Change log for HASHICORP
| Date | Changes |
|---|---|
| 2024-10-15 | Enhancement:
- Added support to handle JSON logs. |
| 2024-08-28 | Enhancement:
- Added a Grok pattern to retrieve "secretname". - Mapped "jsonPayload.cos.googleapis.com/container_id", "jsonPayload.cos.googleapis.com/container_name", "jsonPayload.cos.googleapis.com/stream" to "additional.fields". - Mapped "resource.labels.instance_id" to "principal.resource.product_object_id". - Mapped "principal.resource.attribute.cloud.availability_zone" to "resource.labels.zone". - Mapped "logName" to "security_result.category_details". |
| 2023-10-26 | Enhancement:
- Added a Grok pattern to handle SYSLOG+JSON logs. |
| 2023-09-22 | Enhancement:
- Modified mapping for "request.remote_port" from "target.port" to "principal.port". - Modified mapping for "request.remote_address" from "target.ip" to "principal.ip". - Mapped "error" to "security_result.description". - Mapped "resource.labels.namespace_name" to "target.namespace". - Mapped "resource.labels.pod_name", "resource.labels.container_name" to "additional.fields". - Mapped "resource.labels.project_id" to "target.cloud.project.name". - Mapped "resource.labels.location" to "target.location.name". - Mapped "insertId" to "metadata.product_log_id". - Mapped "labels.k8s-pod/app_kubernetes_io/instance", "labels.k8s-pod/app_kubernetes_io/name", "labels.k8s-pod/component", "labels.k8s-pod/helm_sh/chart", "labels.k8s-pod/controller-revision-hash", "labels.k8s-pod/vault-initialized", "labels.k8s-pod/vault-version", "labels.k8s-pod/vault-sealed", "labels.k8s-pod/vault-perf-standby", and "labels.k8s-pod/vault-active" to "target.resource.attribute.labels". - Mapped "labels.compute.googleapis.com/resource_name" to "target.resource.name". |
| 2023-04-26 | Enhancement:
- Added a Grok pattern to handle syslog logs. - Mapped "status" to "network.http.response_code". - Mapped "runner" to "principal.user.userid" - Mapped "job_id", "job_status" to "additional.fields". |
| 2023-03-24 | Enhancement:
- Mapped "host" to "observer.hostname". - Mapped "cluster" to "observer.resource.name". - If log contains cluster, then mapped "cluster" to "observer.resource.resource_type". - Added JSON block to retrieve data from "_raw" field. - "httpStatus" mapped to "network.http.response_code". - "httpUrl" mapped to "target.url". - "pid" mapped to "target.process.pid". - "msg" mapped to "metadata.description". - "url" mapped to "principal.url". - "hostname" mapped to "observer.hostname". - "streamingID", "requestId", "httpHeaders.cf-cache-status", "httpHeaders.cf-ray", "httpHeaders.gitlab-lb", "httpHeaders.gitlab-sv", "httpHeaders.x-request-id", "httpHeaders.x-content-type-options", "httpHeaders.x-frame-options", "httpHeaders.ratelimit-limit", "httpHeaders.ratelimit-observed", "httpHeaders.ratelimit-remaining", "httpHeaders.ratelimit-reset", "httpHeaders.ratelimit-resettime", "httpHeaders.server", "httpHeaders.referrer-policy" mapped to "target.resource.attribute.labels". - "method" mapped to "network.application_protocol". - "headers.user-agent" mapped to "network.http.parsed_user_agent". - "httpHeaders.cache-control" mapped to "additional.fields". - "httpHeaders.content-type", "httpHeaders.content-length", "maskedToken", "headers.accept" mapped to "security_result.about.resource.attribute.labels". - "headers.x-real-ip" mapped to "principal.ip". - "headers.x-forwarded-host" mapped to "principal.hostname". - "headers.x-forwarded-port" mapped to "principal.port". - "headers.snyk-acting-org-public-id", "headers.snyk-flow-name", "headers.snyk-request-id" mapped to "principal.resource.attribute.labels". |
| 2023-02-09 | Newly created parser.
|