Change log for ANOMALI_IOC
| Date | Changes |
|---|---|
| 2024-02-09 | Enhancement:
- Mapped "can_add_public_tags_label", "owner_organization_id_label", "created_by_label", "is_public_label", "is_editable_label", "rdns_label", "source_created_label", "source_modified_label", "subtype_label", "uuid_label" and "update_id_label" to "entity.additional.fields". - Mapped "is_anonymous_label", "source_reported_confidence_label", "feed_id_label" and "threat_type_label" to "entity.metadata.threat.detection_fields". - Mapped "obj.source" to "entity.metadata.threat.threat_feed_name". - Mapped "obj.itype" to "entity.metadata.threat.threat_name". - Mapped "obj.meta.severity" to "entity.metadata.threat.severity_details". - Initialized "id_label" and "name_label" to null inside the "for loop". - Mapped "obj.threatscore" to "entity.metadata.threat.risk_score". - If "obj.type" is "md5" or "obj.itype" is "mal_md5", then map "obj.value" to "entity.entity.file.md5" and set "metadata.entity_type" as "FILE". - If "obj.type" is "url", then map "obj.value" to "entity.entity.url". - Mapped "obj.meta.severity" to "entity.metadata.threat.severity_details". - Mapped "obj.retina_confidence" to "metadata.threat.confidence_score". - Changed mapping of "obj.resource_uri" from "entity.entity.url" to "metadata.threat.url_back_to_product". |
| 2024-01-25 | Enhancement:
- Mapped "obj.status" to "entity.metadata.source_labels". |
| 2024-01-19 | Bug-Fix:
- Added support for the new format of unparsed JSON logs by converting them into an array. - If "event_name" is "domain" and "shost" is not null then set "entity.metadata.entity_type" as "DMOMAIN_NAME". |
| 2023-12-28 | Enhancement:
- Mapped "obj.created.ts" to "entity.metadata.creation_timestamp" and "entity.metadata.threat.first_discovered_time". - Mapped "obj.modified_ts" to "entity.metadata.threat.last_updated_time". - Mapped "obj.confidence" to "entity.metadata.threat.confidence". - Mapped "obj.tags" to "entity.metadata.source_labels". - Mapped "obj.status" to "entity.metadata.threat.threat_status". |