Change log for MICROSOFT_SCEP
| Date | Changes |
|---|---|
| 2025-01-17 | Enhancement:
- Added a new Grok pattern. - Mapped "time" to "syslogtimestamp". - Mapped "hostname" to "principal.hostname" and "principal.asset.hostname". - Mapped "DetectionID", "detection_source", and "pending_action" to "security_result.detection_fields". - Mapped "ResourceID" to "target.resource.name". - Mapped "action" to "temp_action". - Mapped "action_type" to "principal.group.attribute.labels". - Mapped "dest_name" to "target.hostname" and "target.asset.hostname". - Mapped "signature" to "additional.fields". - Mapped "category" to "security_result.category_details". |
| 2025-01-16 | Bug-Fix:
- Added new Grok patterns to parse "file_path" and "source_url" correctly. - Mapped "Name" to "metadata.product_event_type". |
| 2024-11-25 | Enhancement:
- Added support to extract "source_url" from "Path" field when it contains "http". |
| 2024-10-17 | Enhancement:
- Mapped "UserName" to "principal.user.userid". - Mapped "Process" to "principal.process.file.full_path". - Mapped "NTdomain" to "principal.administrative_domain". - Mapped "file_path" to "target.file.full_path". - Mapped "source_url" to "src.url". |
| 2024-08-13 | Enhancement:
- Mapped "UserName" to "target.user.userid". |
| 2024-03-12 | Newly created parser.
|