Change log for XITING_XAMS
| Date | Changes |
|---|---|
| 2024-09-26 | Enhancement:
- Changed mapping for "sapClassName" from "security_result.description" to "security_result.category_details". - Mapped "sapEventId" to "metadata.product_event_type". - Mapped "duser" to "principal.user.userid". - Mapped "cs3" to "target.user.userid". - Mapped "suser" to "principal.user.userid". - When "column5" is having "/XITING/SA_S_SAL_PROTOCOL" as value then mapped "Security Audit Log" as "metadata.product_name" and "SAP" as "metadata.vendor_name". - Mapped "event_name_value" to "metadata.description". - Changed mapping for "msg" from "metadata.description" to "security_result.description". - Mapped "client" to "additional.fields". |
| 2024-09-05 | Enhancement:
- Mapped "sapTsUtc" to "metadata.event_timestamp". - Mapped "sapClassName", "cs2" to "additional.fields". - When "sapEventId" is "AU7", then mapped the following: - "sapEventId" to "deviceEventClassID". - Changed cs_4 label key to "Client". - "column6" to "eventName". - "cs3" as "Report" in "additional.fields". - Changed cs_5 label key to "ParamC". - Mapped "shost" to "principal.application". - Mapped "suser" to "principal.user.user_display_name". |
| 2024-08-12 | Enhancement:
- Mapped "sourceAddress" to principal.ip. - Mapped CEF header ip and host to intermediate.ip and intermediate.hostname respectively. |
| 2024-03-13 | - Updated mapping for raw fields "sapEventId", "devicePayloadId", "sapTsTime", and "sapTsDate".
- Updated parser with conditional mapping. |