Stay organized with collections
Save and categorize content based on your preferences.
Change log for CA_ACCESS_CONTROL
Date
Changes
2023-07-25
Bug-Fix -Removed use case-specific information from default parser.
2022-06-29
Enhancement - Modified grok pattern to parse Update Event log types, shutdown logs and start logs. Mapped "timestamp" to "event.idm.read_only_udm.metadata.collected_timestamp" for SEAUDIT FORMAT Logs.
Mapped "Userid" to "event.idm.read_only_udm.target.user.userid" for Update User, Update Group.
Mapped "event.idm.read_only_udm.metadata.event_type" [User_Uncategorized for Update (User,File,Program,Hnode) and Group_Uncategorized for Update(Group)].
Mapped "about.labels" for Update Hnode log type with key as "policy_name".
Mapped "event.idm.read_only_udm.target.resource.name" for Update Hnode Log Type.
Mapped "event.idm.read_only_udm.target.process.command_line" for Update Events.
Mapped "event.idm.read_only_udm.src.user.userid" with the raw field User Name.
Mapped "event.idm.read_only_udm.security_result.rule_type" with command_type for "Security database administration" event type.
2022-04-13
Enhancement-Mapped the following fields: status, reason, stage, class, resource, access, event header, administrator, command, type, sequence number, daemon.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["A bug fix on 2023-07-25 removed use case-specific information from the default parser."],["On 2022-06-29, enhancements included modifying the grok pattern to parse various log types and mapping several fields for SEAUDIT FORMAT Logs and Update Events, including timestamps, user IDs, event types, and more."],["On 2022-04-13, an enhancement mapped fields such as status, reason, stage, class, resource, access, event header, administrator, command, type, sequence number, and daemon."]]],[]]
