Change log for PROOFPOINT_ON_DEMAND
Date | Changes |
---|---|
2024-11-28 | Enhancement:
- Mapped "msgParts.metadata.company" and "msgParts.metadata.author" to "security_result.detection_fields". - Removed duplicate mapping of "email.subject". - Changed mapping of "filter.modules.dmarc.authResults.*" fields from "additional.fields" to "security_result.detection_fields". |
2024-08-28 | Enhancement:
- Changed "security_result.detection_fields" key from "filterQid" to "qid". |
2024-08-21 | Enhancement:
- Mapped "metadata.origin.data.cid" to "additional.fields". |
2024-07-22 | Enhancement:
- If "about.file.size" is a valid Unsigned Integer, then mapped "msgPart.detectedSizeBytes" to "about.file.size". - Added support for new pattern of SYSLOG logs. |
2024-07-09 | Enhancement:
- Mapped "msg.header.x-mailer" to "additional.fields". |
2024-07-09 | Enhancement:
- Mapped "msg.header.x-mailer" to "additional.fields". |
2023-11-13 | Enhancement:
- Mapped "subject" to "network.email.subject". - Mapped "messageID" to "network.email.mail_id". - Mapped "fromAddress" to "network.email.from". - Mapped "ccAddresses" to "network.email.cc". - Mapped "replyToAddress" to "network.email.reply_to". - Mapped "toAddresses" to "network.email.to". - Mapped "sender" to "principal.user.email_addresses". - Mapped "senderIP" to "principal.ip". - Mapped "recipient" to "target.user.email_addresses". - Mapped "spamScore", "phishScore", "threatsInfoMap", "impostorScore", "malwareScore", "" to "security_result.detection_fields". |
2023-10-26 | Enhancement:
- Mapped "msg.headeparsedAddressesr.from.0" to "principal.user.email_addresses". - Modified mappings from using deprecated UDM fields to alternative fields. - Added mapping from "about.labels" to "about.resource.attribute.labels". - Added mapping from "principal.labels" to "principal.resource.attribute.labels". |
2023-06-05 | - Added check to "msg.header.reply-to.0" prior mapping to UDM to check if it is any array of emails.
- Added not "-1" check to "msgPart.detectedSizeBytes" prior mapping to UDM. |
2022-07-14 | Enhancement to map following element to UDM element:
Mapped langs to additional.fields. Mapped definitions to security_result.summary. Mapped engine to metadata.product_version. |
2022-06-29 | Enhancement - Added gsub to remove '<>' from the fields 'sm.msgid' and 'msg.header.message-id.0' mapped to 'network.email.mail_id'.
|
2022-05-20 | Enhancement to map following elements to UDM elements:
Mapped 'tls.verify', 'filter.disposition' to 'security_result.action_details'. Mapped 'filter.modules.dmarc.authResults.result' to 'additional.fields'. Mapped 'filter.quarantine.module', 'filter.quarantine.folder', 'filter.quarantine.type', 'filter.quarantine.folderId', 'filter.modules.spam.scores.overall', 'filter.modules.spam.scores.engine', 'filter.modules.spam.scores.classifiers.spam', 'filter.modules.spam.scores.classifiers.mlxlog', 'filter.modules.spam.scores.classifiers.phish', 'filter.modules.spam.scores.classifiers.impostor', 'filter.modules.spam.scores.classifiers.lowpriority', 'filter.modules.spam.scores.classifiers.mlx', 'filter.modules.spam.scores.classifiers.bulk', 'filter.modules.spam.scores.classifiers.suspect', 'filter.modules.spam.scores.classifiers.malware', 'filter.modules.spam.scores.classifiers.adult' to 'security_result.detection_fields'. |
2022-04-13 | Enhancement to map following element to UDM element:
Mapped filter.modules.av.virusNames to 'security_result.threat_name'. |