Change log for KASPERSKY_AV
| Date | Changes |
|---|---|
| 2025-03-12 | Enhancement:
- Mapped "tdn" to "additional.fields". - Mapped "file_name" to "target.file.names". - Mapped "Event_Component" to "additional.fields". - Mapped "EventType" to "additional.fields". - Mapped "certificate_verification_status" to "security_result.detection_fields". - Mapped "threat_level" to "vulnerabilities.severity_details". - Mapped "object_type" to "security_result.detection_fields". - Mapped "object_name" to "security_result.detection_fields". - Mapped "object_path" to "security_result.detection_fields". - Mapped "bid_id" to "security_result.detection_fields". - Mapped "et2" to "security_result.detection_fields". - Mapped "exchange" to "security_result.detection_fields". - Mapped "ifm_ori" to "security_result.detection_fields". - Mapped "pub" to "security_result.detection_fields". - Mapped "publisher_id" to "security_result.detection_fields". - Mapped "sec_id" to "security_result.detection_fields". - Mapped "site_id" to "security_result.detection_fields". - Mapped "xrtb_id" to "security_result.detection_fields". - Mapped "ip" to "principal.ip" and "principal.asset.ip". |
| 2025-02-13 | Enhancement:
- Added support to parse the unparsed CEF logs. |
| 2025-02-05 | Enhancement:
- Added support to parse the unparsed CEF logs. |
| 2023-10-13 | Enhancement:
- Mapped "Hachage SHA256", "p1" to "target.process.file.sha256". - Mapped "Hachage MD5", "md5" to "target.process.file.md5". - Mapped "intermediary" to "event.idm.read_only_udm.intermediary". |
| 2022-10-14 | Added gsub to bypass unwanted special characters. |
| 2022-05-17 | Added mappings for the following fields - Nom (name of the process/application) (Name) mapped to target.file.full_path (extension). - Chemin de l'application (Application path) mapped to target.file.full_path. - Type d'événement (Event type) mapped to metadata.product_event_type. - ID du processus (Process id) mapped to target.process.pid. - Description du résultat (Result description) mapped to metadata.description. - Erreur (Error) mapped to security_result.summary. |
| 2022-03-29 | Added mappings for the following missing fields "Result description" to "security_result.description". "Type" to "security_result.threat_name". "MD5" to "process.file.md5". "SHA256" to "process.file.sha256". "p2" to "target.process.file.full_path". "p5" to "security_result.rule_name". "p7" to "principal.user.user_display_name". "Reason" to "security_result.summary". |