Stay organized with collections
Save and categorize content based on your preferences.
Change log for MICROSOFT_DEFENDER_ENDPOINT
Date
Changes
2025-05-22
Enhancement:
- event.idm.read_only_udm.principal.user.email_addresses: Newly mapped `ForwardTo` raw log field with `event.idm.read_only_udm.principal.user.email_addresses` UDM field
- `USER_UNCATEGORIZED`: Added support for the event `USER_UNCATEGORIZED` and relevant corresponding raw log fields.
2025-05-13
target.process.product_specific_process_id - principal.process.product_specific_process_id: Removed mapping of `properties.InitiatingProcessUniqueId` from `target.process.product_specific_process_id` UDM field.
2025-03-27
Promoted the parser to default. - This version includes many changes to improve the parser mappings (parser overhaul) - contact your Google representative to get a detailed list with all changes
- This version will have an extended RC period - we encourage you to opt-in and make the required adjustments before it'll be automatically promoted to Default
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-25 UTC."],[[["This document details the change log for MICROSOFT_DEFENDER_ENDPOINT, outlining various enhancements and bug fixes over time."],["Recent enhancements include added support for missing fields, unparsed logs, and new JSON log formats, as well as mapping various fields to their corresponding values."],["Bug fixes have addressed issues such as mapping \"FailureReason\", adding conditional checks for \"FILE_DELETION\" and \"FILE_MODIFICATION\" event types, and fixing a grok pattern to parse the entire value to the \"target.file.full_path\" field."],["Updates have been made to adapt to new formats and fields, including regular expression checks, parsing logic adjustments, and changes to mappings from deprecated fields to updated alternatives."],["Many changes focused on better mapping fields to UDM, such as mapping device information, user details, file details, and security result fields to improve data organization and parsing accuracy."]]],[]]
