Stay organized with collections
Save and categorize content based on your preferences.
Change log for CYBERARK_PRIVILEGE_CLOUD
Date
Changes
2025-08-18
Enhancement:
- Updated the conditional logic for assigning USER_UNCATEGORIZED to the event_type field.
2025-06-20
Enhancement:
- Newly added new grok pattern to parse `host` raw field correctly.
- `event.idm.read_only_udm.additional.fields` : Newly mapped `app`, `Otherinfo`,and `Otherinfo` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field.
- `event.idm.read_only_udm.security_result.detection_fields` : Newly mapped `AffectedUserName` ,`RequestId`, `SafeName`,and `Database` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
2024-11-13
Enhancement:
- Changed mapping of the syslog header "hostname" from "principal.hostname" to "intermediary.hostname".
2024-10-30
Enhancement:
- Mapped "hostn" to "principal.hostname" and "principal.asset.hostname".
- Mapped "MessageID", "Version", "Safe", "PolicyID", "DeviceType", and "Address" to "additional.fields".
- Mapped "GatewayStation" to "target.ip".
- Mapped "UserName" to "principal.user.user_display_name".
- Mapped "Station" to "principal.ip".
- Mapped "Message" to "security_result.summary".
- Mapped "Issuer" to "principal.user.userid".
- Mapped "Station" to "principal.ip".
- Mapped "File" to "principal.file.full_path".
- Mapped "Severity" to "security_result.severity".
- Mapped "CPMStatus" to "security_result.action".
2024-08-21
Enhancement:
- Mapped "host" to "principal.hostname" and "principal.asset.hostname".
2024-03-17
Enhancement:
- Mapped "device_version" to "metadata.product_version".
- Mapped "device_event_class_id" and "event_name" to "metadata.product_event_type".
- Mapped "msg" to "metadata.description".
- If "shost" is IP then mapped "shost" to "principal.ip" else mapped it to "principal.hostname".
- If "dvc" to "principal.hostname".
- Mapped "dhost" to "target.hostname".
- Mapped "duser" to "target.user.user_display_name".
- Mapped "suser" to "principal.user.user_display_name".
- Mapped "act" to "security_result.action_details".
- Mapped "severity" to "security_result.severity".
- Mapped "cn1", "cn1Label", "cn2", "cn2Label", "cs1", "cs1Label", "cs2", "cs2Label", "cs3", "cs3Label", "cs4", "cs4Label", "cs5", "cs5Label", and "fname" to "additional.fields".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eThis changelog details updates to the CYBERARK_PRIVILEGE_CLOUD, specifically focusing on syslog field mappings.\u003c/p\u003e\n"],["\u003cp\u003eMultiple enhancements have been implemented to map various syslog fields, such as "host," "MessageID," and "UserName," to standardized fields like "principal.hostname," "additional.fields," and "principal.user.user_display_name".\u003c/p\u003e\n"],["\u003cp\u003eConditional mappings were introduced, such as mapping "shost" to "principal.ip" if it's an IP address, or to "principal.hostname" otherwise.\u003c/p\u003e\n"],["\u003cp\u003eA new parser for CYBERARK_PRIVILEGE_CLOUD was created and implemented on 2023-11-24.\u003c/p\u003e\n"],["\u003cp\u003eThe "hostname" in the syslog header has been changed from mapping to "principal.hostname" to "intermediary.hostname".\u003c/p\u003e\n"]]],[],null,["Change log for CYBERARK_PRIVILEGE_CLOUD\n\n| Date | Changes |\n|------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2025-08-18 | Enhancement: - Updated the conditional logic for assigning USER_UNCATEGORIZED to the event_type field. |\n| 2025-06-20 | Enhancement: - Newly added new grok pattern to parse \\`host\\` raw field correctly. - \\`event.idm.read_only_udm.additional.fields\\` : Newly mapped \\`app\\`, \\`Otherinfo\\`,and \\`Otherinfo\\` raw log fields with \\`event.idm.read_only_udm.additional.fields\\` UDM field. - \\`event.idm.read_only_udm.security_result.detection_fields\\` : Newly mapped \\`AffectedUserName\\` ,\\`RequestId\\`, \\`SafeName\\`,and \\`Database\\` raw log field with \\`event.idm.read_only_udm.security_result.detection_fields\\` UDM field. |\n| 2024-11-13 | Enhancement: - Changed mapping of the syslog header \"hostname\" from \"principal.hostname\" to \"intermediary.hostname\". |\n| 2024-10-30 | Enhancement: - Mapped \"hostn\" to \"principal.hostname\" and \"principal.asset.hostname\". - Mapped \"MessageID\", \"Version\", \"Safe\", \"PolicyID\", \"DeviceType\", and \"Address\" to \"additional.fields\". - Mapped \"GatewayStation\" to \"target.ip\". - Mapped \"UserName\" to \"principal.user.user_display_name\". - Mapped \"Station\" to \"principal.ip\". - Mapped \"Message\" to \"security_result.summary\". - Mapped \"Issuer\" to \"principal.user.userid\". - Mapped \"Station\" to \"principal.ip\". - Mapped \"File\" to \"principal.file.full_path\". - Mapped \"Severity\" to \"security_result.severity\". - Mapped \"CPMStatus\" to \"security_result.action\". |\n| 2024-08-21 | Enhancement: - Mapped \"host\" to \"principal.hostname\" and \"principal.asset.hostname\". |\n| 2024-03-17 | Enhancement: - Mapped \"device_version\" to \"metadata.product_version\". - Mapped \"device_event_class_id\" and \"event_name\" to \"metadata.product_event_type\". - Mapped \"msg\" to \"metadata.description\". - If \"shost\" is IP then mapped \"shost\" to \"principal.ip\" else mapped it to \"principal.hostname\". - If \"dvc\" to \"principal.hostname\". - Mapped \"dhost\" to \"target.hostname\". - Mapped \"duser\" to \"target.user.user_display_name\". - Mapped \"suser\" to \"principal.user.user_display_name\". - Mapped \"act\" to \"security_result.action_details\". - Mapped \"severity\" to \"security_result.severity\". - Mapped \"cn1\", \"cn1Label\", \"cn2\", \"cn2Label\", \"cs1\", \"cs1Label\", \"cs2\", \"cs2Label\", \"cs3\", \"cs3Label\", \"cs4\", \"cs4Label\", \"cs5\", \"cs5Label\", and \"fname\" to \"additional.fields\". |\n| 2023-11-24 | - Newly created parser. |"]]
