Stay organized with collections Save and categorize content based on your preferences.

Change log for DARKTRACE

Date Changes
2022-10-31 Enhancement:
- Mapped the field 'time' to 'metadata.event_timestamp'.
- Mapped the field 'model.description' to 'metadata.description'.
- Mapped the field 'model.name' to 'principal.user.user_display_name'.
- Mapped the field 'model.pid' to 'principal.process.pid'.
- Mapped the field 'device.did' to 'principal.asset.asset_id'.
- Mapped the field 'device.objecttype' to 'principal.asset.type'.
- Mapped the field 'device.ips' to 'principal.ip'.
- Mapped the field 'device.firstSeen' to 'principal.asset.first_seen_time'.
- Mapped the field 'device.lastSeen' to 'principal.asset.last_discover_time'.
- Mapped the fields 'device.sid', 'device.typename' and 'device.typelabel' to 'principal.resource.attribute.labels'.
- Mapped the field 'model.tags' and 'model.logic.data' to 'additional.fields'.
- Mapped the field 'breachUrl' to 'security_result.url_back_to_product'.
- Mapped the field 'mitreTechniques' to 'security_result.detection_fields'.
- Added conditional checks for 'details.0.0.contents.2.values.0' mapped to 'principal.port'.
- Dropped the logs having incorrect json format.
2022-10-13 Added grok to parse new json type logs.
Mapped 'category' to 'security_result.severity'.
Mapped 'title' to 'security_result.summary'.
Mapped 'details.0.0.contents.1.values.0.hostname' to 'principal.hostname'.
Mapped 'details.0.0.contents.1.values.0.ip' to 'principal.ip'.
Mapped 'details.0.0.contents.2.values.0' to 'principal.port'.
Mapped 'details.0.0.contents.4.values.0' to 'principal.location.country_or_region'.
Mapped 'details.0.1.contents.0.values.0.hostname' to 'target.hostname'.
Mapped 'details.0.1.contents.0.values.0.ip' to 'target.ip'.
Mapped 'incidentEventUrl' to 'principal.url'.
Mapped 'summary' to 'metadata.description'.
Mapped 'model.uuid' to 'principal.user.userid'.
Mapped 'relatedBreaches.0.modelName' to 'security_result.description'.
2022-04-22 Added support for issue code being non-numeric in CEF message