Change log for MIMECAST_MAIL
| Date | Changes |
|---|---|
| 2025-04-23 | Enhancement:
- `event.idm.read_only_udm.security_result.action`: Newly mapped `event.idm.read_only_udm.security_result.action` UDM field basing on `Action` raw log field. - `event.idm.read_only_udm.security_result.action`: When `Action` raw log field value is "warn" then `event.idm.read_only_udm.security_result.action` UDM field value is "ALLOW_WITH_MODIFICATION". - `event.idm.read_only_udm.security_result.action`: When `Action` raw log field value is "hold" then `event.idm.read_only_udm.security_result.action` UDM field value is "QUARANTINE". - `event.idm.read_only_udm.security_result.action`: When `Delivered` raw log field value is "false" then `event.idm.read_only_udm.security_result.action` UDM field value is "fail" else if `Delivered` raw log field value is "true" then `event.idm.read_only_udm.security_result.action` UDM field value is "ALLOW". |
| 2025-02-06 | Enhancement:
- Changed mapping of "filename_for_malachite" from "target.process.file.full_path" to "principal.resource.name". - Changed mapping of "fileName" from "principal.process.file.full_path" to "target.process.file.full_path". |
| 2025-01-23 | Enhancement:
- Mapped "md5" to "target.file.md5". - Changed mapping of "filename_for_malachite" from "principal.resource.name" to "target.process.file.full_path". - Mapped "urlCategory" to "principal.url_metadata.categories". - Mapped "credentialTheft" to "security_result.detection_fields". - Mapped "reason" to "security_result.summary". |
| 2024-11-13 | Enhancement:
- Mapped "URL" to "principal.url". |
| 2024-08-05 | Enhancement:
- Mapped "sourceIp" to "principal.ip" and "principal.asset.ip". - Mapped "url" to "principal.url". - Mapped "msgid" to "network.email.mail_id". - Mapped "subject" to "network.email.subject". - Mapped "senderDomain", "AttNames", and "AttCnt" to "security_result.detection_fields". |
| 2023-03-31 | Enhancement:
- Mapped "filename_for_malachite" to "principal.resource.name". - Mapped "fileName" to "principal.process.file.full_path". - Mapped "sha256" to "target.file.sha256". - Mapped "sha1" to "target.file.sha1". - Added conditional check for "aCode". |