Change log for PROOFPOINT_MAIL
| Date | Changes |
|---|---|
| 2024-08-14 | Enhancement:
Mapped "xmailer" to "security_result.detection_fields". |
| 2024-08-13 | Enhancement:
- When "threats.classification" is "toad", then mapped "threats.classification" to "security_result.category_details". |
| 2024-07-30 | Enhancement:
- Added a new Grok pattern to parse a new format of SYSLOG logs. |
| 2024-07-16 | Enhancement:
- Changed mapping of "metadata.event_timestamp" from "msg.messageTime" to "clicks.threatTime". - Mapped "msg.messageTime" to "additional.fields". |
| 2024-05-27 | Enhancement:
- Mapped "msg.policyRoutes" to "additional.fields". |
| 2024-04-03 | Enhancement:
- Extracted "sender_domain" from "msg.fromAddress" and "clicks.sender", and mapped to "principal.domain.name". - Mapped "clicks.sender" to "principal.user.email_addresses". - Mapped "clicks.recipient" to "target.user.email_addresses". |
| 2023-06-26 | Enhancement -
- Mapped "clicks.threatStatus" to "security_result.threat_status". |
| 2022-11-03 | Enhancement - Added condition check for date field .
"give the higher priority to the date which has maximum timestamp". if "click_time" > "threat_time" date mapped to click_time else threat_time. |
| 2022-07-13 | Enhancement - Modified the mapping for "intermediary.user.email_addresses" from "(messagesBlocked|messagesDelivered).*toAddresses" to "(messagesBlocked|messagesDelivered).*ccAddresses" .
|
| 2022-06-29 | Enhancement - Added gsub to remove '<>' from the fields 'clicks.messageID' and 'm' mapped to 'network.email.mail_id'.
|
| 2022-05-25 | Mapped "messageSize" to "additional" field.
Mapped "campaignID" to "security_result.rule_id" field. Mapped "ccAddresses" to "intermediary.user.email_addresses" field. Mapped "toAddresses" to "target.user.email_addresses" field. |