Change log for SNARE_SOLUTIONS
Date | Changes |
---|---|
2024-05-20 | Enhancement:
- Mapped "logon type" to "extensions.auth.auth_details". |
2024-04-17 | Enhancement:
- Supported new Microsoft Windows event logs. |
2024-01-24 | Enhancement:
- Added Grok patterns to parse dropped "SYSLOG + KV" format logs. - Mapped "ts" to "metadata.event_timestamp". - Mapped "hostname" and "src_host" to "principal.asset.hostname". - Mapped "src_ip" to "principal.asset.ip". - Mapped "Namespace" to "principal.user.userid". - Mapped "ClientProcessID" to "principal.process.pid". - Mapped "HostApplication" to "principal.application". - Mapped "Id" to "principal.resource.product_object_id". - Mapped "ip_protocol" to "network.ip_protocol". - Mapped "event_id" and "Component" to "additional.fields". - Mapped "NotificationQuery", "PossibleCause", "Operation" and "ResultCode" to "security_result.detection_fields". - Mapped "ProviderName", "NewProviderState", "SequenceNumber", "HostName", "HostVersion", "HostId", ""EngineVersion", "RunspaceId", "PipelineId", "CommandName", "ScriptName", "CommandPath", "Volume_GUID", and "Volume_name" to "principal.resource.attribute.labels". |
2022-07-29 | Newly created parser
|