Stay organized with collections
Save and categorize content based on your preferences.
Change log for KASPERSKY_AV
Date
Changes
2025-02-13
Enhancement:
- Added support to parse the unparsed CEF logs.
2025-02-05
Enhancement:
- Added support to parse the unparsed CEF logs.
2023-10-13
Enhancement:
- Mapped "Hachage SHA256", "p1" to "target.process.file.sha256".
- Mapped "Hachage MD5", "md5" to "target.process.file.md5".
- Mapped "intermediary" to "event.idm.read_only_udm.intermediary".
2022-10-14
Added gsub to bypass unwanted special characters.
2022-05-17
Added mappings for the following fields - Nom (name of the process/application) (Name) mapped to target.file.full_path (extension).
- Chemin de l'application (Application path) mapped to target.file.full_path.
- Type d'événement (Event type) mapped to metadata.product_event_type.
- ID du processus (Process id) mapped to target.process.pid.
- Description du résultat (Result description) mapped to metadata.description.
- Erreur (Error) mapped to security_result.summary.
2022-03-29
Added mappings for the following missing fields "Result description" to "security_result.description".
"Type" to "security_result.threat_name".
"MD5" to "process.file.md5".
"SHA256" to "process.file.sha256".
"p2" to "target.process.file.full_path".
"p5" to "security_result.rule_name".
"p7" to "principal.user.user_display_name".
"Reason" to "security_result.summary".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The change log documents enhancements to KASPERSKY_AV, including added support for parsing unparsed CEF logs."],["Several updates focused on mapping fields, such as mapping \"Hachage SHA256\" and \"Hachage MD5\" to \"target.process.file.sha256\" and \"target.process.file.md5,\" respectively."],["Mappings were added for fields like \"Nom,\" \"Chemin de l'application,\" \"Type d'événement,\" \"ID du processus,\" \"Description du résultat,\" and \"Erreur\" to various target fields."],["Further mappings included fields like \"Result description,\" \"Type,\" \"MD5,\" \"SHA256,\" \"p2,\" \"p5,\" \"p7,\" and \"Reason\" to fields like \"security_result.description\" and \"process.file.md5\"."],["Specific characters can be avoided now thanks to the addition of gsub."]]],[]]