Change log for MICROSOFT_CASB
Date | Changes |
---|---|
2025-03-26 | Enhancement:
- Modified and added Grok pattern to parse different time formats. - Added a conditional check when mapping "suser" to "principal.user.userid". - Mapped "uniqueServiceAppIds" to "target.resource.id". - Added a conditional check before setting "metadata.event_type" to "USER_LOGIN" and renaming "event.idm.read_only_udm.principal.user" to "event.idm.read_only_udm.target.user". - Added a conditional check before setting "metadata.event_type" to "USER_RESOURCE_CREATION" , "USER_RESOURCE_UPDATE_CONTENT" and "RESOURCE_READ". - Added a "user_display_name" null check before mapping "user_display_name" to "principal.user.userid". - Added on error when mapping "suser" to "principal.user.userid" and "principal.user.user_display_name". |
2023-11-27 | Enhancement:
- Handled unparsed JSON logs. |
2023-06-28 | Enhancement:
- Enhanced parser to set the "metadata.event_type" to a more specific value and reduce the number of logs with "GENERIC_EVENT" for "metadata.event_type". |