Change log for DIGITALGUARDIAN_EDR
| Date | Changes |
|---|---|
| 2022-12-07 | Enhancement
- Mapped "Source_File" to "src.file.names". - Mapped "Source_File_Extension" to "src.file.mime_type". - Mapped "Destination_File" to "target.file.names". - Mapped "Destination_File_Extension" to "target.file.mime_type". - Mapped "Source_Drive_Type" to "security_result.detection_fields". - Mapped "Destination_Drive_Type" to "security_result.detection_fields". - Mapped "Application" to "target.application". - Mapped "Was_Removable" to "security_result.detection_fields". - Mapped "Was_Source_Removable" to "security_result.detection_fields". - Mapped "Severity" to "security_result.severity". - Added conditional null checks for the following udm fields: "metadata.product_version", "principal.user.userid", "principal.administrative_domain", "principal.hostname", "target.hostname", "target.url", "security_result.rule_name". |
| 2022-06-28 | Enhancement
- Mapped "Product_Version" to "metadata.product_version". - Mapped "Process_SHA256_Hash" to "target.process.file.sha256". - Mapped "MD5_Checksum" to "target.process.file.md5". - Mapped "File_Extension" to "additional.fields". - Mapped "Protocol" to "network.ip_protocol". - Mapped "Command_Line1" to "principal.process.command_line". - Mapped "Network_Direction" to "network.direction". - Mapped "Local_Port" to "principal.port". - Mapped "Remote_Port" to "target.port". - Mapped "IP_Address" to "principal.ip". - Mapped "Dll_SHA1_Hash" to "target.process.file.sha1". - Dropped the logs having invalid GROK format or due to kv parsing failure. |
| 2022-06-28 | Enhancement
- Mapped "Product_Version" to "metadata.product_version". - Mapped "Process_SHA256_Hash" to "target.process.file.sha256". - Mapped "MD5_Checksum" to "target.process.file.md5". - Mapped "File_Extension" to "additional.fields". - Mapped "Protocol" to "network.ip_protocol". - Mapped "Command_Line1" to "principal.process.command_line". - Mapped "Network_Direction" to "network.direction". - Mapped "Local_Port" to "principal.port". - Mapped "Remote_Port" to "target.port". - Mapped "IP_Address" to "principal.ip". - Mapped "Dll_SHA1_Hash" to "target.process.file.sha1". - Dropped the logs having invalid GROK format or due to kv parsing failure. |