Change log for ATLASSIAN_JIRA
| Date | Changes |
|---|---|
| 2023-12-12 | Bug-Fix:
- Added support for mapping multiple IP addresses from "source" to "principal.ip". |
| 2023-11-10 | Enhancement:
- Added a new Grok pattern to parse failing JSON logs. - Mapped "affectedObjects" to "target.resource.attribute.labels". - Mapped "changedValues" to "security_result.about.resource.attribute.labels". - Mapped "extraAttributes" to "principal.resource.attribute.labels". - Mapped "source" to "principal.ip". - Mapped "author.id", "author.name", "author.uri", "author.type", "auditType.area", "auditType.category", and "auditType.action" to "principal.user.userid", "principal.user.user_display_name", "principal.url", "principal.resource.attribute.labels", "metadata.product_event_type", "security_result.category_details", and "security_result.summary" respectively. |
| 2023-02-09 | Enhancement -
- Added a "json" block to retrieve the JSON data. |
| 2023-01-10 | Enhancement - Added support for JSON format logs.
- Mapped "authorAccountId" to "principal.user.userid". - Mapped "id" to "metadata.product_log_id". - Mapped "remoteAddress" to "principal.ip". - Mapped "summary" to "metadata.description". - Mapped "category" to "metadata.product_event_type". - Mapped "authorKey" to "target.resource.attribute.labels". - Mapped "objectItem.id", "objectItem.name", "objectItem.typeName" to "security_result.detection_fields". - Mapped "associatedItems.0.id" to "target.user.userid" when "associatedItems.0.typeName" is "USER". - Mapped "associatedItems.0.name" to "target.user.user_display_name" when "associatedItems.0.typeName" is "USER". - Mapped "associatedItems.0.parentId" to "target.process.parent_process.pid" when "associatedItems.0.typeName" is "USER". - Mapped "associatedItems.0.parentName" to "target.resource.parent" when "associatedItems.0.typeName" is "USER". - Mapped "associatedItems.0.id" and "associatedItems.0.name" to "security_result.detection_fields" when "associatedItems.0.typeName" is not "USER". - Mapped "associatedItems.0.typeName" to "security_result.detection_fields". - Mapped "changedValues.fieldName", "changedValues.changedFrom", ""changedValues.changedTo" to "security_result.about.resource.attribute.labels". - Mapped "STATUS_UPDATE" to "metadata.event_type" if "remoteAddress" is present. - Mapped "USER_UNCATEGORIZED" to "metadata.event_type" if "authorAccountId" is present or "associatedItems.0.typeName is "USER" and "associatedItems.0.id" is present. |
| 2022-05-31 | Bug-fix - Added condition to check the incorrect mapping for principal.url if url value in the logs has '/status'.
|