Package google/chrome-enterprise-security-events Release Notes Version 1.1.0
Parser renaming and Deprecation notice

The old parser Google_Chrome_Enterprise is deprecated, and replaced by the new parser google-chrome-enterprise. While the old parser will remain available during a transition period, all future changes will only go into the new google-chrome-enterprise parser. We recommend switching to the newer parser as soon as possible, to make for the smoothest upgrade. The old Google_Chrome_Enterprise parser will be removed at some point in the future. In your data, the field #type contains the name of the parser, so any queries you may have that searches for this field need to accomodate this change.

Duplicated vendor fields dropped in new parser

The old Google_Chrome_Enterprise parser would duplicate certain fields, which the new google-chrome-enterprise parser will not. The fields which were previously duplicated, would be present both under the Vendor namespace (e.g. Vendor.srcIp), and as a field mapped to CPS (e.g. source.ip). If the value of two such fields is byte-for-byte the same, the new parser will no longer preserve the vendor-specific field, but only the CPS field. If the value of the two fields differ, both fields will be preserved. This means the following fields will no longer be present in the parsed data, when using the new parser:

  • Vendor.device_id

  • Vendor.device_name

  • Vendor.device_user

  • Vendor.event

  • Vendor.event_detail

  • Vendor.os_platform

  • Vendor.os_version

  • Vendor.reason

  • Vendor.url

  • Vendor.user_agent

Misc
  • Sets the event.category and event.type fields.

  • Bug fix: Renamed the field name from Parser_version to Parser.version to ensure compliance with CPS standard.

  • Bug fix: Renamed the field name from device.name to device.model.name to ensure compliance with CPS standard.

  • Bug fix: Renamed the field name from device.user to user.name to ensure compliance with CPS standard.

  • Bug fix: Moved the fields os.type and os.version under the host.* to ensure compliance with CPS standard.

Package google/chrome-enterprise-security-events Release Notes Version 1.0.0
  • Adds new event.module and Cps.version fields

  • Removes the Product field

  • Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type

  • Bumps parser version to 1.0.0

  • Renames the url.host to url.domain

Package google/chrome-enterprise-security-events Release Notes Version 0.2.0
  • Introducing a new dashboard: ChromeOS Data Controls

  • Adapted the parser to be compliant to a common schema based on an OpenTelemetry standard.

  • Added a widget for Chrome Browser crash events in the Event Information Dashboard

  • Added additional columns to the Events widget of the Event Information Dashboard to include CrowdStrike Customer ID and Agent ID

Package google/chrome-enterprise-security-events Release Notes Version 0.1.5
  • Introduces 2 new dashboards: Extension Monitoring and ChromeOS Overview.

  • Includes additional widgets for new Google Chrome Enterprise Events, such as Chrome Remote Desktop (CRD) and Password Reuse Events.

  • Reorganized widgets within the Security Overview for better visibility of notable events.

  • Added parameters to dashboards to aid pivoting on key values.

  • Bumps the minimum supported version of LogScale to 1.82