Stay organized with collections
Save and categorize content based on your preferences.
Change log for PAN_CORTEX_XDR_EVENTS
Date
Changes
2025-05-15
Enhancement:
- event.idm.read_only_udm.target.file.md5: Newly mapped `action_file_md5` raw log field with `event.idm.read_only_udm.target.file.md5` UDM field
- event.idm.read_only_udm.target.file.sha256: Newly mapped `action_file_sha256` raw log field with `event.idm.read_only_udm.target.file.sha256` UDM field
2025-03-19
Enhancement:
- Mapped "action_module_md5" to "target.process.file.md5".
- Mapped "action_module_sha256" to "target.process.file.sha256".
2023-12-15
Enhancement:
- Mapped "event_timestamp" to "metadata.event_timestamp".
- When "event_type" is "5/6" and "action_remote_ip", "action_local_ip", "agent_hostname" are null, then mapped "metadata.event_type" to "GENERIC_EVENT."
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-25 UTC."],[[["The PAN_CORTEX_XDR_EVENTS parser was newly created on 2023-02-01."],["On 2023-12-15, the \"event_timestamp\" field was mapped to \"metadata.event_timestamp\"."],["On 2023-12-15, events with specific conditions where \"event_type\" is \"5/6\" and several other fields are null, are mapped to \"GENERIC_EVENT\" based on \"metadata.event_type\"."]]],[]]
