Change log for CENTRIFY_SSO

Date	Changes
2022-08-10	Bug-fix - Modified mapping for the field 'ComputerName' from 'principal.asset.hostname' to 'event.idm.read_only_udm.about.hostname' for logs with JSON format.
2022-07-13	Enhancement: - Mapped "msg" to "metadata.description". - Mapped "EventType" to "metadata.product_event_type". - Mapped "pid" to "principal.process.pid". - Mapped "host" to "principal.hostname". - Mapped "SessionGuid" to "network.session_id". - Mapped "UserType" to "principal.user.attribute.roles". - Mapped "AzRoleName" to "target.user.attribute.roles". - Mapped "UserGuid" to "principal.user.userid". - Mapped "ComputerID" to "principal.asset.asset_id". - Mapped "ComputerName" to "principal.asset.hostname". - Mapped "ComputerFQDN" to "principal.asset.network_domain". - Mapped "AuthorityID" to "target.asset.asset_id". - Mapped "AuthorityFQDN" to "target.asset.network_domain". - Mapped "InternalTrackingID" to "metadata.product_log_id". - Mapped "EventMessage" to "security_result.summary". - Mapped "CredentialId" to "security_result.detection_fields". - Mapped "ProxyId" to "security_result.detection_fields". - Mapped "DirectoryServiceUuid" to "security_result.detection_fields". - Mapped "AzDeploymentId" to "security_result.detection_fields". - Mapped "ID" to "security_result.detection_fields". - Mapped "AccountID" to "security_result.detection_fields". - Mapped "DirectoryServiceName" to "security_result.detection_fields". - Mapped "Tenant" to "additional.fields". - Mapped "JumpType" to "additional.fields". - Mapped "OperationMode" to "additional.fields". - Mapped "ThreadType" to "additional.fields". - Mapped "AzRoleId" to "additional.fields". - Mapped "TokenType" to "additional.fields".

Date

Changes

2022-08-10

Bug-fix - Modified mapping for the field 'ComputerName' from 'principal.asset.hostname' to 'event.idm.read_only_udm.about.hostname' for logs with JSON format.

2022-07-13

Enhancement:
- Mapped "msg" to "metadata.description".
- Mapped "EventType" to "metadata.product_event_type".
- Mapped "pid" to "principal.process.pid".
- Mapped "host" to "principal.hostname".
- Mapped "SessionGuid" to "network.session_id".
- Mapped "UserType" to "principal.user.attribute.roles".
- Mapped "AzRoleName" to "target.user.attribute.roles".
- Mapped "UserGuid" to "principal.user.userid".
- Mapped "ComputerID" to "principal.asset.asset_id".
- Mapped "ComputerName" to "principal.asset.hostname".
- Mapped "ComputerFQDN" to "principal.asset.network_domain".
- Mapped "AuthorityID" to "target.asset.asset_id".
- Mapped "AuthorityFQDN" to "target.asset.network_domain".
- Mapped "InternalTrackingID" to "metadata.product_log_id".
- Mapped "EventMessage" to "security_result.summary".
- Mapped "CredentialId" to "security_result.detection_fields".
- Mapped "ProxyId" to "security_result.detection_fields".
- Mapped "DirectoryServiceUuid" to "security_result.detection_fields".
- Mapped "AzDeploymentId" to "security_result.detection_fields".
- Mapped "ID" to "security_result.detection_fields".
- Mapped "AccountID" to "security_result.detection_fields".
- Mapped "DirectoryServiceName" to "security_result.detection_fields".
- Mapped "Tenant" to "additional.fields".
- Mapped "JumpType" to "additional.fields".
- Mapped "OperationMode" to "additional.fields".
- Mapped "ThreadType" to "additional.fields".
- Mapped "AzRoleId" to "additional.fields".
- Mapped "TokenType" to "additional.fields".