Change log for MANDIANT_CUSTOM_IOC
| Date | Changes |
|---|---|
| 2023-12-19 | - Mapped "threat.threat_feed_name" to "Mandiant".
|
| 2023-12-07 | - Mapped "first_seen" to "metadata.interval.start_time".
- When "type" is "fqdn/ipv4/url", then mapped "custom_ioc_expire_date" to "metadata.interval.end_time". - Mapped "threat_rating.threat_score" to "entity.entity.labels". - Mapped "threat_rating.severity_level" to "threat.severity". - Mapped "threat_rating.confidence_level" to "threat.confidence". - Mapped "verdict_simple.timestamp" to "verdict_info.verdict_time". - When "verdict_simple.verdict" is "malicious", then set "verdict_info.verdict_response" to "MALICIOUS". - Mapped "verdict_info.verdict_type" based on "verdict_simple.verdict_source". - Mapped "category" to "threat.category_details". - Mapped "threat_rating.confidence_score" to "threat.confidence_details". - Mapped "threat_rating.threat_score" to "threat.risk_score". |
| 2023-11-17 | Newly created parser. |