Change log for PAN_PRISMA_CA
Date | Changes |
---|---|
2023-12-10 | Enhancement:
- Added a Grok pattern to extract JSON part. - Mapped "resourceId" to "principal.resource.product_object_id". - Mapped "accountId" to "target.resource.product_object_id". - Mapped "alertRuleName" to "security_result.rule_name". - Mapped "accountName" to "target.resource.name". - Mapped "hasFinding" to "security_result.detection_fields". - Mapped "resourceRegionId" to "principal.cloud.availability_zone". - Mapped "source" to "principal.application". - Mapped "callbackUrl" to "metadata.url_back_to_product". - Mapped "alertRuleId" to "security_result.rule_id". - Mapped "alertId" to "security_result.detection_fields". - Mapped "policyLabels" to "additional.fields". - Mapped "policyName" to "security_result.description". - Mapped "resourceName" to "principal.resource.name". - Mapped "resourceRegion" to "principal.location.country_or_region". - Mapped "policyDescription" to "security_result.detection_fields". - Mapped "policyRecommendation" to "security_result.detection_fields". - Mapped "resourceCloudService" to "principal.resource.attribute.labels". - Mapped "resource.url" to "principal.url". - Mapped "alertTs" to "security_result.detection_fields". - Mapped "firstSeen" to "principal.asset.first_seen_time". - Mapped "lastSeen" to "principal.asset.last_discover_time". - Mapped "reason" to "security_result.summary". - Mapped "alertStatus" to "security_result.detection_fields". - If "severity" value is "HIGH", set "security_result.severity" to "HIGH". - If "cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM". |
2023-08-17 | Newly created parser.
|