Change log for CSV_CUSTOM_IOC
| Date | Changes |
|---|---|
| 2024-02-15 | Enhancement:
- When "itype" is "md5" and "value" is sha256 format, then mapped "value" to "entity.entity.file.sha256". - When "itype" is "md5" and "value" is sha1 format, then mapped "value" to "entity.entity.file.sha1". |
| 2024-02-12 | Enhancement:
- Added support for domain, URL, md5, file and email type logs. - Mapped "email" to "entity.entity.user.email_addresses". |
| 2024-02-02 | Enhancement:
- Added support to new format logs. - Mapped "srcip" to "entity.entity.ip" and "ioc.ip_and_ports.ip_address". - Mapped "classification" to "threat.category_details". - Mapped "confidence" to "threat.confidence_score". - Mapped "resource_uri" to "threat.url_back_to_product". - Mapped "country" to "entity.entity.location.country_or_region". - Mapped "lat" to "entity.entity.location.region_latitude". - Mapped "lon" to "entity.entity.location.region_longitude". - Mapped "md5" to "entity.entity.file.md5". - Mapped "domain" to "entity.entity.hostname". - Mapped "date_first" to "threat.first_discovered_time". - Mapped "date_last" to "threat.last_updated_time". - Mapped "id" to "entity.metadata.product_entity_id". - Mapped "detail2" to "threat.description". - Mapped "detail" to "threat.summary". - Mapped "asn", "import_session_id", "itype", "maltype", "media", "media_type", "org", "source", "source_feed_id", "state", "trusted_circle_ids" and "update_id" to "threat.detection_fields". |
| 2023-09-11 | - Added support for file type logs and mapped them as ENTITY data.
|
| 2022-05-20 | Enhancement:
- Added support for storing ENTITY data. - Added support for IOC domains, IPs, and URLs in Custom IOC (CSV). |