Change log for IONIX

Date	Changes
2025-10-22	Enhancement: - 'event.idm.entity.entity.asset.asset_id': Newly mapped 'data.asset' raw log field with 'event.idm.entity.entity.asset.asset_id' UDM field. - 'event.idm.entity.entity.hostname': Newly mapped 'data.asset' raw log field with 'event.idm.entity.entity.hostname' UDM field. - 'event.idm.entity.entity.asset.ip': Newly mapped 'ip' raw log field with 'event.idm.entity.entity.asset.ip' UDM field. - 'event.idm.read_only_udm.metadata.product_log_id': Newly mapped 'data.id' raw log field with 'event.idm.read_only_udm.metadata.product_log_id' UDM field. - 'event.idm.read_only_udm.metadata.event_timestamp': Newly mapped 'data.date_compromised' raw log field with 'event.idm.read_only_udm.metadata.event_timestamp' UDM field. - 'event.idm.read_only_udm.principal.ip': Newly mapped 'data.endpoint_ip' raw log field with 'event.idm.read_only_udm.principal.ip' UDM field. - 'event.idm.read_only_udm.principal.asset.platform_software.platform_version': Newly mapped 'data.endpoint_os' raw log field with 'event.idm.read_only_udm.principal.asset.platform_software.platform_version' UDM field. - 'event.idm.read_only_udm.target.url': Newly mapped 'data.url' raw log field with 'event.idm.read_only_udm.target.url' UDM field. - 'event.idm.read_only_udm.target.user.userid': Newly mapped 'data.username' raw log field with 'event.idm.read_only_udm.target.user.userid' UDM field. - 'event.idm.read_only_udm.target.hostname': Newly mapped 'data.related_asset' raw log field with 'event.idm.read_only_udm.target.hostname' UDM field. - 'event.idm.read_only_udm.target.asset.hostname': Newly mapped 'data.related_asset' raw log field with 'event.idm.read_only_udm.target.asset.hostname' UDM field. - 'event.idm.read_only_udm.target.file.full_path': Newly mapped 'data.malware_path' raw log field with 'event.idm.read_only_udm.target.file.full_path' UDM field. - 'event.idm.read_only_udm.security_result.detection_fields': Newly mapped 'data.stealer_family', 'data.incident_id', 'data.date_added', 'data.password_strength', 'data.password_hash', 'data.endpoint_antivirus', 'data.endpoint_cidr' and 'data.device_association' raw log fields with 'event.idm.read_only_udm.security_result.detection_fields' UDM field. - 'event.idm.read_only_udm.metadata.product_name' is set to a constant value of 'IONIX'. - 'event.idm.read_only_udm.metadata.vendor_name' is set to a constant value of 'IONIX'.
2023-09-28	Newly created parser.

Date

Changes

2025-10-22

Enhancement:
- 'event.idm.entity.entity.asset.asset_id': Newly mapped 'data.asset' raw log field with 'event.idm.entity.entity.asset.asset_id' UDM field.
- 'event.idm.entity.entity.hostname': Newly mapped 'data.asset' raw log field with 'event.idm.entity.entity.hostname' UDM field.
- 'event.idm.entity.entity.asset.ip': Newly mapped 'ip' raw log field with 'event.idm.entity.entity.asset.ip' UDM field.
- 'event.idm.read_only_udm.metadata.product_log_id': Newly mapped 'data.id' raw log field with 'event.idm.read_only_udm.metadata.product_log_id' UDM field.
- 'event.idm.read_only_udm.metadata.event_timestamp': Newly mapped 'data.date_compromised' raw log field with 'event.idm.read_only_udm.metadata.event_timestamp' UDM field.
- 'event.idm.read_only_udm.principal.ip': Newly mapped 'data.endpoint_ip' raw log field with 'event.idm.read_only_udm.principal.ip' UDM field.
- 'event.idm.read_only_udm.principal.asset.platform_software.platform_version': Newly mapped 'data.endpoint_os' raw log field with 'event.idm.read_only_udm.principal.asset.platform_software.platform_version' UDM field.
- 'event.idm.read_only_udm.target.url': Newly mapped 'data.url' raw log field with 'event.idm.read_only_udm.target.url' UDM field.
- 'event.idm.read_only_udm.target.user.userid': Newly mapped 'data.username' raw log field with 'event.idm.read_only_udm.target.user.userid' UDM field.
- 'event.idm.read_only_udm.target.hostname': Newly mapped 'data.related_asset' raw log field with 'event.idm.read_only_udm.target.hostname' UDM field.
- 'event.idm.read_only_udm.target.asset.hostname': Newly mapped 'data.related_asset' raw log field with 'event.idm.read_only_udm.target.asset.hostname' UDM field.
- 'event.idm.read_only_udm.target.file.full_path': Newly mapped 'data.malware_path' raw log field with 'event.idm.read_only_udm.target.file.full_path' UDM field.
- 'event.idm.read_only_udm.security_result.detection_fields': Newly mapped 'data.stealer_family', 'data.incident_id', 'data.date_added', 'data.password_strength', 'data.password_hash', 'data.endpoint_antivirus', 'data.endpoint_cidr' and 'data.device_association' raw log fields with 'event.idm.read_only_udm.security_result.detection_fields' UDM field.
- 'event.idm.read_only_udm.metadata.product_name' is set to a constant value of 'IONIX'.
- 'event.idm.read_only_udm.metadata.vendor_name' is set to a constant value of 'IONIX'.

2023-09-28

Newly created parser.