Skip to content

CIM field change report

Learn about the CIM field changes between the latest version of the Splunk Add-on for Google Cloud Platform and version 3.1.1.

Summary of changes

  • Sourcetypes with changes: 7
  • Total deleted fields: 9
  • Total modified fields: 10
  • Total new fields: 191

Detailed changes

google:gcp:buckets:accesslogs

Field Deleted Modified New Is CIM
app
category
http_referrer_domain
response_time
tag
tag::eventtype
url_domain
url_length
vendor_product

google:gcp:compute:vpc_flows

Field Deleted Modified New Is CIM
action
bytes_in
bytes_out
dest
dest_zone
duration
dvc
dvc_ip
dvc_zone
packets_in
packets_out
protocol
protocol_version
src
src_vendor_account
src_zone
vendor_account
vendor_product

google:gcp:pubsub:audit:admin_activity

Field Deleted Modified New Is CIM
action
change_type
command
dest
dest_ip_range
dest_port_range
dest_user
direction
dvc
eventtype
image_id
instance_type
network
object
object_attrs
object_category
object_id
object_path
protoPayload.request.policy.bindings{}.members{}
protoPayload.request.policy.bindings{}.role
protoPayload.request.policy.etag
protoPayload.request.resource
protoPayload.requestMetadata.callerIp
protoPayload.requestMetadata.callerSuppliedUserAgent
protoPayload.resourceName
protoPayload.response.@type
protoPayload.response.auditConfigs{}.auditLogConfigs{}.logType
protoPayload.response.auditConfigs{}.service
protoPayload.response.bindings{}.members{}
protoPayload.response.bindings{}.role
protoPayload.response.etag
protoPayload.serviceData.@type
protoPayload.serviceData.policyDelta.bindingDeltas{}.action
protoPayload.serviceData.policyDelta.bindingDeltas{}.member
protoPayload.serviceData.policyDelta.bindingDeltas{}.role
protoPayload.serviceName
protocol
receiveTimestamp
resource.labels.project_id
resource.type
resource_type
result
result_id
rule_action
severity
src
src_ip
src_ip_range
src_user
src_user_name
status
tag
tag::eventtype
timestamp
updated_user
updated_value
user
user_agent
user_id
user_name
user_type
vendor_account
vendor_product
vendor_region

google:gcp:pubsub:audit:data_access

Field Deleted Modified New Is CIM
action
app
authentication_service
change_type
command
dest
dest_ip_range
dest_port_range
dest_user
direction
dvc
eventtype
image_id
instance_type
network
object
object_attrs
object_category
object_id
object_path
protocol
reason
resource_type
result
result_id
rule_action
signature
src
src_ip
src_ip_range
src_user
src_user_name
status
tag
tag::eventtype
updated_user
updated_value
user
user_agent
user_id
user_name
user_type
vendor_account
vendor_product
vendor_region

google:gcp:pubsub:audit:system_event

Field Deleted Modified New Is CIM
action
change_type
command
dest
dest_ip_range
dest_port_range
dest_user
direction
dvc
eventtype
image_id
instance_type
network
object
object_attrs
object_category
object_id
object_path
protocol
resource_type
result
result_id
rule_action
src
src_ip
src_ip_range
src_user
src_user_name
status
tag
tag::eventtype
updated_user
updated_value
user
user_agent
user_id
user_name
user_type
vendor_account
vendor_product
vendor_region

google:gcp:security:alerts

Field Deleted Modified New Is CIM
a_project_id
app
body
description
dest
dest_type
eventtype
id
severity
signature
signature_id
src_type
subject
tag
tag::eventtype
type
vendor_account

google:gsuite:pubsub:audit:auth

Field Deleted Modified New Is CIM
action
authentication_method
dest
dusi
is_second_factor
is_suspicious
login_challenge
login_challenge_method
login_challenge_status
login_verification
params
params_list
user_type
vendor_account