Change log for THREATLOCKER
Date | Changes |
---|---|
2023-06-18 | Bug-Fix - Modified Grok pattern to fetch source IP address and destination IP address for "fp" when "at" is "network".
|
2023-05-24 | Enhancement - Modified mapping of "security_result.outcomes.key" to "Monitor mode status" and value to "monitor mode on" and "monitor mode off".
- Added mapping "s256" to "target.file.sha256" and "target.process.file.sha256". - When "at" is "network", mapped "metadata.event_type" to "NETWORK_CONNECTION" . Mapped "fp" to "target.hostname", "target.ip" and "target.port". - When "at" is "execute", "install", mapped "metadata.event_type" to "PROCESS_LAUNCH". . Mapped "fp" to "target.process.file.full_path". - When "at" is "newprocess", mapped "metadata.event_type" to "PROCESS_OPEN". . Mapped "fp" to "target.process.file.full_path". - When "at" is "write", mapped "metadata.event_type" to "FILE_MODIFICATION". . Mapped "fp" to "target.file.full_path". - When "at" is "read", mapped "metadata.event_type" to "FILE_READ". . Mapped "fp" to "target.file.full_path". - When "at" is "delete", mapped "metadata.event_type" to "FILE_DELETION". . Mapped "fp" to "target.file.full_path". - When "at" is "move", mapped "metadata.event_type" to "FILE_MODIFICATION". . Mapped "fp" to "target.file.full_path". - When "at" is "registry", mapped "metadata.event_type" to "REGISTRY_UNCATEGORIZED". . Mapped "fp" to "target.registry.registry_key". |
2022-12-16 | Newly created parser.
|