Change log for PAN_PRISMA_CLOUD
Date | Changes |
---|---|
2024-11-18 | Enhancement:
- Mapped "id" to "metadata.product_log_id". |
2024-03-28 | Enhancement:
- When "ipAddress" is not a valid IP address, then mapped "ipAddress" to "additional.fields". - When "user" is a valid email address, then mapped "user" to "target.user.email_addresses". - When "user" is not a valid email address, then mapped "user" to "target.user.userid". - Mapped "policy_id" and "resource_name" fields in "action" field to "target.resource.attribute.labels". |
2024-02-21 | Enhancement:
- Added "on_error" check for "date" block. - Mapped "alertRules" to "sec_result.detection_fields". - Mapped "policy.policyId" to "sec_result.rule_id". - Mapped "policy.policyType" to "sec_result.rule_type". - Mapped "policy.severity" to "sec_result.severity". - Mapped "policy.recommendation" to "metadata.description". - Mapped "resource.data.architecture" to "principal.asset.hardware.cpu_platform". - Mapped "resource.name" to "target.resource.name". - Mapped "resource.accountId" to "target.resource.product_object_id". - Mapped "resource.regionId" to "target.location.country_or_region". - Mapped "resource.cloudServiceName" to "target.resource.attribute.labels". - Mapped "resource.resourceApiName" to "target.resource.attribute.labels". - Mapped "alertrule.createdBy" to "principal.user.email_addresses". - Mapped "resource.unifiedAssetId" to "principal.asset.asset_id". - Mapped "resource.data.selfLink" to "about.url". - Mapped "resource.data.sourceImage" to "principal.resource.attribute.labels". - Mapped "resource.data.sizeGb" to "principal.resource.attribute.labels". - Mapped "resource.data.physicalBlockSizeBytes" to "principal.resource.attribute.labels". - Mapped "resource.data.labelFingerprint" to "sec_result.detection_fields". - When "reason" is "NEW_ALERT", set "metadata.event_type" to "USER_RESOURCE_CREATION". |
2024-02-13 | Enhancement:
- Added support for new customer logs. |
2022-08-09 | Enhancement:
- Added conditional conversion check for field "timestamp". - Added following mapping when value of the field "resourceType" is "Login": - The field "ipAddress" is mapped to "principal.ip". - The field "user" is mapped to "target.user.email_addresses". - The field "result" is mapped to "security_result.action_details". |