Stay organized with collections
Save and categorize content based on your preferences.
Change log for ABNORMAL_SECURITY
Date
Changes
2024-09-18
Enhancement:
- Mapped "event_data.message_sources", "event_data.sender_auth_results.spf", "event_data.sender_auth_results.dkim", "event_data.sender_auth_results.dmarc", "event_data.tenant", and "event_data.attack_score" to "additional.fields".
2024-09-12
Enhancement:
- When "sourcetype" is "case", then mapped the following:
- "event.abx_body.event_timeline.n.ip_address" to "principal.ip" and "principal.asset.ip".
- "event.abx_body.event_timeline.n.insights.0.signal", "event.abx_body.event_timeline.n.insights.0.description", "event.abx_body.event_timeline.n.browser", "event.abx_body.event_timeline.n.operating_system", "event.abx_body.event_timeline.n.isp", "event.abx_body.event_timeline.n.application", "event.abx_body.event_timeline.n.signin_event_status", and "event.abx_body.event_timeline.n.platform" to "additional.fields".
2024-08-21
Enhancement:
- Mapped "event_data.abx_body.severity" to "security_result.severity".
- Mapped "event_data.abx_body.trigger_event" and "event_data.abx_body.entity.entity_type" to "additional.fields".
- Mapped "event_data.abx_body.entity.identifier" to "principal.user.email_addresses".
- Mapped "event_data.abx_body.case_id" to "metadata.product_log_id".
2024-07-24
Enhancement:
- Mapped "sourcetype", "event.folder_locations" to "additional.fields".
- Mapped "event.abx_message_id" to "metadata.product_log_id".
2024-05-02
Enhancement:
- Added support for a new pattern of JSON logs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["Recent enhancements in the ABNORMAL_SECURITY change log include mapping various event data fields like message sources, SPF, DKIM, DMARC, tenant, and attack score to \"additional.fields\" as of 2024-09-18."],["On 2024-09-12, updates were made to map several fields, such as IP address, signal, description, browser, operating system, ISP, application, sign-in event status, and platform, to \"principal.ip\", \"principal.asset.ip\", and \"additional.fields\" when the \"sourcetype\" is \"case\"."],["Enhancements on 2024-08-21 involved mapping fields like severity to \"security_result.severity\", and trigger event, entity type, entity identifier, and case ID to \"additional.fields\", \"principal.user.email_addresses\", and \"metadata.product_log_id\" respectively."],["On 2024-07-24, changes were made to map the \"sourcetype\" and \"event.folder_locations\" to \"additional.fields\" and also mapped the \"event.abx_message_id\" to \"metadata.product_log_id\"."],["The log included the addition of support for a new pattern of JSON logs on 2024-05-02, and the initial creation of a new parser on 2023-11-06."]]],[]]
