Change log for WINDOWS_DEFENDER_AV
| Date | Changes |
|---|---|
| 2025-02-27 | Enhancement -
- Added "gsub" to parse unparsed logs. - Changed mapping of "Path" from "target.process.file.full_path" to "target.registry.registry_key". - Added a conditional check when mapping "event_type" to "SCAN_HOST", "SCAN_FILE", and "GENERIC_EVENT". |
| 2025-02-14 | Enhancement -
- Added support for new JSON log format. |
| 2024-01-30 | Bug-Fix -
- Added "on_error" check for date filter to parse UNIX and UNIX_MS format. |
| 2023-09-04 | Bug-Fix -
- Parsed date by adding 'rebase' as 'true'. - Additionally mapped the following fields: - 'UserID' is mapped to 'principal.user.userid'. - 'Category Name' mapped to 'security_result.category_details'. - 'ProviderGuid' mapped to 'metadata.product_deployment_id'. - 'RecordNumber' mapped to 'metadata.product_log_id'. - 'ActivityID' mapped to 'security_result.detection_fields'. - 'ProcessID' mapped to 'principal.process.pid'. - 'Domain' mapped to 'principal.administrative_domain'. - 'FWLink' mapped to 'metadata.url_back_to_product'. - 'Path' mapped to 'target.process.file.full_path'. |