Change log for TRENDMICRO_VISION_ONE_DETECTIONS

Date	Changes
2025-04-07	- Newly created parser. - "event.idm.read_only_udm.metadata.product_event_type": Newly mapped "eventType" and "eventName" raw log fields with "event.idm.read_only_udm.metadata.product_event_type" UDM field. - "event.idm.read_only_udm.metadata.product_version": Newly mapped "pver" raw log field with "event.idm.read_only_udm.metadata.product_version" UDM field. - "event.idm.read_only_udm.metadata.product_log_id": Newly mapped "msgUuid" and "uuid" raw log fields with "event.idm.read_only_udm.metadata.product_log_id" UDM field. - "event.idm.read_only_udm.metadata.event_timestamp": Newly mapped "eventTime" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field. - "event.idm.read_only_udm.metadata.collected_timestamp": Newly mapped "logReceivedTime" raw log field with "event.idm.read_only_udm.metadata.collected_timestamp" UDM field. - "event.idm.read_only_udm.principal.resource.attribute.labels": Newly mapped "uuid" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field. - "event.idm.read_only_udm.security_result.severity_details": Newly mapped "filterRiskLevel" raw log field with "event.idm.read_only_udm.security_result.severity_details" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "productCode", "application", "aptCampaigns", "appLabel", "eventID", "eventSubId", "clusterId", "clusterName", "k8sNamespace" raw log fields with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.metadata.product_name": Newly mapped "pname" raw log field with "event.idm.read_only_udm.metadata.product_name" UDM field. - "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname": Newly mapped "endpointHostName" and "dvchost" raw log fields with "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname" UDM fields. - "event.idm.read_only_udm.principal.mac" and "event.idm.read_only_udm.principal.asset.mac": Newly mapped "endpointMacAddress" and "deviceMacAddress" raw log fields with "event.idm.read_only_udm.principal.mac" and "event.idm.read_only_udm.principal.asset.mac" UDM fields. - "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip": Newly mapped "endpointIp" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip" UDM fields. - "event.idm.read_only_udm.principal.asset.asset_id": Newly mapped "endpointGUID", "deviceGUID", and "mDeviceGUID" raw log fields with "event.idm.read_only_udm.principal.asset.asset_id" UDM field. - "event.idm.read_only_udm.source.asset.asset_id": Newly mapped "senderGUID" raw log field with "event.idm.read_only_udm.source.asset.asset_id" UDM field. - "event.idm.read_only_udm.source.ip": Newly mapped "senderIp" and "mDevice" raw log fields with "event.idm.read_only_udm.source.ip" UDM field. - "event.idm.read_only_udm.principal.domain.name": Newly mapped "hostName", "userDomain", and "domainName" raw log fields with "event.idm.read_only_udm.principal.domain.name" UDM field. - "event.idm.read_only_udm.principal.administrative_domain": Newly mapped "computerDomain" raw log field with "event.idm.read_only_udm.principal.administrative_domain" UDM field. - "event.idm.read_only_udm.principal.asset.network_domain": Newly mapped "domainName" raw log field with "event.idm.read_only_udm.principal.asset.network_domain" UDM field. - "event.idm.read_only_udm.target.hostname": Newly mapped "interestedHost", "dhost" raw log fields with "event.idm.read_only_udm.target.hostname" UDM field. - "event.idm.read_only_udm.target.ip": Newly mapped "interestedIp", "objectIp", and "dst" raw log fields with "event.idm.read_only_udm.target.ip" UDM field. - "event.idm.read_only_udm.principal.user.userid" and "event.idm.read_only_udm.target.user.userid": Newly mapped "objectUser" raw log field with "event.idm.read_only_udm.principal.user.userid" and "event.idm.read_only_udm.target.user.userid" UDM fields. - "event.idm.read_only_udm.source.hostname": Newly mapped "shost" raw log field with "event.idm.read_only_udm.source.hostname" UDM field. - "event.idm.read_only_udm.source.platform_version": Newly mapped "sOSName" raw log field with "event.idm.read_only_udm.source.platform_version" UDM field. - "event.idm.read_only_udm.source.mac": Newly mapped "smac" raw log field with "event.idm.read_only_udm.source.mac" UDM field. - "event.idm.read_only_udm.target.platform_version": Newly mapped "dOSName" raw log field with "event.idm.read_only_udm.target.platform_version" UDM field. - "event.idm.read_only_udm.target.mac": Newly mapped "dmac" raw log field with "event.idm.read_only_udm.target.mac" UDM field. - "event.idm.read_only_udm.target.group.group_display_name": Newly mapped "dstGroup" raw log field with "event.idm.read_only_udm.target.group.group_display_name" UDM field. - "event.idm.read_only_udm.target.url": Newly mapped "request" raw log field with "event.idm.read_only_udm.target.url" UDM field. - "event.idm.read_only_udm.target.domain.name": Newly mapped "requestBase" raw log field with "event.idm.read_only_udm.target.domain.name" UDM field. - "event.idm.read_only_udm.security_result.category_details": Newly mapped "category" raw log field with "event.idm.read_only_udm.security_result.category_details" UDM field. - "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.source.ip": Newly mapped "src" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.source.ip" UDM fields. - "event.idm.read_only_udm.principal.ip": Newly mapped "peerIp" raw log field with "event.idm.read_only_udm.principal.ip" UDM field. - "event.idm.read_only_udm.principal.hostname": Newly mapped "peerHost" raw log field with "event.idm.read_only_udm.principal.hostname" UDM field. - "event.idm.read_only_udm.principal.asset.asset_id": Newly mapped "peerEndpointGUID" raw log field with "event.idm.read_only_udm.principal.asset.asset_id" UDM field. - "event.idm.read_only_udm.source.port": Newly mapped "spt" raw log field with "event.idm.read_only_udm.source.port" UDM field. - "event.idm.read_only_udm.target.port": Newly mapped "dpt" raw log field with "event.idm.read_only_udm.target.port" UDM field. - "event.idm.read_only_udm.source.file.names": Newly mapped "fileName", "compressedFileName" raw log fields with "event.idm.read_only_udm.source.file.names" UDM field. - "event.idm.read_only_udm.source.file.full_path": Newly mapped "fullPath", "srcFilePath", "filePathName" raw log fields with "event.idm.read_only_udm.source.file.full_path" UDM field. - "event.idm.read_only_udm.source.file.size": Newly mapped "fileSize", "compressedFileSize" raw log fields with "event.idm.read_only_udm.source.file.size" UDM field. - "event.idm.read_only_udm.source.file.sha1": Newly mapped "compressedFileHash", "srcFileHashSha1", "fileHash" raw log fields with "event.idm.read_only_udm.source.file.sha1" UDM field. - "event.idm.read_only_udm.source.file.sha256": Newly mapped "compressedFileHashSha256", "srcFileHashSha256", "fileHashSha256" raw log fields with "event.idm.read_only_udm.source.file.sha256" UDM field. - "event.idm.read_only_udm.source.file.mime_type": Newly mapped "compressedFileType" raw log field with "event.idm.read_only_udm.source.file.mime_type" UDM field. - "event.idm.read_only_udm.source.file.md5": Newly mapped "srcFileHashMd5" raw log field with "event.idm.read_only_udm.source.file.md5" UDM field. - "event.idm.read_only_udm.target.file.names": Newly mapped "objectFileName" raw log field with "event.idm.read_only_udm.target.file.names" UDM field. - "event.idm.read_only_udm.target.file.full_path": Newly mapped "objectFilePath" raw log field with "event.idm.read_only_udm.target.file.full_path" UDM field. - "event.idm.read_only_udm.target.file.sha1": Newly mapped "objectFileHashSha1" raw log field with "event.idm.read_only_udm.target.file.sha1" UDM field. - "event.idm.read_only_udm.target.file.sha256": Newly mapped "objectFileHashSha256" raw log field with "event.idm.read_only_udm.target.file.sha256" UDM field. - "event.idm.read_only_udm.target.file.md5": Newly mapped "objectFileHashMd5" raw log field with "event.idm.read_only_udm.target.file.md5" UDM field. - "event.idm.read_only_udm.about.file.names": Newly mapped "attachmentFileName" raw log field with "event.idm.read_only_udm.about.file.names" UDM field. - "event.idm.read_only_udm.about.file.size": Newly mapped "attachmentFileSize" raw log field with "event.idm.read_only_udm.about.file.size" UDM field. - "event.idm.read_only_udm.about.file.sha1": Newly mapped "attachmentFileHash", "attachmentFileHashSha1" raw log fields with "event.idm.read_only_udm.about.file.sha1" UDM field. - "event.idm.read_only_udm.about.file.sha256": Newly mapped "attachmentFileHashSha256" raw log field with "event.idm.read_only_udm.about.file.sha256" UDM field. - "event.idm.read_only_udm.about.file.md5": Newly mapped "attachmentFileHashMd5" raw log field with "event.idm.read_only_udm.about.file.md5" UDM field. - "event.idm.read_only_udm.principal.process.integrity_level_rid": Newly mapped "integrityLevel" raw log field with "event.idm.read_only_udm.principal.process.integrity_level_rid" UDM field. - "event.idm.read_only_udm.principal.process.command_line": Newly mapped "processCmd" raw log field with "event.idm.read_only_udm.principal.process.command_line" UDM field. - "event.idm.read_only_udm.principal.process.file.md5": Newly mapped "processFileHashMd5" raw log field with "event.idm.read_only_udm.principal.process.file.md5" UDM field. - "event.idm.read_only_udm.principal.process.file.sha1": Newly mapped "processFileHashSha1" raw log field with "event.idm.read_only_udm.principal.process.file.sha1" UDM field. - "event.idm.read_only_udm.principal.process.file.sha256": Newly mapped "processFileHashSha256" raw log field with "event.idm.read_only_udm.principal.process.file.sha256" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.command_line": Newly mapped "parentCmd" raw log field with "event.idm.read_only_udm.principal.process.parent_process.command_line" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.file.full_path": Newly mapped "parentFilePath" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.full_path" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.file.names": Newly mapped "parentName" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.names" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.pid": Newly mapped "parentPid" raw log field with "event.idm.read_only_udm.principal.process.parent_process.pid" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.file.md5": Newly mapped "parentFileHashMd5" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.md5" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.file.sha1": Newly mapped "parentFileHashSha1" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.sha1" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.file.sha256": Newly mapped "parentFileHashSha256" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.sha256" UDM field. - "event.idm.read_only_udm.principal.process.parent_process.integrity_level_rid": Newly mapped "parentIntegrityLevel" raw log field with "event.idm.read_only_udm.principal.process.parent_process.integrity_level_rid" UDM field. - "event.idm.read_only_udm.target.process.command_line": Newly mapped "objectCmd" raw log field with "event.idm.read_only_udm.target.process.command_line" UDM field. - "event.idm.read_only_udm.target.process.pid": Newly mapped "objectPid" raw log field with "event.idm.read_only_udm.target.process.pid" UDM field. - "event.idm.read_only_udm.target.process.file.full_path": Newly mapped "objectTargetProcess" raw log field with "event.idm.read_only_udm.target.process.file.full_path" UDM field. - "event.idm.read_only_udm.principal.process.file.full_path": Newly mapped "processFilePath", "processImagePath" raw log fields with "event.idm.read_only_udm.principal.process.file.full_path" UDM field. - "event.idm.read_only_udm.principal.process.file.names": Newly mapped "processName" raw log field with "event.idm.read_only_udm.principal.process.file.names" UDM field. - "event.idm.read_only_udm.principal.process.pid": Newly mapped "processPid" raw log field with "event.idm.read_only_udm.principal.process.pid" UDM field. - "event.idm.read_only_udm.target.registry.registry_value_data": Newly mapped "objectRegistryData" raw log field with "event.idm.read_only_udm.target.registry.registry_value_data" UDM field. - "event.idm.read_only_udm.target.registry.registry_key": Newly mapped "objectRegistryKeyHandle" raw log field with "event.idm.read_only_udm.target.registry.registry_key" UDM field. - "event.idm.read_only_udm.target.registry.registry_value_name": Newly mapped "objectRegistryValue" raw log field with "event.idm.read_only_udm.target.registry.registry_value_name" UDM field. - "event.idm.read_only_udm.network.email.from": Newly mapped "suser.0" raw log field with "event.idm.read_only_udm.network.email.from" UDM field. - "event.idm.read_only_udm.network.email.to": Newly mapped "duser" raw log field with "event.idm.read_only_udm.network.email.to" UDM field. - "event.idm.read_only_udm.network.email.subject": Newly mapped "mailMsgSubject", "highlightMailMsgSubject" raw log fields with "event.idm.read_only_udm.network.email.subject" UDM field. - "event.idm.read_only_udm.network.email.mail_id": Newly mapped "msgId" raw log field with "event.idm.read_only_udm.network.email.mail_id" UDM field. - "event.idm.read_only_udm.security_result.about.email": Newly mapped "mailbox" raw log field with "event.idm.read_only_udm.security_result.about.email" UDM field. - "event.idm.read_only_udm.network.smtp.mail_from": Newly mapped "mailSmtpFromAddresses" raw log field with "event.idm.read_only_udm.network.smtp.mail_from" UDM field. - "event.idm.read_only_udm.network.smtp.rcpt_to": Newly mapped "mailSmtpRecipients" raw log field with "event.idm.read_only_udm.network.smtp.rcpt_to" UDM field. - "event.idm.read_only_udm.network.smtp.is_tls": Newly mapped "mailSmtpTls" raw log field with "event.idm.read_only_udm.network.smtp.is_tls" UDM field. - "event.idm.read_only_udm.network.http.method": Newly mapped "requestMethod" raw log field with "event.idm.read_only_udm.network.http.method" UDM field. - "event.idm.read_only_udm.network.http.referral_url": Newly mapped "httpReferer" raw log field with "event.idm.read_only_udm.network.http.referral_url" UDM field. - "event.idm.read_only_udm.network.http.response_code": Newly mapped "respCode" raw log field with "event.idm.read_only_udm.network.http.response_code" UDM field. - "event.idm.read_only_udm.security_result.attack_details.techniques.id": Newly mapped "techniqueId" raw log field with "event.idm.read_only_udm.security_result.attack_details.techniques.id" UDM field. - "event.idm.read_only_udm.security_result.attack_details.tactics.id": Newly mapped "tacticId" raw log field with "event.idm.read_only_udm.security_result.attack_details.tactics.id" UDM field. - "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id": Newly mapped "cve" raw log field with "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id" UDM field. - "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id": Newly mapped "cves" raw log field with "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id" UDM field. - "event.idm.read_only_udm.security_result.rule_name": Newly mapped "ruleName" raw log field with "event.idm.read_only_udm.security_result.rule_name" UDM field. - "event.idm.read_only_udm.security_result.rule_type": Newly mapped "ruleType" raw log field with "event.idm.read_only_udm.security_result.rule_type" UDM field. - "event.idm.read_only_udm.security_result.rule_id": Newly mapped "ruleId" raw log field with "event.idm.read_only_udm.security_result.rule_id" UDM field. - "event.idm.read_only_udm.security_result.rule_version": Newly mapped "ruleVer" raw log field with "event.idm.read_only_udm.security_result.rule_version" UDM field. - "event.idm.read_only_udm.security_result.threat_name": Newly mapped "threatName", "malName", and "threatNames" raw log fields with "event.idm.read_only_udm.security_result.threat_name" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "subRuleId", "subRuleName", "detectionType", "detectionName", "malFamily", "malType", "malSubType", and "riskLevel" raw log fields with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.security_result.risk_score": Newly mapped "score" raw log field with "event.idm.read_only_udm.security_result.risk_score" UDM field. - "event.idm.read_only_udm.security_result.action_details": Newly mapped "act" raw log field with "event.idm.read_only_udm.security_result.action_details" UDM field. - "event.idm.read_only_udm.principal.user.department": Newly mapped "userDepartment" raw log field with "event.idm.read_only_udm.principal.user.department" UDM field. - "event.idm.read_only_udm.principal.user.userid": Newly mapped "principalName", "logonUsers" raw log fields with "event.idm.read_only_udm.principal.user.userid" UDM field. - "event.idm.read_only_udm.principal.asset.hardware.model": Newly mapped "endpointModel" and "deviceModel" raw log fields with "event.idm.read_only_udm.principal.asset.hardware.model" UDM field.

Date

Changes

2025-04-07

- Newly created parser.
- "event.idm.read_only_udm.metadata.product_event_type": Newly mapped "eventType" and "eventName" raw log fields with "event.idm.read_only_udm.metadata.product_event_type" UDM field.
- "event.idm.read_only_udm.metadata.product_version": Newly mapped "pver" raw log field with "event.idm.read_only_udm.metadata.product_version" UDM field.
- "event.idm.read_only_udm.metadata.product_log_id": Newly mapped "msgUuid" and "uuid" raw log fields with "event.idm.read_only_udm.metadata.product_log_id" UDM field.
- "event.idm.read_only_udm.metadata.event_timestamp": Newly mapped "eventTime" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field.
- "event.idm.read_only_udm.metadata.collected_timestamp": Newly mapped "logReceivedTime" raw log field with "event.idm.read_only_udm.metadata.collected_timestamp" UDM field.
- "event.idm.read_only_udm.principal.resource.attribute.labels": Newly mapped "uuid" raw log field with "event.idm.read_only_udm.principal.resource.attribute.labels" UDM field.
- "event.idm.read_only_udm.security_result.severity_details": Newly mapped "filterRiskLevel" raw log field with "event.idm.read_only_udm.security_result.severity_details" UDM field.
- "event.idm.read_only_udm.additional.fields": Newly mapped "productCode", "application", "aptCampaigns", "appLabel", "eventID", "eventSubId", "clusterId", "clusterName", "k8sNamespace" raw log fields with "event.idm.read_only_udm.additional.fields" UDM field.
- "event.idm.read_only_udm.metadata.product_name": Newly mapped "pname" raw log field with "event.idm.read_only_udm.metadata.product_name" UDM field.
- "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname": Newly mapped "endpointHostName" and "dvchost" raw log fields with "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname" UDM fields.
- "event.idm.read_only_udm.principal.mac" and "event.idm.read_only_udm.principal.asset.mac": Newly mapped "endpointMacAddress" and "deviceMacAddress" raw log fields with "event.idm.read_only_udm.principal.mac" and "event.idm.read_only_udm.principal.asset.mac" UDM fields.
- "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip": Newly mapped "endpointIp" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip" UDM fields.
- "event.idm.read_only_udm.principal.asset.asset_id": Newly mapped "endpointGUID", "deviceGUID", and "mDeviceGUID" raw log fields with "event.idm.read_only_udm.principal.asset.asset_id" UDM field.
- "event.idm.read_only_udm.source.asset.asset_id": Newly mapped "senderGUID" raw log field with "event.idm.read_only_udm.source.asset.asset_id" UDM field.
- "event.idm.read_only_udm.source.ip": Newly mapped "senderIp" and "mDevice" raw log fields with "event.idm.read_only_udm.source.ip" UDM field.
- "event.idm.read_only_udm.principal.domain.name": Newly mapped "hostName", "userDomain", and "domainName" raw log fields with "event.idm.read_only_udm.principal.domain.name" UDM field.
- "event.idm.read_only_udm.principal.administrative_domain": Newly mapped "computerDomain" raw log field with "event.idm.read_only_udm.principal.administrative_domain" UDM field.
- "event.idm.read_only_udm.principal.asset.network_domain": Newly mapped "domainName" raw log field with "event.idm.read_only_udm.principal.asset.network_domain" UDM field.
- "event.idm.read_only_udm.target.hostname": Newly mapped "interestedHost", "dhost" raw log fields with "event.idm.read_only_udm.target.hostname" UDM field.
- "event.idm.read_only_udm.target.ip": Newly mapped "interestedIp", "objectIp", and "dst" raw log fields with "event.idm.read_only_udm.target.ip" UDM field.
- "event.idm.read_only_udm.principal.user.userid" and "event.idm.read_only_udm.target.user.userid": Newly mapped "objectUser" raw log field with "event.idm.read_only_udm.principal.user.userid" and "event.idm.read_only_udm.target.user.userid" UDM fields.
- "event.idm.read_only_udm.source.hostname": Newly mapped "shost" raw log field with "event.idm.read_only_udm.source.hostname" UDM field.
- "event.idm.read_only_udm.source.platform_version": Newly mapped "sOSName" raw log field with "event.idm.read_only_udm.source.platform_version" UDM field.
- "event.idm.read_only_udm.source.mac": Newly mapped "smac" raw log field with "event.idm.read_only_udm.source.mac" UDM field.
- "event.idm.read_only_udm.target.platform_version": Newly mapped "dOSName" raw log field with "event.idm.read_only_udm.target.platform_version" UDM field.
- "event.idm.read_only_udm.target.mac": Newly mapped "dmac" raw log field with "event.idm.read_only_udm.target.mac" UDM field.
- "event.idm.read_only_udm.target.group.group_display_name": Newly mapped "dstGroup" raw log field with "event.idm.read_only_udm.target.group.group_display_name" UDM field.
- "event.idm.read_only_udm.target.url": Newly mapped "request" raw log field with "event.idm.read_only_udm.target.url" UDM field.
- "event.idm.read_only_udm.target.domain.name": Newly mapped "requestBase" raw log field with "event.idm.read_only_udm.target.domain.name" UDM field.
- "event.idm.read_only_udm.security_result.category_details": Newly mapped "category" raw log field with "event.idm.read_only_udm.security_result.category_details" UDM field.
- "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.source.ip": Newly mapped "src" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.source.ip" UDM fields.
- "event.idm.read_only_udm.principal.ip": Newly mapped "peerIp" raw log field with "event.idm.read_only_udm.principal.ip" UDM field.
- "event.idm.read_only_udm.principal.hostname": Newly mapped "peerHost" raw log field with "event.idm.read_only_udm.principal.hostname" UDM field.
- "event.idm.read_only_udm.principal.asset.asset_id": Newly mapped "peerEndpointGUID" raw log field with "event.idm.read_only_udm.principal.asset.asset_id" UDM field.
- "event.idm.read_only_udm.source.port": Newly mapped "spt" raw log field with "event.idm.read_only_udm.source.port" UDM field.
- "event.idm.read_only_udm.target.port": Newly mapped "dpt" raw log field with "event.idm.read_only_udm.target.port" UDM field.
- "event.idm.read_only_udm.source.file.names": Newly mapped "fileName", "compressedFileName" raw log fields with "event.idm.read_only_udm.source.file.names" UDM field.
- "event.idm.read_only_udm.source.file.full_path": Newly mapped "fullPath", "srcFilePath", "filePathName" raw log fields with "event.idm.read_only_udm.source.file.full_path" UDM field.
- "event.idm.read_only_udm.source.file.size": Newly mapped "fileSize", "compressedFileSize" raw log fields with "event.idm.read_only_udm.source.file.size" UDM field.
- "event.idm.read_only_udm.source.file.sha1": Newly mapped "compressedFileHash", "srcFileHashSha1", "fileHash" raw log fields with "event.idm.read_only_udm.source.file.sha1" UDM field.
- "event.idm.read_only_udm.source.file.sha256": Newly mapped "compressedFileHashSha256", "srcFileHashSha256", "fileHashSha256" raw log fields with "event.idm.read_only_udm.source.file.sha256" UDM field.
- "event.idm.read_only_udm.source.file.mime_type": Newly mapped "compressedFileType" raw log field with "event.idm.read_only_udm.source.file.mime_type" UDM field.
- "event.idm.read_only_udm.source.file.md5": Newly mapped "srcFileHashMd5" raw log field with "event.idm.read_only_udm.source.file.md5" UDM field.
- "event.idm.read_only_udm.target.file.names": Newly mapped "objectFileName" raw log field with "event.idm.read_only_udm.target.file.names" UDM field.
- "event.idm.read_only_udm.target.file.full_path": Newly mapped "objectFilePath" raw log field with "event.idm.read_only_udm.target.file.full_path" UDM field.
- "event.idm.read_only_udm.target.file.sha1": Newly mapped "objectFileHashSha1" raw log field with "event.idm.read_only_udm.target.file.sha1" UDM field.
- "event.idm.read_only_udm.target.file.sha256": Newly mapped "objectFileHashSha256" raw log field with "event.idm.read_only_udm.target.file.sha256" UDM field.
- "event.idm.read_only_udm.target.file.md5": Newly mapped "objectFileHashMd5" raw log field with "event.idm.read_only_udm.target.file.md5" UDM field.
- "event.idm.read_only_udm.about.file.names": Newly mapped "attachmentFileName" raw log field with "event.idm.read_only_udm.about.file.names" UDM field.
- "event.idm.read_only_udm.about.file.size": Newly mapped "attachmentFileSize" raw log field with "event.idm.read_only_udm.about.file.size" UDM field.
- "event.idm.read_only_udm.about.file.sha1": Newly mapped "attachmentFileHash", "attachmentFileHashSha1" raw log fields with "event.idm.read_only_udm.about.file.sha1" UDM field.
- "event.idm.read_only_udm.about.file.sha256": Newly mapped "attachmentFileHashSha256" raw log field with "event.idm.read_only_udm.about.file.sha256" UDM field.
- "event.idm.read_only_udm.about.file.md5": Newly mapped "attachmentFileHashMd5" raw log field with "event.idm.read_only_udm.about.file.md5" UDM field.
- "event.idm.read_only_udm.principal.process.integrity_level_rid": Newly mapped "integrityLevel" raw log field with "event.idm.read_only_udm.principal.process.integrity_level_rid" UDM field.
- "event.idm.read_only_udm.principal.process.command_line": Newly mapped "processCmd" raw log field with "event.idm.read_only_udm.principal.process.command_line" UDM field.
- "event.idm.read_only_udm.principal.process.file.md5": Newly mapped "processFileHashMd5" raw log field with "event.idm.read_only_udm.principal.process.file.md5" UDM field.
- "event.idm.read_only_udm.principal.process.file.sha1": Newly mapped "processFileHashSha1" raw log field with "event.idm.read_only_udm.principal.process.file.sha1" UDM field.
- "event.idm.read_only_udm.principal.process.file.sha256": Newly mapped "processFileHashSha256" raw log field with "event.idm.read_only_udm.principal.process.file.sha256" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.command_line": Newly mapped "parentCmd" raw log field with "event.idm.read_only_udm.principal.process.parent_process.command_line" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.file.full_path": Newly mapped "parentFilePath" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.full_path" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.file.names": Newly mapped "parentName" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.names" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.pid": Newly mapped "parentPid" raw log field with "event.idm.read_only_udm.principal.process.parent_process.pid" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.file.md5": Newly mapped "parentFileHashMd5" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.md5" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.file.sha1": Newly mapped "parentFileHashSha1" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.sha1" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.file.sha256": Newly mapped "parentFileHashSha256" raw log field with "event.idm.read_only_udm.principal.process.parent_process.file.sha256" UDM field.
- "event.idm.read_only_udm.principal.process.parent_process.integrity_level_rid": Newly mapped "parentIntegrityLevel" raw log field with "event.idm.read_only_udm.principal.process.parent_process.integrity_level_rid" UDM field.
- "event.idm.read_only_udm.target.process.command_line": Newly mapped "objectCmd" raw log field with "event.idm.read_only_udm.target.process.command_line" UDM field.
- "event.idm.read_only_udm.target.process.pid": Newly mapped "objectPid" raw log field with "event.idm.read_only_udm.target.process.pid" UDM field.
- "event.idm.read_only_udm.target.process.file.full_path": Newly mapped "objectTargetProcess" raw log field with "event.idm.read_only_udm.target.process.file.full_path" UDM field.
- "event.idm.read_only_udm.principal.process.file.full_path": Newly mapped "processFilePath", "processImagePath" raw log fields with "event.idm.read_only_udm.principal.process.file.full_path" UDM field.
- "event.idm.read_only_udm.principal.process.file.names": Newly mapped "processName" raw log field with "event.idm.read_only_udm.principal.process.file.names" UDM field.
- "event.idm.read_only_udm.principal.process.pid": Newly mapped "processPid" raw log field with "event.idm.read_only_udm.principal.process.pid" UDM field.
- "event.idm.read_only_udm.target.registry.registry_value_data": Newly mapped "objectRegistryData" raw log field with "event.idm.read_only_udm.target.registry.registry_value_data" UDM field.
- "event.idm.read_only_udm.target.registry.registry_key": Newly mapped "objectRegistryKeyHandle" raw log field with "event.idm.read_only_udm.target.registry.registry_key" UDM field.
- "event.idm.read_only_udm.target.registry.registry_value_name": Newly mapped "objectRegistryValue" raw log field with "event.idm.read_only_udm.target.registry.registry_value_name" UDM field.
- "event.idm.read_only_udm.network.email.from": Newly mapped "suser.0" raw log field with "event.idm.read_only_udm.network.email.from" UDM field.
- "event.idm.read_only_udm.network.email.to": Newly mapped "duser" raw log field with "event.idm.read_only_udm.network.email.to" UDM field.
- "event.idm.read_only_udm.network.email.subject": Newly mapped "mailMsgSubject", "highlightMailMsgSubject" raw log fields with "event.idm.read_only_udm.network.email.subject" UDM field.
- "event.idm.read_only_udm.network.email.mail_id": Newly mapped "msgId" raw log field with "event.idm.read_only_udm.network.email.mail_id" UDM field.
- "event.idm.read_only_udm.security_result.about.email": Newly mapped "mailbox" raw log field with "event.idm.read_only_udm.security_result.about.email" UDM field.
- "event.idm.read_only_udm.network.smtp.mail_from": Newly mapped "mailSmtpFromAddresses" raw log field with "event.idm.read_only_udm.network.smtp.mail_from" UDM field.
- "event.idm.read_only_udm.network.smtp.rcpt_to": Newly mapped "mailSmtpRecipients" raw log field with "event.idm.read_only_udm.network.smtp.rcpt_to" UDM field.
- "event.idm.read_only_udm.network.smtp.is_tls": Newly mapped "mailSmtpTls" raw log field with "event.idm.read_only_udm.network.smtp.is_tls" UDM field.
- "event.idm.read_only_udm.network.http.method": Newly mapped "requestMethod" raw log field with "event.idm.read_only_udm.network.http.method" UDM field.
- "event.idm.read_only_udm.network.http.referral_url": Newly mapped "httpReferer" raw log field with "event.idm.read_only_udm.network.http.referral_url" UDM field.
- "event.idm.read_only_udm.network.http.response_code": Newly mapped "respCode" raw log field with "event.idm.read_only_udm.network.http.response_code" UDM field.
- "event.idm.read_only_udm.security_result.attack_details.techniques.id": Newly mapped "techniqueId" raw log field with "event.idm.read_only_udm.security_result.attack_details.techniques.id" UDM field.
- "event.idm.read_only_udm.security_result.attack_details.tactics.id": Newly mapped "tacticId" raw log field with "event.idm.read_only_udm.security_result.attack_details.tactics.id" UDM field.
- "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id": Newly mapped "cve" raw log field with "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id" UDM field.
- "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id": Newly mapped "cves" raw log field with "event.idm.read_only_udm.principal.asset.vulnerabilities.cve_id" UDM field.
- "event.idm.read_only_udm.security_result.rule_name": Newly mapped "ruleName" raw log field with "event.idm.read_only_udm.security_result.rule_name" UDM field.
- "event.idm.read_only_udm.security_result.rule_type": Newly mapped "ruleType" raw log field with "event.idm.read_only_udm.security_result.rule_type" UDM field.
- "event.idm.read_only_udm.security_result.rule_id": Newly mapped "ruleId" raw log field with "event.idm.read_only_udm.security_result.rule_id" UDM field.
- "event.idm.read_only_udm.security_result.rule_version": Newly mapped "ruleVer" raw log field with "event.idm.read_only_udm.security_result.rule_version" UDM field.
- "event.idm.read_only_udm.security_result.threat_name": Newly mapped "threatName", "malName", and "threatNames" raw log fields with "event.idm.read_only_udm.security_result.threat_name" UDM field.
- "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "subRuleId", "subRuleName", "detectionType", "detectionName", "malFamily", "malType", "malSubType", and "riskLevel" raw log fields with "event.idm.read_only_udm.security_result.detection_fields" UDM field.
- "event.idm.read_only_udm.security_result.risk_score": Newly mapped "score" raw log field with "event.idm.read_only_udm.security_result.risk_score" UDM field.
- "event.idm.read_only_udm.security_result.action_details": Newly mapped "act" raw log field with "event.idm.read_only_udm.security_result.action_details" UDM field.
- "event.idm.read_only_udm.principal.user.department": Newly mapped "userDepartment" raw log field with "event.idm.read_only_udm.principal.user.department" UDM field.
- "event.idm.read_only_udm.principal.user.userid": Newly mapped "principalName", "logonUsers" raw log fields with "event.idm.read_only_udm.principal.user.userid" UDM field.
- "event.idm.read_only_udm.principal.asset.hardware.model": Newly mapped "endpointModel" and "deviceModel" raw log fields with "event.idm.read_only_udm.principal.asset.hardware.model" UDM field.