Stay organized with collections Save and categorize content based on your preferences.

Change log for CS_DETECTS

Date Changes
2022-09-29 Enhancement -
- Mapped "metadata.product_name" to "Falcon".
- Mapped "metadata.vendor_name" to "Crowdstrike".
- Mapped "security_result.alert_state" to "ALERTING".
2022-09-21 Enhancement -
- Changed "metadata.event_type" from PROCESS_UNCATEGORIZED to SCAN_UNCATEGORIZED where technique is Indicator of Compromise.
- Added sha256 format regex check for "behavior.sha256" and "behavior.parent_details.parent_sha256" prior mapping them to udm.
2022-08-25 Bug:
- Added md5 format regex check for "behavior.md5" and "behavior.parent_details.parent_md5" prior mapping them to udm.
- Dropped the logs that are malformed and has no valid data.
2022-08-16 Enhancement -
- Modified mapping of cid from metadata.product_log_id to metadata.product_deployment_id.
- Mapped detection_id to metadata.product_log_id.
- Mapped created_timestamp to metadata.event_timestamp.
2022-08-09 Newly created parser.