Change log for CS_EDR
| Date | Changes |
|---|---|
| 2022-05-20 | Enhancement:
- Mapped "LinkName" to "target.resource.attribute.labels". - Switched possible "GENERIC_EVENTS" occurrences to "STATUS_UPDATE". - Added Backslash between the process and its parent root directory. - Parsed platform if the "event_platform" is iOS. - Changed resource.type to resource_type. |
| 2022-05-12 | Enhancement - resourceName mapped to target.resource.name
resourceId mapped to target.resource.product_object_id Namespace mapped to target.namespace Category mapped to security_result.category_details description mapped to security_result.description sourceAgent mapped to network.http.user_agent Severity mapped to security_result.severity resourceKind mapped to target.resource.type detectionName mapped to target.resource.name clusterName mapped to target.resource.attribute.labels clusterId mapped to target.resource.attribute.labels detectionId mapped to target.resource.attribute.labels Type mapped to additional.fields Remediation to additional.fields Benchmarks to additional.fields badResources to additional.fields |
| 2022-04-27 | Bug - Fix: 1. Changed udm event_type from GENERIC_EVENT to USER_LOGIN for logs with ExternalApiType = Event_AuthActivityAuditEvent.
2. Changed mappings for target_user,actor_user, actor_user_uuid from additional.fields to target.user.email_addresses, target.user.user_display_name, target.user.userid respectively. |
| 2022-04-25 | Enhancement - Mapped "RemoteAddressIP4" to principal.ip.
|
| 2022-04-14 | Bug - Added Support for ScriptContent field for all type of logs
|
| 2022-04-13 | Enhancement-Added mappings for new fields
Added new event mappings - AuthenticationPackage mapped to target.resource.name |
| 2022-04-04 | Bug - Mapped "OriginatingURL" to principal.url for NetworkConnect events.
|