Change log for WORKSPACE_ACTIVITY
Date | Changes |
---|---|
2024-11-22 | - Mapped "from_header_address" raw log field to "network.email.from" UDM field.
- Mapped "actor.email" raw log field to "network.email.to" UDM field |
2024-10-18 | - Mapped "message_info.post_delivery_info.action_type" raw log field to "about.labels[post_delivery_action_type]" UDM field.
- Mapped "message_info.post_delivery_info.interaction.link_url" raw log field to "about.url" UDM field |
2024-09-17 | - Mapped each email address of raw log field "resource_recipients" separately to "principal.user.email_addresses" UDM field.
|
2024-09-17 | - Mapped each email address of raw log field "resource_recipients" separately to "principal.user.email_addresses" UDM field.
|
2024-09-09 | - Updated mapping of field "from_header_address" to "principal.network.email.from".
|
2024-07-26 | - Added support to parse the logs having "events" marked as hidden and the logs that are out of scope parsed as GENERIC_EVENT.
|
2024-06-05 | - Added support for "access_url", "access_item_content", and "sheets_import_url" events.
|
2024-05-15 | - Added additional mapping for "target_user" field.
- Added support for "team_drive_settings_change", "presentation_stopped", and "content_unmatched" events. - Added support for "BLOCKED_API_ACCESS" and "MONITOR_MODE_ACCESS_DENY_EVENT" events. - Added support of field "TAB_URL" for event "MALWARE_TRANSFER". |
2024-05-09 | - Added support for logs of applicationName "google_meet".
|
2024-05-08 | - Added support for "team_drive_membership_change", "change_owner_hierarchy_reconciled", and "publish_new_version" events.
- Added support of field "file_name" for Gmail logs. |
2024-03-06 | - Added support for "call_ended", "presentation_started", and "invitation_sent" events.
- Mapped "login_challenge_method" count to "security_result.detection_fields". - Handled different timestamp format. - Update mapping of actor.profileId field to noun.user.product_object_id. - Added support of new events "DELETE_GROUP", "SECURITY_CENTER_RULE_THRESHOLD_TRIGGER", "RELEASE_FROM_QUARANTINE" and "deny". |
2023-12-13 | Added support for "ADD_TO_BLOCKED_OAUTH2_APPS", "ADD_TO_TRUSTED_OAUTH2_APPS", "UPDATE_ACCESS_LEVEL_V2", "sharing_blocked", "UPDATE_AUTO_PROVISIONED_USER", "SECURITY_INVESTIGATION_EXPORT_QUERY", and "SECURITY_INVESTIGATION_ACTION_CANCELLATION" events. |
2023-11-29 | - Added support for "email_collaborators", "message_deleted" and "unsubscribe_via_mail" events.
- Added additional mappings for deprecated labels. |
2023-11-01 | 1. Added support for "download_forms_response", "ACTION_REQUESTED", "change_email_subscription_type", and "reaction_added" events.
2. Updated mapping of field "target" for "applicationName"="drive" to "target.user.email_addresses". 3. Enhancement to use "base64" hex decode function to parse IP addresses. |
2023-10-04 | Added support for "invitation_sent", "SECURITY_INVESTIGATION_ACTION_COMPLETION", "CREATE_GMAIL_SETTING", "CHANGE_GMAIL_SETTING" and "DELETE_GMAIL_SETTING" events. |
2023-09-20 | Added logic to map "actor.key" to "noun.user.userid" where "actor.callType" is "KEY". |
2023-09-06 | Added support for new events. |
2023-08-24 | Modified the logic to parse "TARGET_USER_EMAIL" field for events.name "CHANGE_USER_ACCESS". |
2023-08-23 | Modified logic for "events.name=CHROME_OS_LOGIN_EVENT". |
2023-08-09 | 1. Added support for GMAIL_LOGS.
2. Added support for events "CHANGE_EMAIL_SETTING", "SECURITY_INVESTIGATION_ACTION", "SECURITY_INVESTIGATION_OBJECT_CREATE_DRAFT_INVESTIGATION", "REMOVE_GROUP_MEMBER", "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", "UPDATE_GROUP_MEMBER", and "SECURITY_CHART_DRILLDOWN". |
2023-07-26 | Added support for events "label_applied", "risky_sensitive_action_blocked",
"ALERT_CENTER_LIST_FEEDBACK", "ALERT_CENTER_GET_SIT_LINK", "ALERT_CENTER_LIST_CHANGE", "ALERT_CENTER_LIST_RELATED_ALERTS", "EMAIL_LOG_SEARCH", "SECURITY_INVESTIGATION_QUERY", "CHANGE_GROUP_SETTING", "ADD_GROUP_MEMBER", "CREATE_GROUP", "USER_LICENSE_ASSIGNMENT", "USER_LICENSE_REVOKE", and "blocked_sender". |
2023-07-12 | - Added support of event "label_field_value_changed" for "applicationName=rules".
|
2023-06-14 | 1. Additional mapping of "actor.email" field with "security_result.about.email" UDM field.
2. Updated the parser to include "parse_network_http_user_agent" to use "Parsed User Agent" and "User Agent". |
2023-05-31 | 1. Added support of events "ASSIGN_ROLE", "CREATE_ROLE" for "applicationName=admin" and "events.type = DELEGATED_ADMIN_SETTINGS".
2. Added support of events "AUTHORIZE_API_CLIENT_ACCESS" for "applicationName=admin" and "events.type = DOMAIN_SETTINGS". 3. Added support of events "ALERT_CENTER_VIEW" for "applicationName=admin" and "events.type = ALERT_CENTER". 4. Added support of events "risky_sensitive_action_allowed" for "applicationName=login" and "events.type = login". 5. Modified logic for "USER_LOGIN" events. |
2023-05-29 | Update mapping of "actor" field for "USER_LOGIN" and "USER_LOGOUT" events. |
2023-04-12 | Promoted WORKSPACE_ACTIVITY parser to default. For the field mapping reference, see Collect Google Workspace logs. |