Stay organized with collections
Save and categorize content based on your preferences.
Change log for CSV_CUSTOM_IOC
Date
Changes
2024-02-15
Enhancement:
- When "itype" is "md5" and "value" is sha256 format, then mapped "value" to "entity.entity.file.sha256".
- When "itype" is "md5" and "value" is sha1 format, then mapped "value" to "entity.entity.file.sha1".
2024-02-12
Enhancement:
- Added support for domain, URL, md5, file and email type logs.
- Mapped "email" to "entity.entity.user.email_addresses".
2024-02-02
Enhancement:
- Added support to new format logs.
- Mapped "srcip" to "entity.entity.ip" and "ioc.ip_and_ports.ip_address".
- Mapped "classification" to "threat.category_details".
- Mapped "confidence" to "threat.confidence_score".
- Mapped "resource_uri" to "threat.url_back_to_product".
- Mapped "country" to "entity.entity.location.country_or_region".
- Mapped "lat" to "entity.entity.location.region_latitude".
- Mapped "lon" to "entity.entity.location.region_longitude".
- Mapped "md5" to "entity.entity.file.md5".
- Mapped "domain" to "entity.entity.hostname".
- Mapped "date_first" to "threat.first_discovered_time".
- Mapped "date_last" to "threat.last_updated_time".
- Mapped "id" to "entity.metadata.product_entity_id".
- Mapped "detail2" to "threat.description".
- Mapped "detail" to "threat.summary".
- Mapped "asn", "import_session_id", "itype", "maltype", "media", "media_type", "org", "source", "source_feed_id", "state", "trusted_circle_ids" and "update_id" to "threat.detection_fields".
2023-09-11
- Added support for file type logs and mapped them as ENTITY data.
2022-05-20
Enhancement:
- Added support for storing ENTITY data.
- Added support for IOC domains, IPs, and URLs in Custom IOC (CSV).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["Recent updates enhance CSV_CUSTOM_IOC by mapping various data types, including md5, sha256, and sha1, to specific entity fields like \"entity.entity.file.sha256\", \"entity.entity.file.sha1\", and \"entity.entity.file.md5\"."],["The system now supports domain, URL, md5, file, and email type logs, with email addresses being mapped to \"entity.entity.user.email_addresses\"."],["New format logs are supported, mapping fields like \"srcip\", \"classification\", \"confidence\", and \"resource_uri\" to corresponding entity and threat fields, such as \"entity.entity.ip\", \"threat.category_details\", \"threat.confidence_score\", and \"threat.url_back_to_product\"."],["Support for file type logs has been added, mapping them as ENTITY data, in addition to existing support for IOC domains, IPs, and URLs within Custom IOC (CSV)."],["Fields from the logs like \"date_first\", \"date_last\", \"id\", \"detail2\" and \"detail\" are now being mapped to \"threat.first_discovered_time\", \"threat.last_updated_time\", \"entity.metadata.product_entity_id\", \"threat.description\" and \"threat.summary\"."]]],[]]
