Change log for RH_ISAC_IOC
Date | Changes |
---|---|
2024-03-07 | Bug-Fix:
- Mapped fields from array "TAG" to "event.idm.entity.metadata.threat.detection_fields". |
2024-01-11 | Bug-Fix:
- When "indicatorType" is "text/other", then mapped "value" to "event.idm.entity.entity.file.full_path". - When "indicatorType" is "text/other", then set "event.idm.entity.metadata.entity_type"" to "FILE". |
2023-11-21 | Fix:
- When "firstSeen" is "null", then mapped "event.idm.entity.metadata.interval.start_time" to "1". - When "indicatorType" is "hostname/domain", then mapped "value" to "event.idm.entity.entity.hostname". - When "indicatorType" is "email", then mapped "uuid" to "event.idm.entity.metadata.product_entity_id". - When "indicatorType" is "comment|phone" dropped the logs. - Mapped "comment" to "event.idm.entity.metadata.threat.summary". - Mapped "category" to "event.idm.entity.metadata.threat.category_details". - Mapped "id" to "event.idm.entity.metadata.threat.detection_fields". - Mapped "object_id" to "event.idm.entity.metadata.threat.detection_fields". - Mapped "uuid" to "event.idm.entity.metadata.threat.detection_fields". |
2022-03-22 | Enhancement - Added entity fields to all the logs that has firstseen and lastseen fields.
Avoided dropping of logs of indicatorType: SHA256, EMAIL_ADDRESS, MD5, SHA1, SOFTWARE, CVE and mapped them as entity type fields without ioc. |