Change log for ONELOGIN_SSO
| Date | Changes |
|---|---|
| 2024-05-27 | Enhancement:
- Added "gsub" to parse dropped logs. - Mapped "user_attributes.lastname" to "principal.user.last_name". - Mapped "user_attributes.firstname" to "principal.user.first_name". - Mapped "user_attributes.department" to "principal.user.department". - Mapped "user_attributes.title" to "principal.user.title". - Mapped "user_attributes.email" to "principal.user.email_addresses". |
| 2024-05-21 | Enhancement:
- Mapped "created_at" to "metadata.event_timestamp". - When "principal.user.userid" is not present for event 334, then mapped "metadata.event_type" to "USER_RESOURCE_ACCESS". |
| 2023-04-28 | Enhancement - mapped the following raw logs elements to UDM elements:
- Removed characters from log if it contains ""\", "\\n" or "\\" to correct the JSON log. - Supported different format for datetime match. - Mapped "id" to "metadata.product_object_id". - Mapped "account_id" to "additional.fields". - Mapped "assuming_acting_user_id" to "additional.fields". - Mapped "otp_device_id" to "additional.fields". - Mapped "directory_sync_run_id" to "additional.fields". - Mapped "resource_type_id" to "additional.fields". - Mapped "user_agent" to "network.http.parsed_user_agent". - Mapped "otp_device_id" to "principal.asset_id". - Mapped "actor_system" to "additional.fields". - Mapped "operation_name" to "additional.fields". - Mapped "resolution" to "additional.fields". - Mapped "client_id" to "additional.fields". - Mapped "risk_cookie_id" to "additional.fields". - Mapped "browser_fingerprint" to "additional.fields". - Mapped "event_type_ids" to "additional.fields". - Mapped "since" to "additional.fields". - Mapped "until" to "additional.fields". - Mapped "proxy_ip" to "intermediary.ip". - Mapped "error_description" to "additional.fields". |
| 2022-05-18 | Enhancement - map following raw logs elements to UDM elements:
- actor_user_id to event.idm.read_only_udm.principal.user.product_object_id - user_id to event.idm.read_only_udm.target.user.product_object_id |
| 2022-03-23 | Enhancement-map following raw logs elements to UDM elements
- user_agent to event.idm.read_only_udm.network.http.user_agent. - uuid to event.idm.read_only_udm.metadata.product_log_id. - group_id to event.idm.read_only_udm.target.group.product_object_id. - group_name to event.idm.read_only_udm.target.group.group_display_name. - policy_type to security_result.rule_type. - policy_id to security_result.rule_id. - policy_name to security_result.rule_name. - authentication_factor_type to event.idm.read_only_udm.extensions.auth.auth_details. - risk_reasons to security_result.description. - risk_score to security_result.severity_details. Logic enhancements for the following app_id, app_name, directory_id, directory_name, privilege_id, privilege_name, role_name, role_id. |