Change log for PAN_PRISMA_CA

Date	Changes
2023-12-10	Enhancement: - Added a Grok pattern to extract JSON part. - Mapped "resourceId" to "principal.resource.product_object_id". - Mapped "accountId" to "target.resource.product_object_id". - Mapped "alertRuleName" to "security_result.rule_name". - Mapped "accountName" to "target.resource.name". - Mapped "hasFinding" to "security_result.detection_fields". - Mapped "resourceRegionId" to "principal.cloud.availability_zone". - Mapped "source" to "principal.application". - Mapped "callbackUrl" to "metadata.url_back_to_product". - Mapped "alertRuleId" to "security_result.rule_id". - Mapped "alertId" to "security_result.detection_fields". - Mapped "policyLabels" to "additional.fields". - Mapped "policyName" to "security_result.description". - Mapped "resourceName" to "principal.resource.name". - Mapped "resourceRegion" to "principal.location.country_or_region". - Mapped "policyDescription" to "security_result.detection_fields". - Mapped "policyRecommendation" to "security_result.detection_fields". - Mapped "resourceCloudService" to "principal.resource.attribute.labels". - Mapped "resource.url" to "principal.url". - Mapped "alertTs" to "security_result.detection_fields". - Mapped "firstSeen" to "principal.asset.first_seen_time". - Mapped "lastSeen" to "principal.asset.last_discover_time". - Mapped "reason" to "security_result.summary". - Mapped "alertStatus" to "security_result.detection_fields". - If "severity" value is "HIGH", set "security_result.severity" to "HIGH". - If "cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM".
2023-08-17	Newly created parser.

Date

Changes

2023-12-10

Enhancement:
- Added a Grok pattern to extract JSON part.
- Mapped "resourceId" to "principal.resource.product_object_id".
- Mapped "accountId" to "target.resource.product_object_id".
- Mapped "alertRuleName" to "security_result.rule_name".
- Mapped "accountName" to "target.resource.name".
- Mapped "hasFinding" to "security_result.detection_fields".
- Mapped "resourceRegionId" to "principal.cloud.availability_zone".
- Mapped "source" to "principal.application".
- Mapped "callbackUrl" to "metadata.url_back_to_product".
- Mapped "alertRuleId" to "security_result.rule_id".
- Mapped "alertId" to "security_result.detection_fields".
- Mapped "policyLabels" to "additional.fields".
- Mapped "policyName" to "security_result.description".
- Mapped "resourceName" to "principal.resource.name".
- Mapped "resourceRegion" to "principal.location.country_or_region".
- Mapped "policyDescription" to "security_result.detection_fields".
- Mapped "policyRecommendation" to "security_result.detection_fields".
- Mapped "resourceCloudService" to "principal.resource.attribute.labels".
- Mapped "resource.url" to "principal.url".
- Mapped "alertTs" to "security_result.detection_fields".
- Mapped "firstSeen" to "principal.asset.first_seen_time".
- Mapped "lastSeen" to "principal.asset.last_discover_time".
- Mapped "reason" to "security_result.summary".
- Mapped "alertStatus" to "security_result.detection_fields".
- If "severity" value is "HIGH", set "security_result.severity" to "HIGH".
- If "cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM".

2023-08-17

Newly created parser.