<html lang="en">
<body>
  
<p>
    <b> [OOTB] Kaspersky DFI json. Version 1</b><br>
	This is the first version of the package.<br>
	Changelog:
		<ul>
			<li>Additional extra normalizers were added: "Social media mention", "Obsolete outdated software", "Compromised IP address", "Cross Site Scripting vulnerability", "DNS AXFR misconfiguration", "Mention on pastebin-like platform", "Domain defacement", "Malware-compromised AD account logs info", "Malware-compromised IP-linked account logs info", "Compromised access".</li>
			<li>Mapping of event field "name" was removed from the main normalizer. </li>
			<li>Mapping was changed in the normalizer "Malware-compromised employee account". Event field "name" was mapped to the KUMA field Name.</li>
			<li>Mapping was changed in the normalizer "Malware activity". Event field "name" was mapped to the KUMA field Name.</li>
			<li>Mapping was changed in the normalizer "DNS record misconfiguration". Event field "name" was mapped to the KUMA field Name.</li>
			<li>Extra normalizer "Malware-compromised employee account" was changed. New mutations were added to the event field "threat_details.objects.0.Date of compromise". Event field "threat_details.objects.0.Date of compromise1" was removed from the KUMA field DeviceCustomString5. Additional event conditions were added "Malware-compromised client account", "Malware-compromised AD account", "Malware-compromised IP-linked account". Additional event enrichment with template was added to the KUMA field DeviceCustomDate1Label.</li>
			<li>Main normalizer was changed. New event enrichments were added to the main normalizer (SourceHostName and SourceUserName to lowercase). Event filed recommendation was mapped to the KUMA field DeviceCustomString5. New event enrichments were added to data in the KUMA field DeviceCustomString5 (replace "\n", "\t", "### " with space or empty string).</li>
		</ul>
</p>

</body>
</html>