Change log for MEDIGATE_IOT

Date	Changes
2022-07-08	Enhancement- -Mapped "events.timestamp" to "metadata.event_timestamp". -Mapped "events.description" to "metadata.description". -Mapped "events_extra_info.domain" to "principal.administrative_domain". -Mapped "events_extra_info.malicious_ip_info.source" to "security_result.about.labels". -Mapped "events_extra_info.malicious_ip_info.threat_type" to "security_result.threat_name". -Mapped "events_extra_info.malicious_ip_info.malicious_ip" to "intermediary.ip". -Mapped "events_extra_info.malicious_ip_info.severity" to "security_result.severity". -Mapped "events_extra_info.geo_location" to "target.location.country_or_region". -Mapped "events_extra_info.client_id" and "affected_device.site_name" to "additional_fields". -Mapped "comm_tuple.src_port" to "principal.port". -Mapped "comm_tuple.dst_port" to "target.port". -Mapped "comm_tuple.src_ip" to "principal.ip". -Mapped "comm_tuple.dst_ip" to "target.ip". -Mapped "comm_tuple.src_mac" to "principal.mac". -Mapped "comm_tuple.dst_mac" to "target.mac". -Mapped "affected_device.asset_id" to "principal.asset.asset_id". -Mapped "affected_device.device_category" to "principal.resource.resource_subtype". -Mapped "affected_device.device_type" to "principal.resource.name". -Mapped "events.type" to "metadata.product_event_type". -Mapped "affected_device.manufacturer" to "hardware.manufacturer". -Mapped "affected_device.model" to "hardware.model". -Mapped "version" to "network.tls.version". -Mapped "proto" to "tls.version_protocol". -Mapped "metadata.event_type" to "NETWORK_HTTP" where "comm_tuple.protocol" is "HTTP". -Mapped "metadata.event_type" to "NETWORK_FTP" where "comm_tuple.protocol" is "FTP". -Mapped "security_category" to "NETWORK_MALICIOUS" where "events.type" is "Malicious Internet Communication". -Mapped "metadata.event_type" to "USER_LOGIN", "events_extra_info.username" to "target.user.userid"and "extensions.auth.type" to "AUTHTYPE_UNSPECIFIED" where "events.type" is "Weak/Default Password". -Mapped "events_extra_info.username" to "principal.user.userid". -Mapped "events_extra_info.certificate_info.ST" to "principal.location.state". -Mapped "events_extra_info.certificate_info.CN" to "principal.hostname". -Mapped "events_extra_info.certificate_info.C" to "principal.location.country_or_region". -Mapped "events_extra_info.certificate_info.L" to "principal.location.city".

Date

Changes

2022-07-08

Enhancement-
-Mapped "events.timestamp" to "metadata.event_timestamp".
-Mapped "events.description" to "metadata.description".
-Mapped "events_extra_info.domain" to "principal.administrative_domain".
-Mapped "events_extra_info.malicious_ip_info.source" to "security_result.about.labels".
-Mapped "events_extra_info.malicious_ip_info.threat_type" to "security_result.threat_name".
-Mapped "events_extra_info.malicious_ip_info.malicious_ip" to "intermediary.ip".
-Mapped "events_extra_info.malicious_ip_info.severity" to "security_result.severity".
-Mapped "events_extra_info.geo_location" to "target.location.country_or_region".
-Mapped "events_extra_info.client_id" and "affected_device.site_name" to "additional_fields".
-Mapped "comm_tuple.src_port" to "principal.port".
-Mapped "comm_tuple.dst_port" to "target.port".
-Mapped "comm_tuple.src_ip" to "principal.ip".
-Mapped "comm_tuple.dst_ip" to "target.ip".
-Mapped "comm_tuple.src_mac" to "principal.mac".
-Mapped "comm_tuple.dst_mac" to "target.mac".
-Mapped "affected_device.asset_id" to "principal.asset.asset_id".
-Mapped "affected_device.device_category" to "principal.resource.resource_subtype".
-Mapped "affected_device.device_type" to "principal.resource.name".
-Mapped "events.type" to "metadata.product_event_type".
-Mapped "affected_device.manufacturer" to "hardware.manufacturer".
-Mapped "affected_device.model" to "hardware.model".
-Mapped "version" to "network.tls.version".
-Mapped "proto" to "tls.version_protocol".
-Mapped "metadata.event_type" to "NETWORK_HTTP" where "comm_tuple.protocol" is "HTTP".
-Mapped "metadata.event_type" to "NETWORK_FTP" where "comm_tuple.protocol" is "FTP".
-Mapped "security_category" to "NETWORK_MALICIOUS" where "events.type" is "Malicious Internet Communication".
-Mapped "metadata.event_type" to "USER_LOGIN", "events_extra_info.username" to "target.user.userid"and "extensions.auth.type" to "AUTHTYPE_UNSPECIFIED" where "events.type" is "Weak/Default Password".
-Mapped "events_extra_info.username" to "principal.user.userid".
-Mapped "events_extra_info.certificate_info.ST" to "principal.location.state".
-Mapped "events_extra_info.certificate_info.CN" to "principal.hostname".
-Mapped "events_extra_info.certificate_info.C" to "principal.location.country_or_region".
-Mapped "events_extra_info.certificate_info.L" to "principal.location.city".