Change log for GITHUB
Date | Changes |
---|---|
2024-12-05 | Enhancement:
- Mapped "push_protection_bypass_reason" to "security_result.detection_fields". |
2024-11-14 | Enhancement:
- Added support for new pattern of JSON logs. |
2024-11-06 | Enhancement:
- Mapped "actor" to "principal.resource.attribute.labels". - Changed the mapping of "user" from "target.user.user_display_name" to "principal.user.user_display_name". - Changed the mapping of "external_identity_nameid" from "target.user.email_addresses" to "principal.user.email_addresses". - Changed the mapping of "userid" from "target.user.userid" to "principal.user.userid". |
2024-09-18 | Enhancement:
- Mapped "pull_request_url" to "target.url". - Mapped "pull_request_title", "pull_request_id" ,and "previous_visibility" to "additional.fields". |
2024-08-26 | Enhancement:
- Mapped "explanation" to "additional.fields". |
2024-08-13 | Enhancement:
- Mapped "invitee_email" and "email" to "additional.fields". |
2024-07-02 | Enhancement:
- Fixed the mapping of "config_was". - Changed the mapping of "admin_enforced" from "security_result.action" to "additional.fields". - Mapped "required_status_checks_enforcement_level", "events_were" and "old_permission" to "additional.fields". |
2024-06-13 | Enhancement:
- Mapped "name", "manager", "pull_request_reviews_enforcement_level", "hook_id", "events", "config_was", "key", "fingerprint", "permission", and "title" to "additional.fields". - When "admin_enforced" is "true", then mapped "security_result.action" to "ALLOW". - When "admin_enforced" is "false", then mapped "security_result.action" to "BLOCK". |
2023-12-18 | Bug-Fix:
- If "process_type" is "github_production", added a Grok pattern to extract "kv_data". - If "process_type" is "github_production", mapped "user" to "target.user.user_display_name". - If "process_type" is "github_production", mapped "user_id" to "target.user.userid". - Mapped "referrer" to "network.http.referral_url". - Mapped "user_session_id" to "network.session_id". - Mapped "ip" to "principal.ip". - Mapped "from" to "additional.fields". - Mapped "request_category" to "additional.fields". - Mapped "device_cookie" to "additional.fields". - Mapped "operation_type" to "additional.fields". - Mapped "category_type" to "additional.fields". - Mapped "note" to "additional.fields". - Mapped "read" to "additional.fields". - Mapped "pre_perform_allocation_count" to "additional.fields". - Mapped "backend" to "additional.fields". - Mapped "queue" to "additional.fields". - Mapped "class" to "additional.fields". - Mapped "success" to "additional.fields". - Mapped "controller_action" to "security_result.detection_fields". - Mapped "two_factor" to "security_result.detection_fields". |
2023-10-25 | Enhancement:
- When "public_repo" is "false", set "target.location.name" to "PRIVATE", else set to "PUBLIC". |
2023-10-11 | Enhancement:
- Mapped "user_agent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped "request_method" to "network.http.method". - Mapped "application_name" to "target.application". - Mapped "status_code" to "network.http.response_code". - Mapped "url_path" to "target.url". - Mapped "user_id" to "target.userid". - Mapped "transport_protocol_name" to "network.application_protocol". - Mapped "raw.now" to "metadata.event_timestamp". - Mapped "raw.ip" to "principal.ip". - Mapped "raw.request_id" to "metadata.product_log_id". - Mapped "raw.repo" to "target.url". - Mapped "raw.action" to "security_result.summary". - Mapped "raw.protocol" to "network.application_protocol". - Mapped "raw.message" to "metadata.description". - Mapped "raw.at" to "security_result.action". - Mapped "raw.login" to "target.user_display_name". - Mapped "raw.user_id" to "target.userid". - Mapped "raw.failure_reason", "raw.failure_type", "raw.raw_login" and "raw.from" to "additional.fields". - Mapped "programmatic_access_type", "actor_id", "token_id", "token_scopes", "integration", "query_string", "rate_limit_remaining", "request_body", "route", "business", "org_id", "repo_id", "public_repo", "_document_id", "operation_type", "repository_public" to "additional.fields". |
2023-07-31 | Bug-Fix -
- Added "on_error" to Grok patterns. - Mapped "workflow_run.id" to "target.resource.attribute.labels". - Mapped "workflow_run.event" to "additional.fields". - Mapped "workflow_run.actor.login" to "principal.user.userid". - Mapped "workflow_run.head_branch" to "security_result.about.labels". - Mapped "workflow_run.head_sha" to "target.file.sha256". - Mapped "enterprise.name" to "additional.fields". - Mapped "workflow.name" to "security_result.about.labels". - Mapped "workflow_run.workflow_id" to "security_result.about.labels". |
2023-06-22 | Enhancement-
- Added support for the "github_auth", "haproxy", "github_access", "github_unicorn", "github_production", "hookshot-go", "babeld", "github_gitauth", "babeld2hydro", "authzd", "gitrpcd", "agent", "git-daemon", "github_resqued", "sudo", "systemd" and "github_audit" syslog log formats. |
2023-06-09 | Enhancement-
- Mapped "external_identity_nameid" to "target.user.email_addresses" if in email format. - Fetch the username from "external_identity_nameid" and map to "target.user.userid". |
2023-01-13 | Enhancement-
- Mapped "actor_ip" to" "principal.ip". - Mapeed "hashed_token" to "network.session_id". - Mapped "external_identity_nameid" to "target.user.userid " - Mapped "external_identity_username" to target.user.user_display_name". |
2022-11-28 | Enhancement - Mapped "config.url" to "target.url".
|
2022-07-07 | Enhancement - The newly ingested JSON format logs having action "git.clone","git.push" and "workflows.prepared_workflow_job" have been handled and parsed.
- 'job_name' mapped to 'target.resource.attribute.labels'. - 'job_workflow_ref' mapped to 'target.resource.attribute.labels'. - 'runner_group_id' mapped to 'target.resource.attribute.labels'. - 'runner_group_name' mapped to 'target.resource.attribute.labels'. - 'runner_name' mapped to 'target.resource.attribute.labels'. - 'runner_id' mapped to 'target.resource.attribute.labels'. - 'workflow_run_id' mapped to 'target.resource.attribute.labels'. - 'actor_location.country_code' mapped to 'principal.location.country_or_region'. |