Change log for HALCYON
| Date | Changes |
|---|---|
| 2025-07-31 | Enhancement:
- event.idm.read_only_udm.target.process.file.mime_type: Newly mapped `primaryProcess.kind` raw log field with `event.idm.read_only_udm.target.process.file.mime_type` UDM field. - event.idm.read_only_udm.principal.process.file.mime_type: Newly mapped `primaryProcess.artifact.kind` raw log field with `event.idm.read_only_udm.principal.process.file.mime_type` UDM field. - event.idm.read_only_udm.principal.process.file.full_path: Newly mapped `processes.artifact.filePath` raw log field with `event.idm.read_only_udm.principal.process.file.full_path` UDM field. - event.idm.read_only_udm.principal.process.file.sha256: Newly mapped `processes.artifact.sha256` raw log field with `event.idm.read_only_udm.principal.process.file.sha256` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `action` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `filterName` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `policyMode` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `euid` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `occurrences.AuthFailure` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `occurrences.FailedPassword` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `occurredAt` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `occurrences.IncorrectPasswords` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `guid` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `gupid` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `count` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.principal.process.file.full_path: Newly mapped `artifact.filePath` raw log field with `event.idm.read_only_udm.principal.process.file.full_path` UDM field. - event.idm.read_only_udm.principal.process.file.sha256: Newly mapped `artifact.sha256` raw log field with `event.idm.read_only_udm.principal.process.file.sha256` UDM field. - event.idm.read_only_udm.principal.process.file.mime_type: Newly mapped `artifact.kind` raw log field with `event.idm.read_only_udm.principal.process.file.mime_type` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `monitoringReason` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `dxpRule` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.principal.process.file.full_path: Newly mapped `modifiedFilePath` raw log field with `event.idm.read_only_udm.principal.process.file.full_path` UDM field. - event.idm.read_only_udm.security_result.rule_version: Newly mapped `ipArtifact.version` raw log field with `event.idm.read_only_udm.security_result.rule_version` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `ipArtifact.ipAddress` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `ipArtifact.ipAddress` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.process.parent_pid: Newly mapped `process.parentPid` raw log field with `event.idm.read_only_udm.principal.process.parent_pid` UDM field. - event.idm.read_only_udm.security_result.rule_type: Newly mapped `dxpRuleType` raw log field with `event.idm.read_only_udm.security_result.rule_type` UDM field. - event.idm.read_only_udm.principal.application: Newly mapped `summary.applicationName` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - event.idm.read_only_udm.principal.process.pid: Newly mapped `process.pid` raw log field with `event.idm.read_only_udm.principal.process.pid` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `reason.exitCode` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `reason.cause` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.network.dns.questions: Newly mapped `dnsArtifact_uri` raw log field with `event.idm.read_only_udm.network.dns.questions` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `uid` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `tty` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `sshd` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `phost` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `user_displayname` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `msg` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. |
| 2025-04-09 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped "dataType" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "totalOccurrences" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.principal.process.file.mime_type: Newly mapped "process.artifact.kind" raw log field with "event.idm.read_only_udm.principal.process.file.mime_type" UDM field. - event.idm.read_only_udm.principal.process.file.sha256: Newly mapped "process.artifact.sha256" raw log field with "event.idm.read_only_udm.principal.process.file.sha256" UDM field. - event.idm.read_only_udm.principal.process.file.full_path: Newly mapped "process.artifact.filePath" raw log field with "event.idm.read_only_udm.principal.process.file.full_path" UDM field. - event.idm.read_only_udm.principal.process.command_line: Newly mapped "process.commandLine" raw log field with "event.idm.read_only_udm.principal.process.command_line" UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped "firstOccurredAt" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field. - event.idm.read_only_udm.principal.process.file.last_seen_time: Newly mapped "lastOccurredAt" raw log field with "event.idm.read_only_udm.principal.process.file.last_seen_time" UDM field. - event.idm.read_only_udm.target.asset_id: Newly mapped "id" raw log field with "event.idm.read_only_udm.target.asset_id" UDM field. |
| 2024-10-17 | - Newly created parser.
|