Change log for STIX
| Date | Changes |
|---|---|
| 2024-03-06 | Enhancement:
- Added support for logs with the "type" value "indicator". |
| 2024-02-07 | Enhancement:
- Added support for entity field mappings for new set of ingested logs. - Mapped "description" to "threat_detail.description". - Mapped "external_references.0.source_name" to "entity_event.entity.hostname". - Mapped fields present in nested JSON field "extensions.extension-definition" to "threat_detail.detection_fields". |
| 2023-11-08 | Enhancement:
- Added support for entity field mappings for new set of ingested logs. - Mapped "entity_type" to "IP_ADDRESS" and "entity_event.entity.ip" to "ip" for "pattern" = "ipv4-addr". - Mapped "entity_type" to "USER" and "entity_event.entity.user.email_addresses" to "mail" for "pattern" = "email-addr". - Mapped "entity_type" to "FILE" and "entity_event.entity.file.sha256" to "sha256val","entity_event.entity.file.md5" to "MD5_val" and "entity_event.entity.file.sha1" to "sha1_val" for "pattern" = "file:hashes". - Mapped "entity_type" to "DOMAIN_NAME" and "entity_event.entity.hostname" to "dom" for "pattern" = "domain-name". - Mapped "entity_type" to "URL" and "entity_event.entity.url" to "url_val" for "pattern" = "url:value". |
| 2023-03-24 | Enhancement: Added support for entity field mappings.
|
| 2022-12-12 | Bug Fix - Mapped timestamp to "metadata.event_timestamp".
- Added Grok patterns to identify the type of log. - Added type specific blocks like 'md5', 'sha1', 'sha256', 'domain-name', 'mal_file_name' etc. |
| 2022-12-03 | Bug Fix - Parsed unparsed logs:
- Added Grok patterns to identify the type of log. - Added type specific blocks like 'mal_md5', 'mal_url' etc. - Parsed 'SHA-512' as 'security_result.detection_fields' due to large size. |
| 2022-11-27 | Newly created parser.
|