Stay organized with collections
Save and categorize content based on your preferences.
Change log for TRENDMICRO_STELLAR
Date
Changes
2025-02-12
Enhancement:
- Added support to parse the unparsed logs.
2025-01-23
Enhancement:
Added a Grok pattern to parse the logs.
- Mapped "eventTime" to "metadata.event_timestamp".
- Mapped "start" to "metadata.event_timestamp".
- Mapped "severity" to "security_result.severity".
- Mapped "event_id" to "metadata.product_log_id".
- Mapped "security_result.action" for "event_id" in ["5888","8193","5377","8194"].
- Mapped "event_name" to "metadata.product_event_type".
- Mapped "serverIP" to "intermediary.hostname".
- Changed "metadata.event_type" for "event_id" in ["5888","4609","523","8197","8214","8209","8211"]
2024-12-05
Enhancement:
- Mapped "sourceIP" to "principal.ip"and "principal.asset.ip".
- Mapped "fileHashAllowed" to "target.file.sha256".
- Mapped "programHash" to "target.file.sha256".
- Mapped "certificate" to "network.tls.client.certificate.issuer".
- Mapped "programSize" to "principal.process.file.size".
- Mapped "programPath" to "principal.process.file.full_path".
- Mapped "domain" to "principal.administrative_domain"
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The parser for TRENDMICRO_STELLAR was initially created on 2024-11-21."],["Enhancements on 2024-12-05 included mapping fields such as \"sourceIP\" to \"principal.ip\", \"fileHashAllowed\" to \"target.file.sha256\", and \"domain\" to \"principal.administrative_domain\"."],["On 2025-01-23, a Grok pattern was added to parse logs, along with mapping several fields, such as \"eventTime\" to \"metadata.event_timestamp\", and modifying \"metadata.event_type\" for specific event IDs."],["As of 2025-02-12, support for parsing previously unparsed logs was added to the parser."]]],[]]
