Change log for SYMANTEC_MAIL

Date	Changes
2025-03-14	- Newly created parser. - Mapped "emailInfo.xMsgRef" to "metadata.product_log_id". - Mapped "emailInfo.longMsgRef", "emailInfo.messageId", "emailInfo.isOutbound", "emailInfo.HELOString", "emailInfo.authResults.raw_header", "emailInfo.authResults.dkim", "emailInfo.authResults.dkim_signing_domain", "emailInfo.authResults.spf", "emailInfo.authResults.dmarc", "emailInfo.authResults.dmarc_policy", "emailInfo.authResults.dmarc_override_action", "emailInfo.tlsInfo.tlsAdvertised", "emailInfo.tlsInfo.tlsUsed", "emailInfo.tlsInfo.tlsKeyLength", "emailInfo.tlsInfo.tlsFallbackReason", "emailInfo.tlsInfo.tlsForwardSecrecy", "emailInfo.tlsInfo.tlsNegotiationFailed", "emailInfo.messageSize", "emailInfo.avQuarantinePenId", "emailInfo.rawHeaderFrom", "emailInfo.headerReplyTo", "emailInfo.newDomainAge", "emailInfo.timeInCynicSandboxMs", and "incidents" to "additional.fields". - Mapped "emailInfo.subject" to "network.email.subject". - Mapped "emailInfo.envFrom" to "principal.user.email_addresses". - Mapped "emailInfo.headerFrom" to "network.email.from". - Mapped "emailInfo.envTo" to "network.email.to". - Mapped "emailInfo.headerTo" to "network.email.to". - Mapped "emailInfo.senderMailserver" to "principal.hostname". - Mapped "emailInfo.filesAndLinks" to about field. - Mapped file.urlCategories to about.labels. - Mapped file.urlRiskScore to about.labels. - Mapped "emailInfo.tlsInfo.tlsPolicy" to "network.tls.version". - Mapped "emailInfo.tlsInfo.tlsProtocol" to "network.tls.version_protocol". - Mapped "emailInfo.tlsInfo.tlsCipher" to "network.tls.cipher". - Mapped "emailInfo.senderIp" to "principal.ip". - Mapped "emailInfo.senderMailserver" to "network.tls.client.server_name". - Mapped "emailInfo.country" to "principal.location.country_or_region".

Date

Changes

2025-03-14

- Newly created parser.
- Mapped "emailInfo.xMsgRef" to "metadata.product_log_id".
- Mapped "emailInfo.longMsgRef", "emailInfo.messageId", "emailInfo.isOutbound", "emailInfo.HELOString", "emailInfo.authResults.raw_header", "emailInfo.authResults.dkim", "emailInfo.authResults.dkim_signing_domain", "emailInfo.authResults.spf", "emailInfo.authResults.dmarc", "emailInfo.authResults.dmarc_policy", "emailInfo.authResults.dmarc_override_action", "emailInfo.tlsInfo.tlsAdvertised", "emailInfo.tlsInfo.tlsUsed", "emailInfo.tlsInfo.tlsKeyLength", "emailInfo.tlsInfo.tlsFallbackReason", "emailInfo.tlsInfo.tlsForwardSecrecy", "emailInfo.tlsInfo.tlsNegotiationFailed", "emailInfo.messageSize", "emailInfo.avQuarantinePenId", "emailInfo.rawHeaderFrom", "emailInfo.headerReplyTo", "emailInfo.newDomainAge", "emailInfo.timeInCynicSandboxMs", and "incidents" to "additional.fields".
- Mapped "emailInfo.subject" to "network.email.subject".
- Mapped "emailInfo.envFrom" to "principal.user.email_addresses".
- Mapped "emailInfo.headerFrom" to "network.email.from".
- Mapped "emailInfo.envTo" to "network.email.to".
- Mapped "emailInfo.headerTo" to "network.email.to".
- Mapped "emailInfo.senderMailserver" to "principal.hostname".
- Mapped "emailInfo.filesAndLinks" to about field.
- Mapped file.urlCategories to about.labels.
- Mapped file.urlRiskScore to about.labels.
- Mapped "emailInfo.tlsInfo.tlsPolicy" to "network.tls.version".
- Mapped "emailInfo.tlsInfo.tlsProtocol" to "network.tls.version_protocol".
- Mapped "emailInfo.tlsInfo.tlsCipher" to "network.tls.cipher".
- Mapped "emailInfo.senderIp" to "principal.ip".
- Mapped "emailInfo.senderMailserver" to "network.tls.client.server_name".
- Mapped "emailInfo.country" to "principal.location.country_or_region".