Change log for AWS_SECURITY_HUB
| Date | Changes |
|---|---|
| 2023-06-20 | Enhancement - Modified "metadata.event_type" from "GENERIC_EVENT" to "USER_RESOURCE_ACCESS".
|
| 2023-03-24 | Enhancement - when "detail.findings.0.Resources.0.Type" == "AwsEcsTaskDefinition" -
- Mapped "target.resource.resource_type" to "TASK". - Mapped "event_type" to "USER_RESOURCE_ACCESS". - Mapped "detail.findings.0.ProductFields.Resources:0/Id" to "principal.asset_id". - Parsed all other failing logs as GENERIC_EVENT as STATUS_UPDATE was not a good parsing option for them. |
| 2022-08-22 | Enhancement -
- Updated vendor_name from "AWS SECURITY HUB" to "AMAZON". - Updated product_name from "AWS SECURITY HUB" to "AWS Security Hub". - Parsed The new JSON format logs containing "configurationItem" or "configurationItems". - Handled the logs which were ingested as an import file by separating them out using for loop and parse each as individual events. |
| 2022-07-01 | Newly Created Parser.
|