Change log for NETSKOPE_ALERT_V2
| Date | Changes |
|---|---|
| 2025-03-19 | Enhancement:
- Mapped "result.useragent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped "result.matched_username" to "additional.fields". |
| 2025-03-18 | Enhancement:
- Mapped "alert_name" to "security_result.rule_name". - Mapped "breach_description" to "security_result.description". - If "ccl" is "high" then map "security_result.severity" to "HIGH". - If "ccl" is "medium" then map "security_result.severity" to "MEDIUM". - If "ccl" is in "poor" , "low" then map "security_result.severity" to "LOW". - If "ccl" is in "excellent" , "unknown" , "not_defined" then map "security_result.severity" to "UNKNOWN_SEVERITY". - If "action" is in "block" , "restrictToView" , "disableDownload" and "restrictAccess" then map "security_result.action" to "BLOCK". - If "action" is in "alert", "bypass" , "quarantine" , "legalHold" , "useralert" and "Detection" , "expireLink" then map "security_result.action" to "QUARANTINE". - If "action" is in "none" then map "security_result.action" to "UNKNOWN_ACTION". |
| 2025-02-18 | Enhancement:
- Added support for unparsed fields. - Mapped "hostname" to "target.hostname" and "target.asset.hostname". - Mapped "type" to "additional.fields". - Mapped "email" to "network.email.from". - Mapped "severity" to "security_result.severity". |
| 2024-09-25 | - Newly created parser.
|