Change log for CYBERARK_PRIVILEGE_CLOUD
| Date | Changes |
|---|---|
| 2025-08-18 | Enhancement:
- Updated the conditional logic for assigning USER_UNCATEGORIZED to the event_type field. |
| 2025-06-20 | Enhancement:
- Newly added new grok pattern to parse `host` raw field correctly. - `event.idm.read_only_udm.additional.fields` : Newly mapped `app`, `Otherinfo`,and `Otherinfo` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.detection_fields` : Newly mapped `AffectedUserName` ,`RequestId`, `SafeName`,and `Database` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. |
| 2024-11-13 | Enhancement:
- Changed mapping of the syslog header "hostname" from "principal.hostname" to "intermediary.hostname". |
| 2024-10-30 | Enhancement:
- Mapped "hostn" to "principal.hostname" and "principal.asset.hostname". - Mapped "MessageID", "Version", "Safe", "PolicyID", "DeviceType", and "Address" to "additional.fields". - Mapped "GatewayStation" to "target.ip". - Mapped "UserName" to "principal.user.user_display_name". - Mapped "Station" to "principal.ip". - Mapped "Message" to "security_result.summary". - Mapped "Issuer" to "principal.user.userid". - Mapped "Station" to "principal.ip". - Mapped "File" to "principal.file.full_path". - Mapped "Severity" to "security_result.severity". - Mapped "CPMStatus" to "security_result.action". |
| 2024-08-21 | Enhancement:
- Mapped "host" to "principal.hostname" and "principal.asset.hostname". |
| 2024-03-17 | Enhancement:
- Mapped "device_version" to "metadata.product_version". - Mapped "device_event_class_id" and "event_name" to "metadata.product_event_type". - Mapped "msg" to "metadata.description". - If "shost" is IP then mapped "shost" to "principal.ip" else mapped it to "principal.hostname". - If "dvc" to "principal.hostname". - Mapped "dhost" to "target.hostname". - Mapped "duser" to "target.user.user_display_name". - Mapped "suser" to "principal.user.user_display_name". - Mapped "act" to "security_result.action_details". - Mapped "severity" to "security_result.severity". - Mapped "cn1", "cn1Label", "cn2", "cn2Label", "cs1", "cs1Label", "cs2", "cs2Label", "cs3", "cs3Label", "cs4", "cs4Label", "cs5", "cs5Label", and "fname" to "additional.fields". |
| 2023-11-24 | - Newly created parser.
|