Change log for SENTINELONE_CF
| Date | Changes |
|---|---|
| 2025-03-20 | Updated the mapping for "Registry Value Create" and "Registry Value Modified" event types as follows:
- "target.registry.registry_key" (Changed UDM field mapping) -> Earlier, the entire "registry.keyPath" raw log field was mapped. -> New UDM mapping extracts "registry_key" from the "registry.keyPath" raw log field using a grok pattern. - "target.registry.registry_value_name" (Changed UDM field mapping) -> Earlier, the "registry.valueType" raw log field was mapped. -> New UDM mapping extracts "value_name" from the "registry.keyPath" raw log field using a grok pattern. - "additional.fields" (New UDM field mapping) -> No UDM mapping to mapping of "registry.valueType" fields from the raw log. |
| 2025-03-04 | "target.hostname" (New UDM field mapping) -> No UDM Mapping To Mapping of "event.dns.request" raw log field for the event type "NETWORK_DNS". |
| 2024-08-02 | Added support for metadata.product_name. |
| 2024-06-11 | Enhancement:
- When "os.name" is "os x", then mapped "MAC" to "principal.platform". |
| 2024-05-01 | Updated the mapping for the deprecated UDM field. |
| 2024-04-24 | Updated event validation to 'STATUS_UPDATE' event for 'group.id' field not present. |
| 2024-03-15 | Updated the mapping for "process.product_specific_process_id" UDM field. |
| 2024-01-17 | Updated metadata.event_type mapping of "Registry Key Create" event. |
| 2024-01-03 | Updated mapping of "Agent"-related fields from "observer" to "principal". |
| 2023-10-03 | Newly created parser. |