Change log for VARONIS
Date | Changes |
---|---|
2025-02-06 | - Added a new Grok pattern for "LEEF" log type.
- Mapped "description" to "metadata.description". - Mapped "usrName" to "principal.user.userid". - Mapped "Event_Type" to "metadata.product_event_type". - Mapped "domain" to "prinicipal.administrative_domain". - Mapped "proto", "cat", "Event_Additional_Data", "Event_Status", "Email_Attachment_Name", "Email_Date", "Account_of_Changed_Permissions", "Permissions_Changes", "Permissions_before_Change", and "Permissions_after_Change" to "additional.fields". - Mapped "Affected_Object_Path" to "taregt.file.full_path". - Mapped "Affected_Object" to "security_result.detection_fields". - Mapped "src" to "principal.ip" and "principal.assest.ip". - Mapped "Alert_ID" to "security_result.rule_id". - Mapped "Email_Recipients" to "network.email.to". - Mapped "Email_Item", "Mailbox_Access_by_Owner", "Threshold_Value", "Threshold_First_Timestamp", "Event_by_MailboxOwner", and "Email_Sender" to "additional.fields". - Mapped "Email_Sender" to "network.email.from". - Mapped "accountName" to "target.user.userid". - Mapped "Device_Name" to "taregt.hostname" and taregt.asset.hostname". - Mapped "Event_Type_ID" to "metadata.product_log_id". - Mapped "Event_File_Server_Domain" to "target.administrative_domain". - Mapped "Alert_Page_URL" to "taregt.url". - Mapped "devTime" to "metadata.event_timestamp". - Mapped "sev" to "security_result.severity". |
2022-10-08 | - Added grok pattern for "LEEF" log type.
- Mapped "severity" to "security_result.severity". - Mapped "device_version" to "metadata.product_version". - Mapped "administrative_domain" to "target.administrative_domain" - Added conditional check for "intermediary_host". |
2022-10-07 | Bug-Fix:
- Mapped "rt" to "metadata.event_timestamp" if "rt" is not null. |