Change log for AZURE_KEYVAULT_AUDIT
| Date | Changes |
|---|---|
| 2025-07-08 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped `loggingSourceName` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - Added support to `has_principal` which is causing the issue to parser error. |
| 2025-01-30 | Enhancement:
- Added support for the new pattern of JSON logs. |
| 2024-11-18 | Enhancement:
- Added support for new pattern of JSON logs. |
| 2024-10-29 | Enhancement:
- Mapped "properties.isAddressAuthorized", "properties.isAccessPolicyMatch", and "properties.isRbacAuthorized" to "target.resource.attribute.labels". - Mapped "properties.subnetId", and "properties.privateEndpointId" to "additional.fields". |
| 2024-09-25 | - Modified condition for "USER_UNCATEGORIZED" event_type.
|
| 2024-02-27 | - Newly created parser.
|