Change log for FIREEYE_NX

Date	Changes
2022-05-18	Enhancement - The newly ingested logs have been parsed and mapped to the following fields: '_source.alert.attack-time' mapped to 'metadata.ingested_timestamp'. '_source.srcport' mapped to 'principal.port'. '_source.srcipv4' mapped to 'principal.ip'. '_source.mac' mapped to 'principal.mac'. '_source.dstport' mapped to 'target.port'. '_source.dstipv4' mapped to 'target.ip'. '_source.dstmac' mapped to 'target.mac'. '_source.alerturl' mapped to 'metadata.url_back_to_product'. '_source.alert_product' mapped to 'metadata.product_name'. '_source.alert_version' mapped to 'metadata.product_version'. '_source.eventlog' mapped to 'metadata.product_name'. '_source.virus' mapped to 'security_result.threatname'. '_source.url' mapped to 'target.url'. '_source.severity' mapped to 'security_result.severity'. '__source.detect_rulematches' mapped to 'security_result.rule_id'. '_source.alert_deviceid' mapped to 'principal.asset.asset_id'. '_source.deviceid' mapped to 'asset.asset_id'. '_source.devicename' mapped to 'target.asset.attribute.labels'. '_source.domain' mapped to 'target.hostname'. 'entry.data.alert.mitre-mapping.code.id' mapped to 'security_result.rule_id'. 'entry.data.alert.mitre-mapping.code.name' mapped to 'security_result.rule_name'. 'entry.data.alert.dst.smtp-to' mapped to 'network.email.to'. 'entry.data.alert.severity' mapped to 'security_result.severity'. '_source.action' mapped to 'security_result.action'.

Date

Changes

2022-05-18

Enhancement - The newly ingested logs have been parsed and mapped to the following fields:
'_source.alert.attack-time' mapped to 'metadata.ingested_timestamp'.
'_source.srcport' mapped to 'principal.port'.
'_source.srcipv4' mapped to 'principal.ip'.
'_source.mac' mapped to 'principal.mac'.
'_source.dstport' mapped to 'target.port'.
'_source.dstipv4' mapped to 'target.ip'.
'_source.dstmac' mapped to 'target.mac'.
'_source.alerturl' mapped to 'metadata.url_back_to_product'.
'_source.alert_product' mapped to 'metadata.product_name'.
'_source.alert_version' mapped to 'metadata.product_version'.
'_source.eventlog' mapped to 'metadata.product_name'.
'_source.virus' mapped to 'security_result.threatname'.
'_source.url' mapped to 'target.url'.
'_source.severity' mapped to 'security_result.severity'.
'__source.detect_rulematches' mapped to 'security_result.rule_id'.
'_source.alert_deviceid' mapped to 'principal.asset.asset_id'.
'_source.deviceid' mapped to 'asset.asset_id'.
'_source.devicename' mapped to 'target.asset.attribute.labels'.
'_source.domain' mapped to 'target.hostname'.
'entry.data.alert.mitre-mapping.code.id' mapped to 'security_result.rule_id'.
'entry.data.alert.mitre-mapping.code.name' mapped to 'security_result.rule_name'.
'entry.data.alert.dst.smtp-to' mapped to 'network.email.to'.
'entry.data.alert.severity' mapped to 'security_result.severity'.
'_source.action' mapped to 'security_result.action'.