Change log for COFENSE_TRIAGE

Date	Changes
2024-03-04	Enhancement: - Mapped "event_data" to "metadata.description". - Mapped "cat" to "security_result.description". - Mapped "severity" to "security_result.rule_id". - Mapped "msg", "rule_id", "start", and "rt" to "additional.fields". - If "severity" is equal to "8, "10", "11", "12", "13", or "14", then "security_result.alert_state" is set to "ALERTING" else set it to "NOT_ALERTING".
2023-04-19	Enhancement: - Added Grok pattern to handle new logs. - Mapped "ProcessID" to "principal.process.pid". - Mapped "host" to "principal.hostname". - Mapped "descrip" to "metadata.description". - Mapped "user_id" to "principal.user.userid". - Added conditional check for "rule_id", "sec_result", "ipaddress", "security_action".

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-04-24 UTC.