Change log for TRENDMICRO_VISION_ONE
| Date | Changes |
|---|---|
| 2025-02-11 | Enhancement:
- When "object_field" is "parentCmd", it is mapped to "principal.process.command_line". - When "object_field" is "parentFilePath", it is mapped to "principal.process.file.full_path". - Removed "principal.process.command_line" and "principal.process.file.full_path" when "object_field" is "processCmd". |
| 2025-01-31 | Enhancement:
- When "object_field" is "processCmd" mapped to "principal.process.command_line" and "principal.process.file.full_path". - When "object_field" is "malName" mapped to "security_result.threat_name". - When "object_field" is "actResult" mapped to "security_result.action_details" and "security_result.action". |
| 2025-01-24 | Enhancement:
- Removed mappings for "target". - Mapped "detail.eventSubId" should be mapped from "metadata.product_event_type" - Mapped "endpoint.guid" and "detail.endpointGuid" to "principal.asset_id" and "principal.asset.asset_id" - Mapped "detail.uuid" to "metadata.product_log_id" - Mapped "filters.0.unique_id" to "security_result.rule_id" - Mapped "filters.0.name" to "security_result.summary" - Mapped "filters.0.id" to "security_result.rule_name" |
| 2025-01-17 | Enhancement:
- Removed mapping of "highlightedObjects" to "additional.fields" and mapped them to respective "process" and "file" fields. |
| 2024-12-06 | Enhancement:
- Added date match pattern for firstSeen, createdDateTime, and lastSeen. |
| 2024-11-15 | Enhancement:
- Added support for dropped logs. |
| 2024-11-04 | Enhancement:
- When "severity" value is "info", then mapped "security_result.severity" to "INFORMATIONAL". - Added support for IPv6 logs. |
| 2024-10-10 | Enhancement:
- Mapped "detectionTime" to "metadata.event_timestamp". |
| 2024-10-03 | Enhancement:
- Added support for new pattern of JSON logs. - Changed mapping of "details.ipAddr" from "principal.ip" and "principal.asset.ip" to "target.ip" and "target.asset.ip". |
| 2024-08-15 | Enhancement:
- Added support for new pattern of JSON logs. |
| 2024-08-01 | Enhancement:
- Initialized "about" to null and added a check before merging. |
| 2024-05-24 | Enhancement:
- Added support for the new pattern of JSON logs. |
| 2024-05-13 | Enhancement:
- Added support for JSON logs. |
| 2023-03-24 | Newly created parser.
|