Package google/chrome-enterprise-security-events Release Notes
Package google/chrome-enterprise-security-events Release Notes Version 1.1.0
The old parser Google_Chrome_Enterprise is deprecated, and replaced by the new parser google-chrome-enterprise. While the old parser will remain available during a tranisition period, all future changes will only go into the new google-chrome-enterprise parser. We recommend switching to the newer parser as soon as possible, to make for the smoothest upgrade. The old Google_Chrome_Enterprise parser will be removed at some point in the future. In your data, the field #type contains the name of the parser, so any queries you may have that searches for this field need to accomodate this change.
Duplicated vendor fields dropped in new parserThe old Google_Chrome_Enterprise parser would duplicate certain fields, which the new google-chrome-enterprise parser will not. The fields which were previously duplicated, would be present both under the Vendor namespace (e.g. Vendor.srcIp), and as a field mapped to CPS (e.g. source.ip). If the value of two such fields is byte-for-byte the same, the new parser will no longer preserve the vendor-specific field, but only the CPS field. If the value of the two fields differ, both fields will be preserved. This means the following fields will no longer be present in the parsed data, when using the new parser:
Vendor.device_id
Vendor.device_name
Vendor.device_user
Vendor.event
Vendor.event_detail
Vendor.os_platform
Vendor.os_version
Vendor.reason
Vendor.url
Vendor.user_agent
Sets the event.category and event.type fields.
Bug fix: Renamed the field name from Parser_version to Parser.version to ensure compliance with CPS standard.
Bug fix: Renamed the field name from device.name to device.model.name to ensure compliance with CPS standard.
Bug fix: Renamed the field name from device.user to user.name to ensure compliance with CPS standard.
Bug fix: Moved the fields os.type and os.version under the host.* to ensure compliance with CPS standard.
Package google/chrome-enterprise-security-events Release Notes Version 1.0.0
Adds new event.module and Cps.version fields
Removes the Product field
Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type
Bumps parser version to 1.0.0
Renames the url.host to url.domain
Package google/chrome-enterprise-security-events Release Notes Version 0.2.0
Introducing a new dashboard: ChromeOS Data Controls
Adapted the parser to be compliant to a common schema based on an OpenTelemetry standard.
Added a widget for Chrome Browser crash events in the Event Information Dashboard
Added additional columns to the Events widget of the Event Information Dashboard to include Crowdstrike Customer ID and Agent ID
Package google/chrome-enterprise-security-events Release Notes Version 0.1.5
Introduces 2 new dashboards: Extension Monitoring and ChromeOS Overview.
Includes additional widgets for new Google Chrome Enterprise Events, such as Chrome Remote Desktop (CRD) and Password Reuse Events.
Reorganized widgets within the Security Overview for better visibility of notable events.
Added parameters to dashboards to aid pivoting on key values.
Bumps the minimum supported version of LogScale to 1.82