Change log for TRENDMICRO_DEEP_SECURITY
| Date | Changes |
|---|---|
| 2024-10-09 | Enhancement :
- When "act" is equal to "Delete" then mapped "security_result.action" to "BLOCK" - Mapped "result" to "security_result.action_details". - Mapped "cn2" to "target.file.size". - Mapped "TrendMicroDsTenant" to "metadata.product_deployment_id". - Mapped "TrendMicroDsProcessPid" to "principal.process.pid". |
| 2024-08-22 | Enhancement :
- Mapped "event_name" to "security_result.threat_name". - Mapped "event_id" to "metadata.product_event_type". - Mapped "fileInCompressedFile" to "additional.fields". - Mapped "dvchost" to "principal.asset.hostname" and "principal.hostname". - Mapped "cef_host" and "hostname" to "intermediary.ip". |
| 2024-04-17 | Enhancement :
- Mapped "event_name" to "metadata.product_event_type". - Mapped "act" additionally to "security_result.action_details". |
| 2024-03-29 | Enhancement :
- Added Grok patterns to parse new formats of "cef_event_attributes". - Mapped "log_type" to "metadata.product_name". - Mapped "organization" to "metadata.vendor_name". - Mapped new fields like suer, suid, fileHash, fsize, spt, dpt, etc. - Mapping sheet link for new fields https://docs.google.com/spreadsheets/d/1nsI4GmOo0TiTbEKe8rzBe35x2GKT94lQvqWAqjUTYJQ/edit?resourcekey=0-9yuK26FZnswpAeBrF9_x_A#gid=0 |
| 2024-03-23 | Enhancement :
- Added Grok patterns to parse new formats of "event_attributes" and "cef_event_attributes". - Mapped "name" to "security_result.summary". |
| 2024-03-04 | Enhancement :
- Added a Grok pattern to parse CEF format logs. - Mapped "TrendMicroDsFileSHA1" to "target.file.sha1". - Mapped "msg" to "security_result.description". - Mapped "result" to "security_result.summary". - Mapped "filePath" to "target.file.full_path". - Mapped "TrendMicroDsMalwareTarget","TrendMicroDsProcess", "TrendMicroDsMalwareTargetCount","TrendMicroDsMalwareTargetType" and "TrendMicroDsBehaviorType" to "security_result.detection_fields". - If "dvchost" is not null, then mapped "dvchost" to "target.hostname" else if "cef_host" is not null, then mapped "cef_host" to "target.hostname". |
| 2024-02-13 | Enhancement :
- Mapped "target" to "target.hostname" - Mapped "usrName" to "principal.user.userid" |
| 2022-09-01 | Newly created parser.
|