Change log for SAP_SM20
| Date | Changes |
|---|---|
| 2024-04-16 | - Mapped "ALGSYSTEM" to "principal.hostname" and "principal.asset.hostname".
|
| 2024-01-29 | - Added support for newly ingested logs.
- Mapped "WP_PID" to "target.process.pid". - Mapped "WP_SERVER" to "intermediary.hostname". - Mapped "WP_STATUS" to "security_result.summary". - Mapped "INSTANCE_NAME" to "principal.hostname" and "principal.asset.hostname". - Mapped "TXSEVERITY" to "security_result.severity". - Mapped "TXSUBCLSID" to "security_result.description". - Mapped "ALGSYSTEM" to "principal.hostname" and "principal.asset.hostname". - If "ALGLTERM" is an IP address, then mapped it to "target.ip" and "target.asset.ip", else mapped it to "target.hostname" and "target.asset.hostname". - Mapped "ALGCLIENT" and "ALGINST" to "target.resource.attribute.labels". - Mapped "ALGUSER" to "target.user.userid". - Mapped "ALGTEXT" to "metadata.description". - If "ALGTEXT" is nearly equals to "logon successful" and "has_principal" and "has_target" is equals to "true" then "metadata.event_type" is set to "USER_LOGIN". - Mapped "WP_TYP", "ALGREPNA", "ALGAREA", "ALGFILENO", "ALGFILEPOS", "ALGSUBID", "UTCDIFF", "ALGTASKNO", "ALGTASKTYPE", "ALGTCODE" to "additional.fields". |
| 2023-12-07 | - Newly created parser.
|