Change log for WINDOWS_SYSMON
| Date | Changes |
|---|---|
| 2024-01-17 | Added mapping of "SourceProcessGUID", "TargetProcessGUID" XML log field for "EventID 10". |
| 2023-11-29 | Aligned 'principal/target.hostname' and 'principal/target.asset.hostname' mapping. |
| 2023-10-27 | Added mapping for "ProviderGuid", "IntegrityLevel", "LogonId", "ThreadID" and "Channel" raw log fields. Enhancements: - Mapped "ProcessID" to "observer.process.pid" - Mapped "ProcessId" to "principal/target.process.pid" - Mapped "CurrentDirectory" to "additional.field.key/value" |
| 2023-09-06 | Added support for Microsoft Windows Sysmon "Event ID 29 |
| 2023-01-26 | Enhancement:
- Mapped "FileVersion" to "principal.asset.software.version". - Mapped "Description" to "principal.asset.software.description". - Mapped "Product" to "principal.asset.software.name". - Mapped "Company" to "principal.asset.software.vendor_name". |
| 2022-08-12 | Added mapping of 'CurrentDirectory' field for 'PROCESS_LAUNCH' events.
|
| 2022-04-09 | Added support for logs coming with ExecutionProcessID field. |
| 2022-04-08 | Added support to XML format logs. |