Change log for CLAROTY_EMC
| Date | Changes |
|---|---|
| 2026-02-17 | Enhancements:
- Added grok patterns to support for new syslog events. - event.idm.read_only_udm.principal.administrative_domain: Newly mapped `user_type` raw log field to event.idm.read_only_udm.principal.administrative_domain. - event.idm.read_only_udm.principal.user.userid: Newly mapped `user_email` raw log field to event.idm.read_only_udm.principal.user.userid. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `server_name` raw log field to event.idm.read_only_udm.target.asset.hostname. - event.idm.read_only_udm.target.asset.ip: Newly mapped `ip_address` raw log field to event.idm.read_only_udm.target.asset.ip. - event.idm.read_only_udm.target.hostname: Newly mapped `server_name` raw log field to event.idm.read_only_udm.target.hostname. - event.idm.read_only_udm.target.ip: Newly mapped `ip_address` raw log field to event.idm.read_only_udm.target.ip. - event.idm.read_only_udm.metadata.event_type: If msg contains "connected to the server" or "opened the session" or event_desc is "Login to SRA succeeded" and has_target is true, updated to USER_LOGIN. - event.idm.read_only_udm.metadata.event_type: If msg contains "disconnected the server" and has_target is true, updated to USER_LOGOUT. - event.idm.read_only_udm.extensions.auth.type: Newly mapped to AUTHTYPE_UNSPECIFIED for USER_LOGIN and USER_LOGOUT events. |
| 2026-02-02 | Enhancements:
- Added grok patterns to support for new syslog events. - `event.idm.read_only_udm.metadata.description`: Newly mapped `event_desc` raw log field to `event.idm.read_only_udm.metadata.description`. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `cn1` raw log field to `event.idm.read_only_udm.metadata.product_log_id` (when `cn1Label` is "message_id"). - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped from combined `year`, `month`, `date`, `time` raw log fields to `event.idm.read_only_udm.metadata.event_timestamp`. - `event.idm.read_only_udm.principal.user.email_addresses`: Newly mapped `cs2` raw log field to `event.idm.read_only_udm.principal.user.email_addresses` (when `cs2Label` is "user"). - `event.idm.read_only_udm.target.hostname`: Newly mapped `target_hostname` raw log field (extracted from `msg`) to `event.idm.read_only_udm.target.hostname`. - `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `target_hostname` raw log field (extracted from `msg`) to `event.idm.read_only_udm.target.asset.hostname`. - `event.idm.read_only_udm.target.location.name`: Newly mapped `target_location_name` raw log field (extracted from `msg`) to `event.idm.read_only_udm.target.location.name`. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `site_id` raw log field (extracted from `msg`) to a key named "site_id" within `event.idm.read_only_udm.target.resource.attribute.labels`. - `event.idm.read_only_udm.security_result.category_details`: Newly mapped `cn3` raw log field to `event.idm.read_only_udm.security_result.category_details` (when `cn3Label` is "category"). - `event.idm.read_only_udm.security_result.description`: Newly mapped `msg` raw log field to `event.idm.read_only_udm.security_result.description`. - `event.idm.read_only_udm.network.session_id`: Newly mapped `session_id` raw log field (extracted from `msg`) to `event.idm.read_only_udm.network.session_id`. - `event.idm.read_only_udm.additional.fields`: Newly mapped `cs1`, `cs2`, and `cn1` raw log field to `event.idm.read_only_udm.additional.fields` as else condition. - Modified grok patterns to handle an additional Syslog format. - Added logic to parse fields (session_id, target_hostname, target_location_name, site_id) from the `msg` raw log field. |
| 2024-04-30 | - Newly created parser.
|