Change log for RECORDED_FUTURE_IOC
| Date | Changes |
|---|---|
| 2026-01-19 | Enhancement:
- "event.idm.read_only_udm.entity.entity.file.sha256": Newly mapped "Value" raw log field with "event.idm.read_only_udm.entity.entity.file.sha256" UDM field. - "event.idm.read_only_udm.entity.entity.url": Newly mapped "Value" raw log field with "event.idm.read_only_udm.entity.entity.url" UDM field. - "event.idm.read_only_udm.entity.metadata.entity_type": Updated to "FILE" when "Value" matches a SHA256 hash. - "event.idm.read_only_udm.entity.metadata.entity_type": Updated to "URL" when "Value" is identified as a URI. |
| 2025-04-11 | Enhancement:
- Updated parser to parse each log entry into single event instead of multiple events. - event.ioc.categorization: Removed mapping of `detail.Rule` from `event.ioc.categorization` UDM field. - event.ioc.description: Removed mapping of `detail.EvidenceString` from `event.ioc.description` UDM field. - event.ioc.raw_severity: Removed mapping of `detail.CriticalityLabel` from `event.ioc.raw_severity` UDM field. - event.idm.entity.metadata.threat.first_discovered_time: Newly mapped `detail.FirstSeen` raw log field with `event.idm.entity.metadata.threat.first_discovered_time` UDM field. |
| 2025-04-07 | Enhancement:
- `event.idm.ready_only_udm.metadata.threat.risk_score`: Newly mapped "risk_score" raw log field with "event.idm.ready_only_udm.metadata.threat.risk_score" UDM field. - Added conversion of `event.idm.ready_only_udm.metadata.threat.risk_score` to float. |