Change log for OFFICE_365_MESSAGETRACE
| Date | Changes |
|---|---|
| 2024-06-07 | Enhancement:
- When the timestamps are in dd/MMM/yyyy HH:mm:ss format, then added support to parse "Received" to "metadata.event_timestamp". - Mapped "ToIP" to "target.ip". |
| 2024-05-28 | Enhancement:
- Mapped "properties.SenderMailFromDomain", "properties.UserLevelAction", and "properties.UserLevelPolicy" to "principal.user.attribute.labels". - Mapped "properties.SenderFromDomain" to "principal.administrative_domain". - Mapped "properties.EmailDirection" to "network.direction". - Mapped "properties.DeliveryAction", "properties.DeliveryLocation", "properties.Connectors", "properties.OrgLevelAction", "properties.OrgLevelPolicy", "properties.AdditionalFields", and "properties.UrlLocation" to "additional.fields". - Mapped "properties.Subject" to "network.email.subject". - Mapped "properties.ConfidenceLevel" to "additional.fields". - Mapped "properties.Url" to "target.url". - Mapped "properties.UrlDomain" to "target.hostname" and "target.asset.hostname". - Mapped "properties.AuthenticationDetails" to "extensions.auth.auth_details". |
| 2024-04-18 | Enhancement:
- Mapped "time" to "metadata.event_timestamp". - Mapped "tenantId" to "metadata.product_deployment_id". - Mapped "operationName", "Tenant" to "additional.fields". - Mapped "category" to "metadata.product_event_type". - Mapped "properties.SenderFromAddress" to "principal.user.email_addresses" and "network.email.from". - Mapped "properties.RecipientEmailAddress" to "network.email.to" and "target.user.email_addresses". - Mapped "properties.FileName" to "principal.process.file.names". - Mapped "properties.SHA256" to "principal.process.file.sha256". - Mapped "properties.FileSize" to "principal.process.file.size". - Mapped "properties.RecipientObjectId" to "target.user.product_object_id". - Mapped "properties.SenderObjectId" to "principal.user.product_object_id". - Mapped "properties.SenderDisplayName" to "principal.user.user_display_name". - Mapped "properties.ThreatNames" to "security_result.threat_name". - Mapped "properties.DetectionMethods" to "security_result.detection_fields". |
| 2023-05-10 | Newly created parser.
|