Stay organized with collections
Save and categorize content based on your preferences.
Change log for MANDIANT_CUSTOM_IOC
Date
Changes
2023-12-19
- Mapped "threat.threat_feed_name" to "Mandiant".
2023-12-07
- Mapped "first_seen" to "metadata.interval.start_time".
- When "type" is "fqdn/ipv4/url", then mapped "custom_ioc_expire_date" to "metadata.interval.end_time".
- Mapped "threat_rating.threat_score" to "entity.entity.labels".
- Mapped "threat_rating.severity_level" to "threat.severity".
- Mapped "threat_rating.confidence_level" to "threat.confidence".
- Mapped "verdict_simple.timestamp" to "verdict_info.verdict_time".
- When "verdict_simple.verdict" is "malicious", then set "verdict_info.verdict_response" to "MALICIOUS".
- Mapped "verdict_info.verdict_type" based on "verdict_simple.verdict_source".
- Mapped "category" to "threat.category_details".
- Mapped "threat_rating.confidence_score" to "threat.confidence_details".
- Mapped "threat_rating.threat_score" to "threat.risk_score".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The parser for MANDIANT_CUSTOM_IOC was initially created on 2023-11-17."],["On 2023-12-07, multiple mappings were updated, including those for first_seen, custom_ioc_expire_date, threat_rating, verdict_simple, and category."],["On 2023-12-19, the \"threat.threat_feed_name\" was mapped to \"Mandiant\"."]]],[]]
