Change log for BOX
| Date | Changes |
|---|---|
| 2024-03-11 | Enhancement -
- Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.event_type" to "metadata.product_event_type". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.city_name" to "principal.location.city". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.country_code" to "principal.location.country_or_region". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.latitude" to "principal.location.region_coordinates.latitude". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.longitude" to "principal.location.region_coordinates.longitude". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.region_name" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.ip" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.ip_info.registrant" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.item_id" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.item_name" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.item_path" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.item_type" to "additional_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.alert_activities.0.occurred_at" to "additional_fields". - Mapped "entry.additional_details.shield_alert.priority" to "security_result.severity". - Mapped "entry.additional_details.shield_alert.alert_id" to "security_result.rule_id". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.static_scan_result.family" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.static_scan_result.scan_result" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.static_scan_result.scanned_at" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.threat_info.description" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.threat_info.scanned_at" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.threat_info.source" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.threat_info.status" to "security_result.detection_fields". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.threat_info.threat_name" to "security_result.detection_fields". - Mapped session details carrying two activities details in the raw logs. - Mapped additional fields for "Anomalous Downloads" type of logs. |
| 2024-01-12 | Enhancement -
- Mapped additional fields when "metadata.product_event_type" is "DOWNLOAD". - Mapped additional fields when "metadata.product_event_type" is "SHIELD_DOWNLOAD_BLOCKED". |
| 2023-12-04 | Enhancement -
- Mapped additional fields when "metadata.product_event_type" is "SHIELD_ALERT". - Mapped "entry.additional_details.shield_alert.user.email" to "principal.user.email_addresses". - Mapped "entry.additional_details.shield_alert.user.id" to "principal.user.userid". - Mapped "entry.additional_details.shield_alert.user.name" to "principal.user.user_display_name". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.file_info.name" to "target.file.names". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.file_info.size" to "target.file.size". - Mapped "entry.additional_details.shield_alert.alert_summary.malware_info.file_info.hash" to "target.file.sha1". - Mapped "entry.additional_details.shield_alert.alert_summary.upload_activity.item_path" to "target.file.full_path". - Mapped "entry.additional_details.shield_alert.rule_category" to "security_result.category_details". - Mapped "entry.additional_details.shield_alert.rule_id" to "security_result.rule_id". - Mapped "entry.additional_details.shield_alert.rule_name" to "security_result.rule_name". - Mapped "entry.additional_details.shield_alert.risk_score" to "security_result.risk_score". - Mapped "entry.additional_details.shield_alert.alert_summary.description" to "security_result.description". |
| 2022-09-16 | Enhancement - Migrated to default parser.
|
| 2022-07-29 | Enhancement -
- Modified the mapping for 'source.folder_id', 'source.file_id' and 'source.item_id' from 'target.resource.id' to 'target.resource.product_object_id'. - Added conditional checks for the fields 'created_by.login', 'source.login', 'source.user_email', 'source.owned_by.login' and 'accessible_by.login'. - Changed 'metadata.event_type' from 'GENERIC_EVENT' to 'USER_UNCATEGORIZED' for "DEVICE_TRUST_CHECK_FAILED", "USER_AUTHENTICATE_OAUTH2_ACCESS_TOKEN_CREATE", "SHARED_LINK_REDIRECT_OUT_OF_SHARED_CONTEXT", "TERMS_OF_SERVICE_ACCEPT","OAUTH2_ACCESS_TOKEN_REVOKE", "ADD_DEVICE_ASSOCIATION". |