber`, `triggeringEvent.actorIPMeta.isForeign` raw log fields with `event.idm.read_only_udm.principal.labels` UDM field. - `event.idm.read_only_udm.about_obj.resource.attribute.labels`: Newly mapped `triggeringEvent.category`, `triggeringEvent.eventTime`, `triggeringEvent.origin` raw log fields with `event.idm.read_only_udm.about_obj.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.principal.resource.product_object_id`: Newly mapped `triggeringEvent.externalId` raw log field with `event.idm.read_only_udm.principal.resource.product_object_id` UDM field. - `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip`: Newly mapped `actor_name_ip` raw log field with `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM field. - `event.idm.read_only_udm.intermediary.ip` and `event.idm.read_only_udm.intermediary.asset.ip`: Newly mapped `actor_externalId_ip` raw log field with `event.idm.read_only_udm.intermediary.ip` and `event.idm.read_only_udm.intermediary.asset.ip` UDM field. |
| 2025-10-24 | Enhancement:
- `event.idm.read_only_udm.additional.fields`: Newly mapped `record.trigger.source`, `record.cloudOrganizations`, `record.trigger.type`, `record.triggeringEventsCount`, `record.trigger.updatedFields`, `record.control.risks`, `record.resource.cloudPlatform` , `record.control.name`, `record.DetectionURL`, `record.threatURL`, `record.id`, `record.tdrId`, `record.tdrSource`, `mitreTactic`, `mitreTechniques`, `cloudAccounts.cloudPlatform`, `cloudAccounts.externalId`, `cloudAccounts.id`, `cloudAccounts.name`, `triggeringEvent.source`, `record.PrimaryResource.cloudAccount.cloudPlatform`, `record.PrimaryResource.externalId`, `record.primaryResource.nativeType`, `record.PrimaryResource.cloudAccount.id`, `record.PrimaryResource.providerUniqueId`, `record.PrimaryResource.status`, `record.PrimaryResource.VCSRepository`, `record.PrimaryResource.cloudOrganization`, `record.PrimaryResource.kubernetesNamespace`, `record.PrimaryResource.kubernetesCluster`, `record.trigger.updatedFields`, `record.resource.cloudPlatform`, `record.control.name` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.rule_id`: Newly mapped `record.trigger.ruleId` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM field. - `event.idm.read_only_udm.security_result.rule_name`: Newly mapped `record.trigger.ruleName` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM field. - `event.idm.read_only_udm.principal.user.product_object_id`: Newly mapped `record.trigger.changedBy` raw log field with `event.idm.read_only_udm.principal.user.product_object_id` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `record.issue.id`, `triggeringEvent.id` raw log fields with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.security_result.alert_state`: Newly mapped `record.issue.status` raw log field with `event.idm.read_only_udm.security_result.alert_state` UDM field. - `event.idm.read_only_udm.security_result.severity`: Newly mapped `record.issue.severity`, `record.severity` raw log fields with `event.idm.read_only_udm.security_result.severity` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `record.issue.created`, `record.timeframe.start`, `createdAt` raw log fields with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.target.resource.id`: Newly mapped `record.resource.id`, `record.PrimaryResource.id` raw log fields with `event.idm.read_only_udm.target.resource.id` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `record.resource.name`, `resource.name`, `record.PrimaryResource.name` raw log fields with `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.target.resource.type`: Newly mapped `record.resource.type`, `resource.type`, `record.PrimaryResource.type` raw log fields with `event.idm.read_only_udm.target.resource.type` UDM field. - `event.idm.read_only_udm.target.cloud.project.id`: Newly mapped `record.resource.subscriptionId`, `record.PrimaryResource.cloudAccount.externalId` raw log fields with `event.idm.read_only_udm.target.cloud.project.id` UDM field. - `event.idm.read_only_udm.target.cloud.project.name`: Newly mapped `record.resource.subscriptionName`, `record.PrimaryResource.cloudAccount.name` raw log fields with `event.idm.read_only_udm.target.cloud.project.name` UDM field. - `event.idm.read_only_udm.target.asset.location.country_or_region`: Newly mapped `record.resource.region`, `record.PrimaryResource.region` raw log fields with `event.idm.read_only_udm.target.asset.location.country_or_region` UDM field. - `event.idm.read_only_udm.security_result.about.resource.attribute.labels`: Newly mapped `record.resource.status` raw log fields with `event.idm.read_only_udm.security_result.about.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `record.resource.cloudProviderURL`, `triggeringEvent.cloudProviderUrl`, `record.PrimaryResource.cloudProviderURL` raw log fields with `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `record.control.id`, `record.issue.projects`, `triggeringEvent.actorIPMeta.category`, `triggeringEvent.cloudPlatform` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.metadata.description`: Newly mapped `record.control.description`, `triggeringEvent.description` raw log fields with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.security_result.about.url`: Newly mapped `record.control.IssueURL` raw log field with `event.idm.read_only_udm.security_result.about.url` UDM field. - `event.idm.read_only_udm.security_result.threat_id`: Newly mapped `record.threatId` raw log field with `event.idm.read_only_udm.security_result.threat_id` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `record.title` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `record.description` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `record.timeframe.end` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.target.ip`: Newly mapped `act.externalId` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - `event.idm.read_only_udm.principal.ip`: Newly mapped `pactor.externalId` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `triggeringEvents.actor.id` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.principal.asset.location.country_or_region`: Newly mapped `triggeringEvent.actorIPMeta.country` raw log field with `event.idm.read_only_udm.principal.asset.location.country_or_region` UDM field. - `event.idm.read_only_udm.principal.labels`: Newly mapped `triggeringEvent.actorIPMeta.autonomousSystemNumber`, `triggeringEvent.actorIPMeta.autonomousSystemOrganization`, `triggeringEvent.actorIPMeta.isForeign`, `triggeringEvent.actorIPMeta.reputation`, `triggeringEvent.actorIPMeta.reputationSource`, raw log fields with `event.idm.read_only_udm.principal.labels` UDM field. - `event.idm.read_only_udm.principal.resource.product_object_id`: Newly mapped `triggeringEvent.externalId` raw log field with `event.idm.read_only_udm.principal.resource.product_object_id` UDM field. - `event.idm.read_only_udm.security_result.summary`: Newly mapped `triggeringEvent.name` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `resource.id` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `resource.nativeType` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.target.location.country_or_region`: Newly mapped `resource.region` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM field. - `event.idm.read_only_udm.security_result.action_details`: Newly mapped `triggeringEvent.status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - Added conditional check for `record.trigger.source`. If the value is "ISSUE", the `security_result.alert_state` is set to "ALERTING" for an "OPEN" status and "NOT_ALERTING" for a "RESOLVED" status. |
| 2025-06-04 | Enhancement:
- event.idm.read_only_udm.metadata.product_log_id: Newly Mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM Field. - event.idm.read_only_udm.metadata.timestamp: Newly Mapped `createdAt` raw log field with `event.idm.read_only_udm.metadata.timestamp` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.uid` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.namespace` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.container.name` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.cri-containerd.kind` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.name` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.maintainer` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.group.product_object_id: Newly Mapped `entitySnapshot.externalId` raw log field with `event.idm.read_only_udm.principal.group.product_object_id` UDM Field. - event.idm.read_only_udm.principal.group.product_object_id: Newly Mapped `actionParameters.clientID` raw log field with `event.idm.read_only_udm.principal.group.product_object_id` UDM Field. - event.idm.read_only_udm.metadata.product_event_type: Newly Mapped `type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM Field. - event.idm.read_only_udm.principal.namespace: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.namespace` raw log field with `event.idm.read_only_udm.principal.namespace` UDM Field. - event.idm.read_only_udm.principal.asset_id: Newly Mapped `entitySnapshot.id` raw log field with `event.idm.read_only_udm.principal.asset_id` UDM Field. - event.idm.read_only_udm.principal.cloud.vpc.name: Newly Mapped `entitySnapshot.cloudPlatform` raw log field with `event.idm.read_only_udm.principal.cloud.vpc.name` UDM Field. - event.idm.read_only_udm.principal.cloud.vpc.id: Newly Mapped `entitySnapshot.providerId` raw log field with `event.idm.read_only_udm.principal.cloud.vpc.id` UDM Field. - event.idm.read_only_udm.principal.cloud.project.id: Newly Mapped `entitySnapshot.type` raw log field with `event.idm.read_only_udm.principal.cloud.project.id` UDM Field. - event.idm.read_only_udm.principal.cloud.project.resource_subtype: Newly Mapped `entitySnapshot.nativeType` raw log field with `event.idm.read_only_udm.principal.cloud.project.resource_subtype` UDM Field. - event.idm.read_only_udm.principal.cloud.project.name: Newly Mapped `entitySnapshot.name` raw log field with `event.idm.read_only_udm.principal.cloud.project.name` UDM Field. - event.idm.read_only_udm.security_result.action_details: Newly Mapped `entitySnapshot.status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `updatedAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `dueAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `statusChangedAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.principal.user.userid: Newly Mapped `sourceRule.id` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `control.name` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `control.description` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `control.resolutionRecommendation` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.summary: Newly Mapped `subcategories.title` raw log field with `event.idm.read_only_udm.security_result.category` UDM Field. - event.idm.read_only_udm.security_result.category_details: Newly Mapped `subcategories.category.name` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `subcategories.category.framework.name` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `actionParameters.userPoolType` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `actionParameters.userpoolID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `actionParameters.clientID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. |
| 2024-03-04 | Enhancement:
- Mapped "actionParameters.selection.preferences", "actionParameters.input.patch.portalVisitHistory.dateTime", and "actionParameters.input.patch.portalVisitHistory.type" to "additional.fields" - Mapped "actionParameters.input.patch.portalVisitHistory.name", "actionParameters.input.patch.portalVisitHistory.resourceName", "actionParameters.input.patch.portalVisitHistory.resourceType", "actionParameters.input.patch.portalVisitHistory.ruleType", and "actionParameters.input.patch.portalVisitHistory.id" to "principal.resource.attribute.labels". |
| 2024-02-08 | Enhancement:
- Mapped "WIZ_IO" to "metadata.product_name" and "metadata.vendor_name". - Mapped "action" to "metadata.product_event_type". - Mapped "timestamp" to "metadata.event_timestamp". - Mapped "userAgent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped "sourceIP" to "principal.ip". - When action value is "Report", then mapped "serviceAccount.name" to "principal.application". - Mapped "user.id" to "target.user.id". - Mapped "user.name" to "target.user.user_display_name". - Mapped "userEmail" to "target.user.email_addresses". - Mapped "actionParameters.role" to "target.user.attribute.roles". - Mapped "actionParameters.groups" and "actionParameters.products" to "security_result.detection_fields". |
| 2023-12-15 | - Newly created parser.
|