Stay organized with collections
Save and categorize content based on your preferences.
Change log for WORKSPACE_ALERTS
Date
Changes
2024-10-08
- Mapped all fields in "message" raw log field to "security_result.detection_fields" with separate "security_result" block for each message.
2024-07-26
- Updated the field name from "emailaddress" to "emailAddress"
2023-11-29
- Updated mapping to map the first occurrence of domain values in the recipients array to "target.domain.name" and other occurrences to "additional" UDM field.
- Added additional mappings for deprecated labels.
2023-11-01
Enhancement to use "base64" hex decode function to parse IP addresses.
2023-10-04
Added support for new Alert Types for source "Reporting Rule".
2023-09-06
Added support for new Alert Types for source "UserChanges" and "AppSettingsChanged".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The parser for WORKSPACE_ALERTS has undergone several updates, including field mapping changes and support for new alert types."],["Field name \"emailaddress\" was updated to \"emailAddress\" on July 26, 2024."],["On November 29, 2023, domain value mapping was refined, and additional mappings for deprecated labels were introduced."],["Support for new Alert Types was added for sources \"Reporting Rule\" on October 4, 2023, and for \"UserChanges\" and \"AppSettingsChanged\" on September 6, 2023."],["On April 12, 2023, the WORKSPACE_ALERTS parser was promoted to default."]]],[]]
