Change log for MICROSOFT_DEFENDER_IDENTITY
Date | Changes |
---|---|
2022-07-27 | Enhancement
-Mapped "metadata.event_type" to "REGISTRY_MODIFICATION" where "properties.ActionType" is not null. -Mapped "metadata.event_type" to "REGISTRY_DELETION" where "properties.ActionType" is "RegistryValueDeleted". -Mapped "metadata.event_type" to "REGISTRY_CREATION" where "properties.ActionType" is "RegistryValueCreated". -Mapped "properties.InitiatingProcessFolderPath" to "process.file.full_path". -Mapped "about.labels" to "properties.InitiatingProcessIntegrityLevel". -Mapped "properties.DeviceId" to "principal.asset_id". -Mapped "properties.InitiatingProcessTokenElevation" to "about.labels". -Mapped "properties.InitiatingProcessParentFileName" to "principal.process.parent_process.file.full_path". -Mapped "properties.InitiatingProcessMD5" to "principal.process.file.md5". -Mapped "properties.InitiatingProcessSHA256" to "principal.process.file.sha256". -Mapped "properties.InitiatingProcessSHA1" to "principal.process.file.sha1". -Mapped "properties.InitiatingProcessId" to "principal.process.pid". -Mapped "properties.InitiatingProcessCommandLine" to "principal.process.command_line". -Mapped "properties.InitiatingProcessAccountSid" to "principal.user.windows_sid". -Mapped "properties.InitiatingProcessAccountDomain" to "principal.administrative_domain". -Mapped "properties.RegistryKey" to "target.registry.registry_key". -Mapped "properties.RegistryValueName" to "target.registry.registry_value_name". -Mapped "properties.RegistryValueData" to "target.registry.registry_value_data". -Mapped "properties.PreviousRegistryKey" to "src.registry.registry_key". -Mapped "properties.PreviousRegistryValueName" to "src.registry.registry_value_name". -Mapped "properties.PreviousRegistryValueData" to "src.registry.registry_value_data". |
2022-04-22 | Newly created parser
|