Stay organized with collections
Save and categorize content based on your preferences.
Change log for SENTINELONE_CF
Date
Changes
2025-03-20
Updated the mapping for "Registry Value Create" and "Registry Value Modified" event types as follows:
- "target.registry.registry_key" (Changed UDM field mapping) -> Earlier, the entire "registry.keyPath" raw log field was mapped. -> New UDM mapping extracts "registry_key" from the "registry.keyPath" raw log field using a grok pattern.
- "target.registry.registry_value_name" (Changed UDM field mapping) -> Earlier, the "registry.valueType" raw log field was mapped. -> New UDM mapping extracts "value_name" from the "registry.keyPath" raw log field using a grok pattern.
- "additional.fields" (New UDM field mapping) -> No UDM mapping to mapping of "registry.valueType" fields from the raw log.
2025-03-04
"target.hostname" (New UDM field mapping) -> No UDM Mapping To Mapping of "event.dns.request" raw log field for the event type "NETWORK_DNS".
2024-08-02
Added support for metadata.product_name.
2024-06-11
Enhancement:
- When "os.name" is "os x", then mapped "MAC" to "principal.platform".
2024-05-01
Updated the mapping for the deprecated UDM field.
2024-04-24
Updated event validation to 'STATUS_UPDATE' event for 'group.id' field not present.
2024-03-15
Updated the mapping for "process.product_specific_process_id" UDM field.
2024-01-17
Updated metadata.event_type mapping of "Registry Key Create" event.
2024-01-03
Updated mapping of "Agent"-related fields from "observer" to "principal".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis document provides a change log for the SENTINELONE_CF parser, detailing updates and enhancements.\u003c/p\u003e\n"],["\u003cp\u003eThe parser has undergone several updates, including mapping adjustments, field enhancements, and event validation changes.\u003c/p\u003e\n"],["\u003cp\u003eSupport for the metadata.product_name field was added on 2024-08-02.\u003c/p\u003e\n"],["\u003cp\u003eOn 2023-10-03, the parser was initially created.\u003c/p\u003e\n"],["\u003cp\u003eAgent related field mapping was changed from "observer" to "principal" on 2024-01-03.\u003c/p\u003e\n"]]],[],null,["# Change log for SENTINELONE_CF\n============================="]]
