Change log for KNOWBE4_PHISHER
| Date | Changes |
|---|---|
| 2025-06-05 | Enhancement:
- Added gsub to replace `Message-ID` with `Message-Id` and "In-Reply-To" with "Reply-To" for new logs. - Changed the field name from `indexraw` to `indexhtml`. - Changed the field name from `indexraw` to `indextext`. - Modified condition to check if `indexhtml`,`indexraw` and `indextext` is equal to the string `"0"` OR the integer `0`. - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly Mapped `Received` raw log field to extract the ip address and mapped with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `Date` raw log field to `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly Mapped `Received-SPF`, `Authentication-Results`, `X-SES-RECEIPT`, `X-SES-DKIM-SIGNATURE`, `ARC-Seal`, `ARC-Message-Signature`, `ARC-Authentication-Results`, `X-Google-DKIM-Signature`, `X-Forwarded-Encrypted`, `X-Gm-Message-State`, `X-Received`, `X-Forwarded-To`, `X-Forwarded-For`, `DKIM-Signature`, `X-Gm-Gg`, `X-Google-Smtp-Source`, and `X-Gm-Features` raw log fields with `event.idm.read_only_udm.security_result.detection_fields` UDM field. |
| 2024-10-16 | - Newly created parser.
|