Change log for MICROSOFT_DEFENDER_ENDPOINT
| Date | Changes |
|---|---|
| 2025-08-07 | Updated following field mappings in "DeviceLogonEvents" Events - target.ip: Removed mapping of `properties.RemoteIP` from `target.ip` UDM field. - principal.ip: Mapped `properties.RemoteIP` raw log field with `principal.ip` UDM field. - target.hostname: Removed mapping of `properties.RemoteDeviceName` from `target.hostname` UDM field. - principal.hostname: Mapped `properties.RemoteDeviceName` raw log field with `principal.hostname` UDM field. - target.port: Removed mapping of `properties.RemotePort` from `target.port` UDM field. - principal.port: Mapped `properties.RemotePort` raw log field with `principal.port` UDM field. - principal.hostname: Removed mapping of `properties.DeviceName` from `principal.hostname` UDM field. - target.hostname: Mapped `properties.DeviceName` raw log field with `target.hostname` UDM field. - principal.asset_id: Removed mapping of `properties.DeviceId from `principal.asset_id` UDM field. - target.asset_id: Mapped `properties.DeviceId` raw log field with `target.asset_id` UDM field. |
| 2025-08-06 | |
| 2025-05-30 | Added new grok pattern to map the following fields:
- principal.ip: Newly mapped `properties.LocalIP` raw log field with `principal.ip` UDM field. - target.ip: Newly mapped `properties.RemoteIP` raw log field with `target.ip` UDM field. |
| 2025-05-22 | Enhancement:
- event.idm.read_only_udm.principal.user.email_addresses: Newly mapped `ForwardTo` raw log field with `event.idm.read_only_udm.principal.user.email_addresses` UDM field - `USER_UNCATEGORIZED`: Added support for the event `USER_UNCATEGORIZED` and relevant corresponding raw log fields. |
| 2025-05-13 | - target.process.product_specific_process_id: Removed mapping of `properties.ProcessUniqueId` from `target.process.product_specific_process_id` UDM field.
- principal.process.product_specific_process_id: Removed mapping of `properties.InitiatingProcessUniqueId` from `target.process.product_specific_process_id` UDM field. |
| 2025-03-27 | - Promoted the parser to default.
- This version includes many changes to improve the parser mappings (parser overhaul) - contact your Google representative to get a detailed list with all changes - This version will have an extended RC period - we encourage you to opt-in and make the required adjustments before it'll be automatically promoted to Default |