Change log for BITDEFENDER
| Date | Changes |
|---|---|
| 2023-05-02 | Enhancement:
- Parsed logs ingested in CEF format. |
| 2022-09-28 | Enhancement:
- Mapped "security_result.action" to "BLOCK" when "status" is "portscan_blocked" or "uc_site_blocked". - Mapped "security_result.action" to "BLOCK" when "main_action" is "blocked". - Mapped "security_result.action" to "BLOCK" when "actionTaken" is "block". - Mapped "security_result.action" to "BLOCK" when "final_status" is "blocked" or "deleted". - Mapped "security_result.action" to "ALLOW" when "final_status" is "ignored" or "still present". - Mapped "security_result.action" to "ALLOW" when "main_action" is "no action". - Mapped "security_result.action" to "QUARANTINE" when "final_status" is "quarantined". - Mapped "security_result.action" to "ALLOW_WITH_MODIFICATION" when "final_status" is "disinfected" or "restored". |
| 2022-08-17 | Enhancement
- Modified mapping for "source_ip" from "principal.ip" to "srcc.ip". - Set "event_type" to "SCAN_NETWORK" when "module" is equal to "network-monitor" or "fw". - Mapped "user.userSid" to "principal.user.windows_sid". - Mapped "user.userName" to "target.user.user_display_name". - Mapped "protocol_id" to "network.ip_protocol". - Set "security_result.action" to "BLOCK" when "status" is equal to "portscan_blocked" or "uc_site_blocked". - Mapped "local_port" to "principal.port". - Mapped "actionTaken" to "security_result.action". - Mapped "detection_attackTechnique" to "security_result.detection_fields". |
| 2022-08-13 | Bug-fix - Modified mapping for the field 'computer_name' from 'principal.asset.hostname' to 'event.idm.read_only_udm.principal.resource.attribute.labels'.
|
| 2022-08-11 | Bug fix-
- Modified conditional checks for the field 'main_action' mapped to 'security_result.action'. - Mapped 'STATUS_UPDATE' to 'metadata.event_type' for the logs having 'task-status' module. |
| 2022-04-14 | Enhancement-Added mappings for computer_name, computer_id, uc_type, block_type,status,product_installed.
|
| 2022-03-30 | Bug fix-Corrected the timestamp error and mapped the fields user.id, user.name, companyId, computer_name, computer_fqdn, computer_ip, computer_id, url and categories.
|