Stay organized with collections
Save and categorize content based on your preferences.
Change log for CISCO_AMP
Date
Changes
2024-12-18
Enhancement:
- Added a Grok pattern to support new JSON log format.
2024-05-14
Enhancement:
- Mapped "event_type_id" to "metadata.product_log_id".
- Mapped "detection_id" to "security_result.detection_fields".
- Mapped "file.disposition", "error.error_code", and "error.description" to "security_result.description".
- Mapped "file.file_name" to "target.file.names".
- Mapped "file.parent.disposition", "file.parent.file_name", "file.parent.identity.md5", "file.parent.identity.sha1", and "file.parent.identity.sha256" to "target.resource.attribute.labels".
- Mapped "file.identity.md5" to "target.file.md5".
- Mapped "file.identity.sha1" to "target.file.sha1".
2024-02-23
Enhancement:
- Added support to parse logs if "event_type" is "Component Download Success", "Scan Started", "Scan Completed, No Detections", "Product Update Started", "Product is already installed.", "Policy Update", "Install Started", "Product Update Failed", "Uninstall", "Endpoint IOC Definition Update Success", "Endpoint IOC Scan Started", "Policy Update Failure", "Endpoint IOC Scan Failed", "Major Fault Raised", "Critical Fault Raised", "Endpoint IOC Scan Detection Summary", "Endpoint IOC Configuration Update Success", "Scan Failed", "Fault Cleared", or "Install Failure".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-22 UTC."],[[["A Grok pattern was added on December 18, 2024, to facilitate the processing of a new JSON log format."],["On May 14, 2024, several data fields were remapped for better organization, including mappings for event type IDs, detection IDs, file dispositions, and file names."],["Support for parsing logs was expanded on February 23, 2024, to include various event types such as component download success, scan statuses, product updates, and fault-related events."]]],[]]
