Docs Support

Change log for LINUX_SYSMON

Date	Changes
2022-07-12	Enhancement : - Added null check to EventID field prior mapping. - Mapped insertId to metadata.product_log_id. - Mapped logName to target_process_file. - Mapped resource.type to target.resource.type. - Mapped resource.labels.project_id to target.resource.product_object_id. - Mapped resource.labels.instance_id to target.resource.id. - Mapped refer_url to network.http.referral_url.
2022-05-10	Initial creation of the LINUX_SYSMON Chronicle parser, based upon WINDOWS_SYSMON - Supports events IDs 1, 3, 5, 9, 11, 16, 23. - Uses the Chronicle Forwarder Regex Filter capabilities with an allow filter of 'sysmon' to exclude syslog logs.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-03-28 UTC.