Change log for TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES

Date	Changes
2025-04-07	- Newly created parser. - "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname": Newly mapped "endpoint.name" raw log field with "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname" UDM field. - "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip": Newly mapped "endpoint.ips" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip" UDM field. - "event.idm.read_only_udm.principal.user.userid": Newly mapped "entityName" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field when "entityType" is "identity". - "event.idm.read_only_udm.security_result.rule_id": Newly mapped "filters.id" raw log field with "event.idm.read_only_udm.security_result.rule_id" UDM field. - "event.idm.read_only_udm.security_result.rule_name": Newly mapped "filters.name" raw log field with "event.idm.read_only_udm.security_result.rule_name" UDM field. - "event.idm.read_only_udm.security_result.description": Newly mapped "filters.description" raw log field with "event.idm.read_only_udm.security_result.description" UDM field. - "event.idm.read_only_udm.security_result.severity": Newly mapped "filters.level" raw log field with "event.idm.read_only_udm.security_result.severity" UDM field. - "event.idm.read_only_udm.security_result.attack_details.tactics": Newly mapped "filters.tactics" raw log field with "event.idm.read_only_udm.security_result.attack_details.tactics" UDM field. - "event.idm.read_only_udm.security_result.attack_details.techniques": Newly mapped "filters.techniques" raw log field with "event.idm.read_only_udm.security_result.attack_details.techniques" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "filters.highlightedObjects.field" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "filters.highlightedObjects.type" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "filters.highlightedObjects.value" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "detail" raw log field with "event.idm.read_only_udm.additional.fields" UDM field.

Date

Changes

2025-04-07

- Newly created parser.
- "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname": Newly mapped "endpoint.name" raw log field with "event.idm.read_only_udm.principal.hostname" and "event.idm.read_only_udm.principal.asset.hostname" UDM field.
- "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip": Newly mapped "endpoint.ips" raw log field with "event.idm.read_only_udm.principal.ip" and "event.idm.read_only_udm.principal.asset.ip" UDM field.
- "event.idm.read_only_udm.principal.user.userid": Newly mapped "entityName" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field when "entityType" is "identity".
- "event.idm.read_only_udm.security_result.rule_id": Newly mapped "filters.id" raw log field with "event.idm.read_only_udm.security_result.rule_id" UDM field.
- "event.idm.read_only_udm.security_result.rule_name": Newly mapped "filters.name" raw log field with "event.idm.read_only_udm.security_result.rule_name" UDM field.
- "event.idm.read_only_udm.security_result.description": Newly mapped "filters.description" raw log field with "event.idm.read_only_udm.security_result.description" UDM field.
- "event.idm.read_only_udm.security_result.severity": Newly mapped "filters.level" raw log field with "event.idm.read_only_udm.security_result.severity" UDM field.
- "event.idm.read_only_udm.security_result.attack_details.tactics": Newly mapped "filters.tactics" raw log field with "event.idm.read_only_udm.security_result.attack_details.tactics" UDM field.
- "event.idm.read_only_udm.security_result.attack_details.techniques": Newly mapped "filters.techniques" raw log field with "event.idm.read_only_udm.security_result.attack_details.techniques" UDM field.
- "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "filters.highlightedObjects.field" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field.
- "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "filters.highlightedObjects.type" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field.
- "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "filters.highlightedObjects.value" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field.
- "event.idm.read_only_udm.additional.fields": Newly mapped "detail" raw log field with "event.idm.read_only_udm.additional.fields" UDM field.