Change log for GCP_COMPUTE
Date | Changes |
---|---|
2024-06-18 | Enhancement:
-Mapped "file" to "principal.file.names". -Mapped "function" to "principal.resource.attribute.labels". -Mapped "line" to "principal.resource.attribute.labels". -Mapped "timestamp" to "event_timestamp". |
2023-02-24 | Bug - Added mapping for "asset_id" to facilitate search in UI:
"asset:resource.labels.instance_id" is mapped to "principal.asset_id" |
2022-06-16 | Enhancement - Added mapping for the following new fields:
jsonPayload.Message as syslog. Process Name to principal.application. Process ID to principal.process.pid. Account Domain to principal.administrative_domain. Account Name to principal.user.user_display_name. Object Name to target.resource.name. Object Type to target.resource.type. Security ID to target.user.windows_sid. addr to principal.ip. auid to network.session_id. Mapped "LINUX - %{type}" for linux logs and "WINDOWS event log" for windows log to metadata.product_event_type. pid to target.process.pid. acct to target.user.userid. exe to target.process.command_line. file_path to principal.process.file.full_path. Changed mapping of desc from metadata.description to security_result.description. |
2022-05-23 | Enhancement - Added mapping for the following new fields:
jsonPayload.message as syslog. resource.labels.zone to principal.resource.attribute.cloud.availability_zone. resource.labels.location to principal.location.name. resource.labels.project_id to metadata.product_deployment_id. resource.labels.instance_id to principal.resource.product_object_id. |