Change log for CYBEREASON_EDR
Date | Changes |
---|---|
2024-11-29 | Enhancement:
- Added support to parse logs when the LogType is "Malware" and "Malop". |
2024-01-25 | Enhancement:
- Mapped "cs3Label", "cs4Label", "cs5Label", "deviceCustomDate1Label", "deviceCustomDate2Label" and "deviceCustomDate3Label" to "security_result.detection_fields". - Aligned "principal.hostname", "target.hostname", "principal.asset.hostname", and "target.asset.hostname" mappings. - Aligned "principal.ip", "target.ip", "principal.asset.ip", and "target.asset.ip" mappings. |
2023-02-23 | Enhancement
- Mapped "malop_data.elementValues.affectedUsers.elementValues.0.guid" to "principal.user.userid". - Mapped "malop_data.elementValues.affectedUsers.elementValues.0.name" to "principal.user.user_display_name". - Mapped "malop_data.elementValues.affectedMachines.elementValues.0.guid" to "principal.asset.asset_id". - Mapped "malop_data.elementValues.affectedMachines.elementValues.0.name" to "principal.hostname". - Mapped "malop_data.simpleValues.malopActivityTypes.values.0", "malop_data.isMalicious" to "security_result.detection_fields". - Mapped "security_result.alert_state" to "ALERTING" if "is_alert" is "true". |
2023-02-06 | Enhancement
- Parsed logs ingested in CEF format. |