Change log for TRENDMICRO_DEEP_SECURITY
| Date | Changes |
|---|---|
| 2024-04-17 | Enhancement :
- Mapped "event_name" to "metadata.product_event_type". - Mapped "act" additionally to "security_result.action_details". |
| 2024-03-29 | Enhancement :
- Added Grok patterns to parse new formats of "cef_event_attributes". - Mapped "log_type" to "metadata.product_name". - Mapped "organization" to "metadata.vendor_name". - Mapped new fields like suer, suid, fileHash, fsize, spt, dpt, etc. - Mapping sheet link for new fields https://docs.google.com/spreadsheets/d/1nsI4GmOo0TiTbEKe8rzBe35x2GKT94lQvqWAqjUTYJQ/edit?resourcekey=0-9yuK26FZnswpAeBrF9_x_A#gid=0 |
| 2024-03-23 | Enhancement :
- Added Grok patterns to parse new formats of "event_attributes" and "cef_event_attributes". - Mapped "name" to "security_result.summary". |
| 2024-03-04 | Enhancement :
- Added a Grok pattern to parse CEF format logs. - Mapped "TrendMicroDsFileSHA1" to "target.file.sha1". - Mapped "msg" to "security_result.description". - Mapped "result" to "security_result.summary". - Mapped "filePath" to "target.file.full_path". - Mapped "TrendMicroDsMalwareTarget","TrendMicroDsProcess", "TrendMicroDsMalwareTargetCount","TrendMicroDsMalwareTargetType" and "TrendMicroDsBehaviorType" to "security_result.detection_fields". - If "dvchost" is not null, then mapped "dvchost" to "target.hostname" else if "cef_host" is not null, then mapped "cef_host" to "target.hostname". |
| 2024-02-13 | Enhancement :
- Mapped "target" to "target.hostname" - Mapped "usrName" to "principal.user.userid" |
| 2022-09-01 | Newly created parser.
|