Change log for SERVICENOW_CMDB
| Date | Changes |
|---|---|
| 2024-01-23 | Bug-Fix-
- Changed the entire mapping for logs which are of "ASSET" type. - Mapped "metadata.entity_type" to "ASSET" and "relations.entity_type" to "USER". - Changed mapping of "label_ci_link" from "entity.entity.user.attribute.labels" to "relation.entity.user.attribute.labels". - Changed mapping of "label_value" from "entity.entity.user.attribute.labels" to "relation.entity.user.attribute.labels". - Changed mapping of "label_sys_class_name" from "entity.entity.user.attribute.labels" to "relation.entity.user.attribute.labels". - Changed mapping of "first_discovered" from "asset_entity.asset.last_discover_time" to "entity.entity.asset.last_discover_time". - Changed mapping of "last_discovered" from "asset_entity.asset.first_discover_time" to "entity.entity.asset.first_discover_time". - Changed mapping of "sys_updated_on" from "asset_entity.asset.system_last_update_time" to "entity.entity.asset.system_last_update_time"". - Changed mapping of "category" from "asset_entity.asset.category" to "entity.entity.asset.category". - Changed mapping of "u_sub_status" from "asset_entity.asset.deployment_status" to "entity.entity.asset.deployment_status. - Changed mapping of "subcategory" from "asset_entity.asset.type" to "entity.entity.asset.type". - Changed mapping of "name" from "asset_entity.asset.hostname" to "entity.entity.asset.hostname". - Changed mapping of "_lan1" and "_lan2" and "_ip" from "asset_entity.asset.ip" to "entity.entity.asset.ip". - Changed mapping of "_mac" from "asset_entity.asset.mac" to "entity.entity.asset.mac". - Changed mapping of "dns_domain" from "asset_entity.asset.network_domain" to "entity.entity.asset.network_domain". - Changed mapping of "os" from "asset_entity.asset.platform_software.platform" to "entity.entity.asset.platform_software.platform". - Changed mapping of "os_version" and "os_service_pack" from "asset_entity.asset.platform_software.platform_patch_level" to "entity.entity.asset.platform_software.platform_patch_level". - Changed mapping of "asset_tag" from "asset_entity.asset.asset_id" to "entity.entity.asset.asset_id". - Changed mapping of "WMI_Asset_ID" from "asset_entity.asset.asset_id" to "entity.entity.asset.asset_id". - Changed mapping of "_asset_software" and "software" from "asset_entity.asset.software" to "entity.entity.asset.software". - Changed mapping of "client_name" from "asset_entity.asset.hostname" to "entity.entity.asset.hostname". - Changed mapping of "client_id" from "entity.entity.user.userid" to "relation.entity.user.userid". - Changed mapping of "ips" from "asset_entity.asset.ip" to "entity.entity.asset.ip". - Changed mapping of "hardware" from "asset_entity.asset.hardware" to "entity.entity.asset.hardware". - Changed mapping of "DNS_Name" from "asset_entity.asset.network_domain" to "entity.entity.asset.network_domain". - Changed mapping of "sys_id" from "entity.entity.user.product_object_id" to "relation.entity.user.product_object_id". - Changed mapping of "WMI_Service_Tag" from "entity.entity.user.product_object_id" to "relation.entity.user.product_object_id". - Changed mapping of "u_owner_name_computer" from "entity.entity.user.user_display_name" to "relation.entity.user.user_display_name". - Changed mapping of "roles" from "entity.entity.user.attribute.roles" to "relation.entity.user.attribute.roles". |
| 2023-05-31 | Enhancement-
- Removed unwanted declarations. - Wrote merge blocks separately to avoid conflict. |
| 2023-05-22 | Enhancement-Added mappings for the following fields-
- Mapped 'number' to 'security_result.detection_fields'. - Mapped 'cmdb_ci' to 'event.idm.entity.entity.user.attribute.labels'. - Mapped 'host_name' to 'event.idm.entity.entity.asset.hostname'. - Mapped 'short_description' to 'security_result.description'. - Mapped 'description' to 'security_result.action_details'. - Mapped 'sys_class_name' to 'event.idm.entity.entity.user.attribute.labels'. - Mapped 'u_aam_category' to 'security_result.category_details'. - Mapped 'u_aam_subcategory' to 'security_result.detection_fields'. |
| 2022-07-08 | Enhancement:
- Modified mapping for "user_role" from "entity.user.role_name" to "entity.user.attribute.roles". |
| 2022-06-10 | Enhancement- The newly ingested logs have been parsed and mapped to the following fields:
- 'WMI_Service_Tag' mapped to 'entity.user.product_object_id'. - 'User_Name' mapped to 'entity.user.user_display_name'. - 'user_role' mapped to 'entity.user.role_name'. - 'OperatingSystemRole' mapped to 'entity.asset.type'. - 'MAC_Addresses' mapped to 'entity.asset.mac'. - 'OS' mapped to 'entity.asset.platform_software.platform'. - 'WMI_Asset_ID' mapped to 'entity.asset.asset_id'. - 'WindowsOperatingSystem' mapped to 'entity.asset.software'. - 'SerialNumber' mapped to 'entity.asset.product_object_id'. - 'client_name' mapped to 'entity.asset.hostnam'. - 'client_id' mapped to 'entity.user.userid'. - 'CIDR_Subnet_String' mapped to 'entity.asset.ip'. - 'Computer_Serial_Number' mapped to 'entity.asset.hardware.serial_number'. - 'Computer_Serial_Number' mapped to 'entity.asset.hardware.manufacturer'. - 'Computer_Serial_Number' mapped to 'entity.asset.hardware.model'. - 'DNS_Name' mapped to 'entity.asset.network_domain'. |
| 2022-04-13 | Enhancement-Parsed the CEF format logs having different message format.
Mapped the following additional fields: 'event', 'event_ts', 'instance', 'userid', 'source_ip'. |