Change log for ESET_EDR
Date | Changes |
---|---|
2024-04-08 | Enhancement:
- Mapped "Detectiontype" to "security_result.category_details". - Mapped "Time_of_occurrence" to "additional.fields". |
2024-03-12 | Enhancement:
- Added Grok patterns to parse new log. - Mapped "Detectiontype" to "security_result.category_details". - Mapped "Detection_name" to "security_result.threat_name". - Mapped "Scanner" to "security_result.description". - Mapped "Action_performed" to "security_result.action_details". - Mapped "Computer_name" to "principal.hostname". - Mapped "Computer_name" to "principal.asset.hostname". - Mapped "Logged_user" to "principal.user.userid". - Mapped "app" to "principal.application". - Mapped "process_id" to "principal.process.pid". |
2022-05-10 | Added and modified multiple fields to increase log parsing percentage:
userid, file.full_path, processName, threat_name, action_details, port, process.pid, event_type, hostname, ip, accountName. |