Change log for KUBERNETES_AUDIT

Date	Changes
2023-08-21	Enhancement: - Parsed new format JSON logs. - Based on 'verb', identified the specific "event_types". - Mapped following additional fields : - 'kind' to 'metadata.product_event_type'. - 'apiVersion' to 'metadata.product_version'. - 'auditID' to 'metadata.product_log_id'. - 'stage' to 'metadata.description'. - 'requestURI' to 'target.url'. - 'userAgent' to 'network.http.user_agent'. - 'verb' to 'network.http.method'. - 'responseStatus.code' to 'network.http.response_code'. - 'user.username' to 'principal.user.user_display_name'. - 'user.uid' to 'principal.user.userid'. - 'user.groups' to 'principal.user.group_identifiers'. - 'sourceIPs' to 'principal.ip'. - 'objectRef.resource' to 'target.resource.resource_subtyp'. - 'annotations.authorization.k8s.io/decision' to 'security_result.action'. - 'annotations.authorization.k8s.io/reason' to 'security_result.description'. - 'stageTimestamp' to 'metadata.collected_timestamp'.
2022-07-14	Newly created parser

Date

Changes

2023-08-21

Enhancement:
- Parsed new format JSON logs.
- Based on 'verb', identified the specific "event_types".
- Mapped following additional fields :
- 'kind' to 'metadata.product_event_type'.
- 'apiVersion' to 'metadata.product_version'.
- 'auditID' to 'metadata.product_log_id'.
- 'stage' to 'metadata.description'.
- 'requestURI' to 'target.url'.
- 'userAgent' to 'network.http.user_agent'.
- 'verb' to 'network.http.method'.
- 'responseStatus.code' to 'network.http.response_code'.
- 'user.username' to 'principal.user.user_display_name'.
- 'user.uid' to 'principal.user.userid'.
- 'user.groups' to 'principal.user.group_identifiers'.
- 'sourceIPs' to 'principal.ip'.
- 'objectRef.resource' to 'target.resource.resource_subtyp'.
- 'annotations.authorization.k8s.io/decision' to 'security_result.action'.
- 'annotations.authorization.k8s.io/reason' to 'security_result.description'.
- 'stageTimestamp' to 'metadata.collected_timestamp'.

2022-07-14

Newly created parser