Stay organized with collections
Save and categorize content based on your preferences.
Change log for BEYONDTRUST_ENDPOINT
Date
Changes
2024-12-12
Enhancement:
- Added support to handle SYSLOG + KV logs.
2024-11-21
Enhancement:
- Mapped "user.DomainIdentifier", "user.DomainNetBIOSName", "user.name", and "user.domain" to "additional.fields".
2024-09-05
Enhancement:
- Added support for a new pattern of SYSLOG logs.
2024-08-28
Enhancement:
- Added support for new log pattern.
2024-06-10
Enhancement:
- Enhanced the parser to handle the new logs.
- Mapped "Processes.process_exec" to "additional.fields".
- Mapped "Processes.action" to "security_result.action".
- Mapped "Processes.description" to "metadata.description".
- Mapped "Processes.dest" to "target.hostname".
- Mapped "Processes.process_id" to "principal.process.pid".
- Mapped "Processes.user" to "principal.user.userid".
- Mapped "Processes.process" to "principal.application".
- Mapped "Processes.user_id" to "principal.user.windows_sid".
- Mapped "Processes.parent_process_id" to "principal.process.parent_process.pid".
- Mapped "Processes.process_hash", "Processes.process_name", "Processes.parent_process", "Processes.parent_process_exec" to "additional.fields".
- Mapped "Processes.process_path" to "principal.process.parent_process.file.full_path".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe BEYONDTRUST_ENDPOINT parser has been newly created as of March 20, 2024.\u003c/p\u003e\n"],["\u003cp\u003eSupport for various log patterns, including SYSLOG and KV logs, has been added to the parser as of December 12, 2024.\u003c/p\u003e\n"],["\u003cp\u003eMultiple fields from "Processes" logs have been mapped to more standardized fields, like mapping "Processes.process_exec" to "additional.fields", or mapping "Processes.action" to "security_result.action".\u003c/p\u003e\n"],["\u003cp\u003eUser-related fields such as "user.DomainIdentifier", "user.DomainNetBIOSName", "user.name", and "user.domain" are now mapped to the "additional.fields" section.\u003c/p\u003e\n"]]],[],null,["Change log for BEYONDTRUST_ENDPOINT\n\n| Date | Changes |\n|------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2024-12-12 | Enhancement: - Added support to handle SYSLOG + KV logs. |\n| 2024-11-21 | Enhancement: - Mapped \"user.DomainIdentifier\", \"user.DomainNetBIOSName\", \"user.name\", and \"user.domain\" to \"additional.fields\". |\n| 2024-09-05 | Enhancement: - Added support for a new pattern of SYSLOG logs. |\n| 2024-08-28 | Enhancement: - Added support for new log pattern. |\n| 2024-06-10 | Enhancement: - Enhanced the parser to handle the new logs. - Mapped \"Processes.process_exec\" to \"additional.fields\". - Mapped \"Processes.action\" to \"security_result.action\". - Mapped \"Processes.description\" to \"metadata.description\". - Mapped \"Processes.dest\" to \"target.hostname\". - Mapped \"Processes.process_id\" to \"principal.process.pid\". - Mapped \"Processes.user\" to \"principal.user.userid\". - Mapped \"Processes.process\" to \"principal.application\". - Mapped \"Processes.user_id\" to \"principal.user.windows_sid\". - Mapped \"Processes.parent_process_id\" to \"principal.process.parent_process.pid\". - Mapped \"Processes.process_hash\", \"Processes.process_name\", \"Processes.parent_process\", \"Processes.parent_process_exec\" to \"additional.fields\". - Mapped \"Processes.process_path\" to \"principal.process.parent_process.file.full_path\". |\n| 2024-03-20 | Newly created parser. |"]]