Change log for GCP_CLOUDAUDIT
| Date | Changes |
|---|---|
| 2024-03-06 | - Added mapping of "protoPayload.request.New Data" and "protoPayload.request.Original Data" raw log fields.
- Added mapping for fields of "protoPayload.request.service.metadata.annotations" and "protoPayload.request.service.spec.template.metadata.annotations" object. - Added mapping for fields of "protoPayload.response.spec.template" object. |
| 2024-02-28 | - Added mapping of "protoPayload.request.metadata.resourceVersion" raw log field.
- Change mapping of "protoPayload.metadata.projectMetadataDelta" and "protoPayload.request.action" raw log field. |
| 2024-01-31 | - Added additional field mapping for "GroupsService.UpdateGroup" MethodName.
|
| 2024-01-17 | - Added mapping of "protoPayload.metadata.datasetChange.bindingDeltas" raw log field block.
- Added additional field mapping of "io.k8s.certificates.v1.certificatesigningrequest", "UpdateCryptoKeyVersion", "google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy", "UpdateEventThreatDetectionSettings", "SetIamPolicy" and "beta.compute.images.setIamPolicy" MethodName. - Removed duplicate mapping of "security_result.action" UDM field. |
| 2023-12-13 | - Changed mapping of "target.application" UDM field for Kubernetes Engine events.
|
| 2023-11-29 | - Added mapping of "securityContext.capabilities.add", "securityContext.seccompProfile.type" and "spec.Containers.shareProcessNamespace" raw log fields.
- Added mapping of "membershipDelta" raw log block. - Added support of "SelfSubjectAccessReviews" MethodName. - Added mappings of the raw log fields which were mapped to the deprecated field "noun.labels". |
| 2023-11-09 | - Added mapping of "request.roleRef.name" log field.
- Added support for the "clusterroles.create" MethodName. - Added support for the "daemonsets.create" MethodName. - Align 'principal/target.hostname' and 'principal/target.asset.hostname' mapping. |
| 2023-10-18 | - Added mapping of "labels.imagepolicywebhook.image-policy.k8s.io/dry-run" log field.
|
| 2023-08-28 | - Updated "metadata.event_type" for "DisableServiceAccount" and "EnableServiceAccount" MethodName.
|
| 2023-07-26 | - Updated "metadata.event_type" for "v1.compute.disks.insert" MethodName.
- Updated mapping of "protoPayload.status.code" log field. |
| 2023-07-12 | Added support for the "io.k8s.batch.v1.jobs.create" MethodName. |
| 2023-06-14 | Updated the parser to include "parse_network_http_user_agent" to use "Parsed User Agent" and "User Agent". |
| 2023-05-02 | Added mapping for "protoPayload.request.action" log field of methodName "v1.compute.securityPolicies.patchRule" and set value of "security_result.action" UDM field based on the "protoPayload.request.action" log field. |
| 2023-04-12 | Promoted GCP_CLOUDAUDIT parser to default. For the field mapping reference, see https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-audit-logs#field-mapping. |