Change log for WIZ_IO
| Date | Changes |
|---|---|
| 2025-06-04 | Enhancement:
- event.idm.read_only_udm.metadata.product_log_id: Newly Mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM Field. - event.idm.read_only_udm.metadata.timestamp: Newly Mapped `createdAt` raw log field with `event.idm.read_only_udm.metadata.timestamp` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.uid` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.namespace` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.container.name` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.cri-containerd.kind` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.name` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly Mapped `entitySnapshot.tags.maintainer` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.principal.group.product_object_id: Newly Mapped `entitySnapshot.externalId` raw log field with `event.idm.read_only_udm.principal.group.product_object_id` UDM Field. - event.idm.read_only_udm.principal.group.product_object_id: Newly Mapped `actionParameters.clientID` raw log field with `event.idm.read_only_udm.principal.group.product_object_id` UDM Field. - event.idm.read_only_udm.metadata.product_event_type: Newly Mapped `type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM Field. - event.idm.read_only_udm.principal.namespace: Newly Mapped `entitySnapshot.tags.io.kubernetes.pod.namespace` raw log field with `event.idm.read_only_udm.principal.namespace` UDM Field. - event.idm.read_only_udm.principal.asset_id: Newly Mapped `entitySnapshot.id` raw log field with `event.idm.read_only_udm.principal.asset_id` UDM Field. - event.idm.read_only_udm.principal.cloud.vpc.name: Newly Mapped `entitySnapshot.cloudPlatform` raw log field with `event.idm.read_only_udm.principal.cloud.vpc.name` UDM Field. - event.idm.read_only_udm.principal.cloud.vpc.id: Newly Mapped `entitySnapshot.providerId` raw log field with `event.idm.read_only_udm.principal.cloud.vpc.id` UDM Field. - event.idm.read_only_udm.principal.cloud.project.id: Newly Mapped `entitySnapshot.type` raw log field with `event.idm.read_only_udm.principal.cloud.project.id` UDM Field. - event.idm.read_only_udm.principal.cloud.project.resource_subtype: Newly Mapped `entitySnapshot.nativeType` raw log field with `event.idm.read_only_udm.principal.cloud.project.resource_subtype` UDM Field. - event.idm.read_only_udm.principal.cloud.project.name: Newly Mapped `entitySnapshot.name` raw log field with `event.idm.read_only_udm.principal.cloud.project.name` UDM Field. - event.idm.read_only_udm.security_result.action_details: Newly Mapped `entitySnapshot.status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `updatedAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `dueAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `statusChangedAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.principal.user.userid: Newly Mapped `sourceRule.id` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `control.name` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `control.description` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `control.resolutionRecommendation` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.security_result.summary: Newly Mapped `subcategories.title` raw log field with `event.idm.read_only_udm.security_result.category` UDM Field. - event.idm.read_only_udm.security_result.category_details: Newly Mapped `subcategories.category.name` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `subcategories.category.framework.name` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `actionParameters.userPoolType` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `actionParameters.userpoolID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `actionParameters.clientID` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. |
| 2024-03-04 | Enhancement:
- Mapped "actionParameters.selection.preferences", "actionParameters.input.patch.portalVisitHistory.dateTime", and "actionParameters.input.patch.portalVisitHistory.type" to "additional.fields" - Mapped "actionParameters.input.patch.portalVisitHistory.name", "actionParameters.input.patch.portalVisitHistory.resourceName", "actionParameters.input.patch.portalVisitHistory.resourceType", "actionParameters.input.patch.portalVisitHistory.ruleType", and "actionParameters.input.patch.portalVisitHistory.id" to "principal.resource.attribute.labels". |
| 2024-02-08 | Enhancement:
- Mapped "WIZ_IO" to "metadata.product_name" and "metadata.vendor_name". - Mapped "action" to "metadata.product_event_type". - Mapped "timestamp" to "metadata.event_timestamp". - Mapped "userAgent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped "sourceIP" to "principal.ip". - When action value is "Report", then mapped "serviceAccount.name" to "principal.application". - Mapped "user.id" to "target.user.id". - Mapped "user.name" to "target.user.user_display_name". - Mapped "userEmail" to "target.user.email_addresses". - Mapped "actionParameters.role" to "target.user.attribute.roles". - Mapped "actionParameters.groups" and "actionParameters.products" to "security_result.detection_fields". |
| 2023-12-15 | - Newly created parser.
|