Change log for POSTGRESQL
| Date | Changes |
|---|---|
| 2025-06-05 | Enhancement:
- Added gsub to to modify `message` in the raw log to `msg`. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `backend_type` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.principal.port: Newly mapped `remote_port` raw log field with `event.idm.read_only_udm.principal.port` UDM field. - event.idm.read_only_udm.principal.ip, event.idm.read_only_udm.principal.asset.ip: Newly mapped `remote_host` raw log field with `event.idm.read_only_udm.principal.ip`, `event.idm.read_only_udm.principal.asset.ip` UDM fields when `remote_host` is a valid IP. - event.idm.read_only_udm.principal.hostname, event.idm.read_only_udm.principal.asset.hostname: Newly mapped `remote_host` raw log field with `event.idm.read_only_udm.principal.hostname`, `event.idm.read_only_udm.principal.asset.hostname` UDM fields when `remote_host` is not a valid IP. - event.idm.read_only_udm.security_result.description: Newly mapped `msg` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - event.idm.read_only_udm.target.application: Newly mapped `application_name` raw log field with `event.idm.read_only_udm.target.application` UDM field. - event.idm.read_only_udm.security_result.severity_details: Newly mapped `error_severity` raw log field with `event.idm.read_only_udm.security_result.severity_details` UDM field. - event.idm.read_only_udm.target.resource.parent: Newly mapped `dbname` raw log field with `event.idm.read_only_udm.target.resource.parent` UDM field. - event.idm.read_only_udm.principal.ip, event.idm.read_only_udm.principal.asset.ip: Newly mapped `detail_ip` raw log field with `event.idm.read_only_udm.principal.ip`, `event.idm.read_only_udm.principal.asset.ip` UDM fields. - event.idm.read_only_udm.principal.process.pid: Newly mapped `pid` raw log field with `event.idm.read_only_udm.principal.process.pid` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `query_id`, `txid`, `vxid`, `state_code`, `detail` and `line_num` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `timeStamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_LOGIN` when `ps` is `authentication` or `message` contains `LOGON`. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_RESOURCE_CREATION` when `msg` contains `CREATE USER`, `CREATE TABLE`, `CREATE DATABASE` or `CREATE OBJECT`, `has_target_resource`, `has_principal` and `has_user` are true. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_RESOURCE_DELETION` when `msg` contains `Delete` or `Drop`, `has_target_resource`, `has_principal` and `has_user` are true. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_RESOURCE_UPDATE_PERMISSIONS` when `msg` contains `Grant`, `has_target_resource`, `has_principal` and `has_user` are true. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_RESOURCE_UPDATE_CONTENT` when `msg` contains `Alter`, `has_target_resource`, `has_principal` and `has_user` are true. |
| 2024-08-07 | - Newly created parser
|