Change log for ESET_AV
| Date | Changes |
|---|---|
| 2024-06-25 | Enhancement:
- Mapped "object_uri" to "target.url". - Mapped "severity" to "security_result.severity_details" - Mapped "threat_flags" to "security_result.detection_fields". - Mapped "category" to "security_result.category_details". - Mapped "object_type" and "engine_version" to "principal.resource.attribute.labels" - If value of the field "detail" is null, then mapped "circumstances" to "security_result.description". - If value of the field "action_taken" is similar to "Block", then mapped "security_result_action" to "BLOCK". - If value of the field "action_taken" is similar to "Start" or "Allow", then mapped "security_result_action" to "ALLOW". - If the value of "not_json" is true, then added a Grok pattern over "json_data" to extract "category", "hostname", and "group_name". |
| 2024-05-31 | Enhancement:
- Mapped "action_taken" to "security_result.action_details". - Mapped "threat_type" to "security_result.threat_id". - Mapped "scan_id", "scanner_id", and "threat_handled" to "security_result.detection_fields". - Mapped "need_restart" to "additional.fields". |
| 2024-05-21 | Enhancement:
- Changed the case of the value of the field "hash" to lowercase, and then mapped "hash" to "principal.file.sha1". |
| 2024-03-14 | Enhancement:
- Mapped "username" to "principal.user.userid". - Mapped "group_name" to "principal.group_display_name". - Mapped "hash" to "principal.resource.attribute.labels". - Mapped "eiconsolelink" to "principal.url". - Mapped "os_name" to "principal.platform_version". - Mapped "processname" to "principal.process.file.full_path". - Mapped "rulename" to "security_result.rule_name". - Mapped "result" to "security_result.summary". - Mapped "eialarmid" to "security_result.detection_fields". - Mapped "severity_score" to "security_result.detection_fields". - Mapped "computer_severity_score" to "security_result.detection_fields". |
| 2023-01-10 | Newly created parser.
|