Change log for PAN_CORTEX_XDR_EVENTS
| Date | Changes |
|---|---|
| 2025-06-12 | Enhancement:
- event.idm.read_only_udm.metadata.product_version: Newly mapped `event_version` raw log field with `event.idm.read_only_udm.metadata.product_version` UDM field. - event.idm.read_only_udm.principal.file.full_path: Newly mapped `action_file_previous_file_path` raw log field with `event.idm.read_only_udm.principal.file.full_path` UDM field. - event.idm.read_only_udm.observer.ip: Newly mapped `agent_interface_map.ipv4` raw log field with `event.idm.read_only_udm.observer.ip` UDM field. - event.idm.read_only_udm.observer.mac: Newly mapped `agent_interface_map.mac` raw log field with `event.idm.read_only_udm.observer.mac` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `action_file_last_writer_actor`, `action_file_device_type`, `action_file_previous_file_name`, `action_file_name`, `agent_id`, `agent_version`, `agent_os_type`, `os_actor_thread_thread_id`, `action_file_type`, `action_file_prev_type`, `os_actor_process_signature_status`, `os_actor_process_logon_id`, `agent_content_version` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.file.size: Newly mapped `action_module_image_size` raw log field with `event.idm.read_only_udm.target.file.size` UDM field if `event_type` raw log field is equal to "6". |
| 2025-05-15 | Enhancement:
- event.idm.read_only_udm.target.file.md5: Newly mapped `action_file_md5` raw log field with `event.idm.read_only_udm.target.file.md5` UDM field - event.idm.read_only_udm.target.file.sha256: Newly mapped `action_file_sha256` raw log field with `event.idm.read_only_udm.target.file.sha256` UDM field |
| 2025-03-19 | Enhancement:
- Mapped "action_module_md5" to "target.process.file.md5". - Mapped "action_module_sha256" to "target.process.file.sha256". |
| 2023-12-15 | Enhancement:
- Mapped "event_timestamp" to "metadata.event_timestamp". - When "event_type" is "5/6" and "action_remote_ip", "action_local_ip", "agent_hostname" are null, then mapped "metadata.event_type" to "GENERIC_EVENT." |
| 2023-02-01 | Newly created parser. |