Change log for TWINGATE
| Date | Changes |
|---|---|
| 2024-12-11 | Enhancement:
- Mapped "event_data.actor.type" to "principal.user.attribute.roles". - Mapped "event_data.actor.id" to "principal.user.userid". - Mapped "event_data.actor.info.email" to "principal.user.emailaddresses". - Mapped "event_data.action" to "security_result.action_details". - Mapped "event_data.version" to "metadata.product_version". - Mapped "event_data.targets.id" to "target.resource.attribute.labels". - Mapped "event_data.targets.name" to "target.resource.attribute.labels". - Mapped "event_data.targets.type" to "target.resource.resource_type". - Mapped "event_data.targets.version" to "target.resource.attribute.labels". - Mapped "event_data.targets.email" to "target.resource.attribute.labels". - Mapped "event_data.targets.role" to "target.resource.attribute.labels". - Mapped "event_data.targets.address.value" to "target.ip". - Mapped "event_data.targets.address.value" to "target.asset.ip". |
| 2024-10-11 | Enhancement:
- Added "gsub" to parse unparsed logs. - Mapped "event.reasons.id" to "security_result.detection_fields". - Mapped "event.reasons.name" to "security_result.detection_fields". - Mapped "device.name" to "target.resource.attribute.labels". |
| 2024-07-30 | Enhancement:
- Mapped connection_protocol to "addition.fields". - Changed "event_type" to "event_data_type". - Mapped the unmapped fields. |
| 2024-05-23 | Newly created parser.
|