Change log for TRENDMICRO_APEX_ONE
| Date | Changes |
|---|---|
| 2025-08-13 | Enhancement:
- event.idm.read_only_udm.about.file.full_path: Newly mapped `fname` raw log field with `event.idm.read_only_udm.about.file.full_path` UDM field. - event.idm.read_only_udm.about.file.full_path: Removed mapping of `fname` from `event.idm.read_only_udm.about.file.full_path` UDM field. Added previously for the particular customer, now moved the same to conf file. |
| 2025-08-08 | Enhancement:
- event.idm.read_only_udm.about.file.full_path: Newly mapped `fname` raw log field with `event.idm.read_only_udm.about.file.full_path` UDM field. |
| 2025-08-05 | Enhancement:
- Added a grok pattern to parse `intermediary.ip`. - `event.idm.read_only_udm.additional.fields`: Newly mapped `priority` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - `intermediary.ip` and `intermediary.asset.ip`: Newly mapped `inter_ip` raw log field with `intermediary.ip` and `intermediary.asset.ip` UDM field. - `event.idm.read_only_udm.intermediary`: Newly mapped `intermediary` raw log field with `event.idm.read_only_udm.intermediary` UDM field. |
| 2025-07-22 | Enhancement:
- event.idm.read_only_udm.target.file.sha1: Newly mapped `fileHash` raw log field with `event.idm.read_only_udm.target.file.sha1` UDM field. - event.idm.read_only_udm.about.file.full_path: Removed mapping of `fileHash` from `event.idm.read_only_udm.about.file.full_path` UDM field. As it is more suitable to be mapped to `event.idm.read_only_udm.target.file.sha1`. - event.idm.read_only_udm.security_result.action_details: Newly mapped `cs5` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field when `cs5Label` is `ActionResult`. |
| 2024-09-05 | Enhancement:
- If "act" is "1" or "3" or "7" or "4", then set "security_result.action" to "ALLOW". - If "act" is "2", then set "security_result.action" to "BLOCK". - If "act" is "5" or "6", then set "security_result.action" to "QUARANTINE". - If "act" is "8", then set "security_result.action" to "ALLOW_WITH_MODIFICATION". |
| 2024-07-30 | Enhancement:
- Added support to handle JSON logs. |
| 2023-12-18 | - Newly created parser.
|