Change log for ORACLE_DB
Date | Changes |
---|---|
2024-10-25 | Enhancement:
- If "ACTION" is "GRANT", then set "metadata.event_type" to "USER_RESOURCE_UPDATE_PERMISSIONS". - If "ACTION" is "DROP" or "DELETE", then set "metadata.event_type" to "USER_RESOURCE_DELETION". - If "ACTION" is "CREATE", then set "metadata.event_type" to "USER_RESOURCE_CREATION". - If "ACTION" is "ALTER" or "INSERT", then set "metadata.event_type" to "USER_RESOURCE_UPDATE_CONTENT". |
2024-09-25 | Enhancement:
- Added support for new pattern of KV logs. |
2024-07-24 | Enhancement:
- Mapped "AUDIT_POLICY" as a single string to "additional.fields" instead of splitting it into multiple values. |
2024-06-06 | - Minor change in "principal.user.user_display_name".
|
2024-05-30 | - Added support for exadata fields.
|
2024-04-03 | - Added support for some attributes which were not covered.
|
2023-10-25 | Enhancement:
- Mapped "LENGTH", "LOGOFFDEAD", "LOGOFFLREAD", "LOGOFFLWRITE", "LOGOFFPREAD", "SESSIONCPU", "CLIENT_TERMINAL" to "target.resource.attribute.labels". - Mapped "ACTION" to "security_result.summary". - Set "security_result.description" to "Success" when "RETURNCODE" is 0 or "STATUS" is 0. - Set "security_result.description" to "Failure" when "RETURNCODE" is either 1 or -1, or "STATUS" is either 1 or -1. - Mapped "principal.ip" and "principal.port" from "CLIENT_ADDRESS". |
2022-10-13 | Enhancement:
- Added grok pattern to handle SYSLOG and KV logs. |
2022-08-01 | Enhancement: Added mapping for following fields:
- "hostname" mapped to "principal.hostname". - if "returncode" is "0" then security_result.action mapped to "ALLOW" else if it is "-1" then mapped to "BLOCK" - "ACTION" mapped to "metadata.product_event_type". - "DATABASE USER" mapped to "principal.user.user_display_name". - "PRIVILEGE" mapped to "principal.user.attribute.permissions". - "CLIENT USER" mapped to "target.user.user_display_name". - "file_name" mapped to "target.file.full_path". - "event_name" mapped to "metadata.product_event_type". - "ACTION_NUMBER" mapped to "event.idm.read_only_udm.additional.fields". - "length" mapped to "event.idm.read_only_udm.additional.fields". - "DBID" mapped to "metadata.product_log_id". |