Stay organized with collections Save and categorize content based on your preferences.

Change log for FIREEYE_NX

Date Changes
2022-05-18 Enhancement - The newly ingested logs have been parsed and mapped to the following fields:
'_source.alert.attack-time' mapped to 'metadata.ingested_timestamp'.
'_source.srcport' mapped to 'principal.port'.
'_source.srcipv4' mapped to 'principal.ip'.
'_source.mac' mapped to 'principal.mac'.
'_source.dstport' mapped to 'target.port'.
'_source.dstipv4' mapped to 'target.ip'.
'_source.dstmac' mapped to 'target.mac'.
'_source.alerturl' mapped to 'metadata.url_back_to_product'.
'_source.alert_product' mapped to 'metadata.product_name'.
'_source.alert_version' mapped to 'metadata.product_version'.
'_source.eventlog' mapped to 'metadata.product_name'.
'_source.virus' mapped to 'security_result.threatname'.
'_source.url' mapped to 'target.url'.
'_source.severity' mapped to 'security_result.severity'.
'__source.detect_rulematches' mapped to 'security_result.rule_id'.
'_source.alert_deviceid' mapped to 'principal.asset.asset_id'.
'_source.deviceid' mapped to 'asset.asset_id'.
'_source.devicename' mapped to 'target.asset.attribute.labels'.
'_source.domain' mapped to 'target.hostname'.
'entry.data.alert.mitre-mapping.code.id' mapped to 'security_result.rule_id'.
'entry.data.alert.mitre-mapping.code.name' mapped to 'security_result.rule_name'.
'entry.data.alert.dst.smtp-to' mapped to 'network.email.to'.
'entry.data.alert.severity' mapped to 'security_result.severity'.
'_source.action' mapped to 'security_result.action'.