Change log for OORT
| Date | Changes |
|---|---|
| 2026-03-09 | Enhancement:
- Updated `event.idm.read_only_udm.metadata.vendor_name` to "Cisco". - Updated `event.idm.read_only_udm.metadata.product_name` to "Identity Intelligence". - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `detail.published` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `detail.login` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.principal.user.attribute.labels`: Newly mapped `detail.userTrustLevel` raw log field with `event.idm.read_only_udm.principal.user.attribute.labels` UDM field. - `event.idm.read_only_udm.principal.user.user_display_name`: Newly mapped `detail.login` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - `event.idm.read_only_udm.security_result.category_details`: Newly mapped `detail.checkTopics` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `region` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `detail.checkId`, `detail.checkScope`, `detail.frameworks`, `detail.explainabilityEventIds`, and `data.value` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - Added a grok pattern on `data.value` to extract `ip_addr`. - `event.idm.read_only_udm.principal.ip`: If `data.key` is "ips", updated the value of `event.idm.read_only_udm.principal.ip` to IP extracted from `data.value`. |
| 2025-01-23 | - Mapped the "security_result.severity" to "MEDIUM" when the log's severity is "Moderate".
|
| 2024-12-11 | - Newly created parser.
|