Change log for VECTRA_XDR
| Date | Changes |
|---|---|
| 2026-04-24 | - Mapped `entity_uid` raw log field with `principal.mac` or `principal.ip` UDM field based on value.
- Mapped details.http_hostname raw log field with target.hostname UDM field. - Mapped details.http_hostname and details.http_url raw log fields with target.url UDM field. - Mapped details.http_method raw log field with network.http.method UDM field. - Mapped details.http_status raw log field with network.http.response_code UDM field. - Mapped details.http_user_agent raw log field with network.http.user_agent UDM field. - Mapped details.bytes_received raw log field with network.sent_bytes UDM field. - Mapped details.bytes_sent raw log field with network.received_bytes UDM field. - Mapped details.src_ip raw log field with principal.ip UDM field. - Mapped details.dst_ip raw log field with target.ip UDM field. - Mapped details.dst_port raw log field with target.port UDM field. |
| 2025-12-30 | - Mapped "caller_ip_addresses" from the "detail" object to "principal.ip".
|
| 2025-08-18 | - For events of type "account", the IP extracted from the `name` field is now mapped to `target.ip` instead of `target.user.attribute.labels`.
- For events not of type "account", the IP extracted from the `name` field is now mapped to `target.ip` instead of `target.hostname`. |
| 2025-05-14 | - Newly created label for Vectra XDR(RUX) logs.
- Previously the vectra RUX data supported under VECTRA_DETECT parser. - Created new label VECTRA_XDR for RUX data. |