Change log for KASPERSKY_AV
| Date | Changes |
|---|---|
| 2023-10-13 | Enhancement:
- Mapped "Hachage SHA256", "p1" to "target.process.file.sha256". - Mapped "Hachage MD5", "md5" to "target.process.file.md5". - Mapped "intermediary" to "event.idm.read_only_udm.intermediary". |
| 2022-10-14 | Added gsub to bypass unwanted special characters. |
| 2022-05-17 | Added mappings for the following fields - Nom (name of the process/application) (Name) mapped to target.file.full_path (extension). - Chemin de l'application (Application path) mapped to target.file.full_path. - Type d'événement (Event type) mapped to metadata.product_event_type. - ID du processus (Process id) mapped to target.process.pid. - Description du résultat (Result description) mapped to metadata.description. - Erreur (Error) mapped to security_result.summary. |
| 2022-03-29 | Added mappings for the following missing fields "Result description" to "security_result.description". "Type" to "security_result.threat_name". "MD5" to "process.file.md5". "SHA256" to "process.file.sha256". "p2" to "target.process.file.full_path". "p5" to "security_result.rule_name". "p7" to "principal.user.user_display_name". "Reason" to "security_result.summary". |