Change log for FIREEYE_ETP
| Date | Changes |
|---|---|
| 2024-03-07 | Enhancement:
- Mapped "alert.attributes.alert.malware_md5" to "about.file.md5". |
| 2024-01-30 | Enhancement:
- Added support for new pattern of JSON logs. - Mapped "id", "alert.explanation.analysis","alert.explanation.malware_os_analysis","email.dod_report_id" and "email.status" to "security_result.detection_fields". - Mapped "alert.malware_md5" to "about.file.md5". - Mapped "alert.sha256" to "about.file.sha256". - Mapped "email.attachment" to "about.file.full_path". - When "email.attachment" is valid URL, then mapped it to "about.url". - Mapped "alert.severity" to "security_result.severity". - Mapped "email.smtp.mail_from" to "network.email.from". - Mapped "email.smtp.recipients" to "network.email.to". - Mapped "email.headers.subject" to "network.email.subject". - Mapped "email.source_ip" to "principal.ip" and "principal.asset_ip". - Mapped "alert.explanation.malware_detected.malware.threat_type" to "security_result.category". - Mapped "alert.explanation.malware_detected.malware.trace_iden" to "security_result.threat_id". - Mapped "alert.explanation.malware_detected.malware.name" to "security_result.threat_name". - Mapped "email.source_country" to "principal.location.country_or_region". - Mapped "alert.action" to "security_result.action". |