Package darktrace/detect Release Notes | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Package darktrace/detect Release Notes

Package darktrace/detect Release Notes Version 2.0.0

Added support for CEF-formatted DCIP logs with new event.dataset "darktrace.dcip"
Enhanced MITRE ATT&CK technique and tactic mapping using objectArray functions
Improved field mappings for threat intelligence data
Updated parser to 3.0.0

Package darktrace/detect Release Notes Version 1.5.0

Added support for email events
Updated parser to 2.3.0

Package darktrace/detect Release Notes Version 1.4.1

Added severity mapping for AI Analyst events
Enhanced severity mapping for model breach events based on score or priority
Added severity mapping for system status events
Fixed code formatting for better readability
Updated parser to 2.2.1

Package darktrace/detect Release Notes Version 1.4.0

Enhanced audit event parsing with improved categorization and field mapping
Added validation for source IP addresses using CIDR check
Updated ECS version to 9.0.0
Added support for syslog appname-based event classification
Updated parser to 2.2.0

Package darktrace/detect Release Notes Version 1.3.1

Fixed timestamp parsing for Antigena events to use start time instead of end time

Package darktrace/detect Release Notes Version 1.3.0

Added support for audit events with new event.dataset "detect.audit"
Fixed timezone handling for RFC 3164 syslog timestamps

Package darktrace/detect Release Notes Version 1.2.0

Adds default of "event" of event.kind field.
Fixes regex to parse out alternative timestamp format.
Fixes gap error for Vendor.model.tags[] array.
Adds source.ip field.

Package darktrace/detect Release Notes Version 1.1.1

Updates rule.author field to an array to comply with ECS.
Bumps ecs.version to 8.16.0.

Package darktrace/detect Release Notes Version 1.1.0

The parser darktrace-detect is an aggregation of the three previous parsers: ai_analyst_alert-syslog , model_breach_alert-syslog , system_status_alert-syslog
Handles events with syslog headers in both the RFC 5424 and RFC 3164 formats
Deals with large JSON objects within the message
Handles the following log types and sets event.dataset accordingly: detect.aianalyst / detect.modelbreach / detect.modeltrigger / detect.systemstatus / detect.antigena
CPS normalization that was previously done in separate parsers is carried out based on event.dataset
CPS normalization carried out for additional data types - detect.modeltrigger and detect.antigena
Added santised examples of all variations of event.dataset and syslog header format
Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Package darktrace/detect Release Notes Version 1.0.0

Adds new event.module and Cps.version fields
Removes the Product , related.user and related.ip fields
Sets following tags: Cps.version , Vendor , ecs.version , event.dataset , event.kind , event.module , event.outcome , observer.type

Enter search term