<html lang="en">
<body>

<p>
	<b>[OOTB] KSC from SQL. Version 8</b><br>
	Change log:
	<ul>	
		<li>New extra normalizers were added: "KLAUD_EV_SERVERCONNECT", "KLAUD_EV_OBJECTMODIFY", "KLAUD_EV_TASK_STATE_CHANGED", "KLAUD_EV_ADMGROUP_CHANGED", "KLPRCI_TaskState".</li>
		<li>New event enrichments were added to the main normalizer DestinationUserName to lower case, SourceNtDomain to upper case, DestinationNtDomain to upper case, SourceHostName to lower case, DestinationHostName to lower case.</li>
	</ul>
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 7</b><br>
	Change log:
	<ul>	
		<li>Extra normalizer "connection Normalization" was updated. Regular expression was fixed. Event field "spt" was mapped to the KUMA field SourcePort.</li>
		<li>Extra normalizer " GNRL_EV_ATTACK_DETECTED" was updated. Event field "MAC-адрес атакующего компьютера" was mapped to the KUMA field SourceMacAddress. </li>
		<li>Extra normalizer "GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN" was updated. Event field "Name" was mapped to the KUMA field DeviceCustomString1. Event field "Object" was mapped to the KUMA field FilePath. Event field "Process ID" was mapped to the KUMA field DeviceCustomNumber1. Event field "Reason" was mapped to the KUMA field Reason. Event field "Result description" was mapped to the KUMA field EventOutcome. Event field "Туpе" was mapped to the KUMA field "Message". Event field "User" was mapped to the KUMA field "SourceUserName". Event field "Database release date" was mapped to the KUMA field DeviceCustomString4. Event field "MD5 hash" was mapped to the KUMA field OldFileHash. Event field "SHA256 hash" was mapped to the KUMA field FileHash. Event field "Detected object name" was mapped to the KUMA field "DeviceCustomString1". Event field "File owner" was mapped to the KUMA field SourceUserName. Event field "File" was mapped to the KUMA field FilePath. Event field "Detected object type" was mapped to the KUMA field "Message". Event field "Application path" was mapped to the KUMA field OldFilePath. Event field "Initiator" was mapped to the KUMA field DeviceCustomString3. Event field "Object type" was mapped to the KUMA field FileType. Event field "Task type" was mapped to the KUMA field DeviceCustomString2. Event field "User receiving access" was mapped to the KUMA field DestinationUserName. Event field "ID of running task" was mapped to the KUMA field DeviceCustomNumber2.</li>
		<li>Extra normalizer "GNRL_EV_OBJECT_NOTCURED" was updated. Event field "File" was mapped to the KUMA field FilePath. Event field "File owner" was mapped to the KUMA field SourceUserName. Event field "Initiator" was mapped to the KUMA field DeviceCustomString3. Event field "MDS hash" was mapped to the KUMA field OldFileHash. Event field "SHA256 hash" was mapped to the KUMA field FileHash. Event field "Object type" was mapped to the KUMA field FileType. Event field "Task type" was mapped to the KUMA field DeviceCustomString2. Event field "ID of running task" was mapped to the KUMA field DeviceCustomNumber1. Event field "User receiving access" was mapped to the KUMA field DestinationUserName. Event field "ID of running task" was mapped to the KUMA field DeviceCustomNumber2.</li>
		<li>Extra normalizer "GNRL_EV_OBJECT_DELETED Normalization" was updated. Event field "File" was mapped to the KUMA field FilePath. Event field "Initiator" was mapped to the KUMA field DeviceCustomString3. Event field "MDS hash" was mapped to the KUMA field OldFileHash. Event field "SHA256 hash" was mapped to the KUMA field FileHash. Event field "Object type" was mapped to the KUMA field FileType. Event field "Task type" was mapped to the KUMA field DeviceCustomString2. Event field "ID of running task" was mapped to the KUMA field DeviceCustomNumber2.</li>
	</ul>
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 6</b><br>
	Change log:
	<ul>	
		<li>New extra normalizers were added: "00000193", "00000134", "0000013a", "000000de", "00000139", "GNRL_EV_USB_FILE_OPERATION", "FSEE_AKPLUGIN_OBJECT_PROCESS_ERROR", "GNRL_EV_OBJECT_NOTCURED".</li>
		<li>Extra normalizer "message format separation" was updated. Regular expression was fixed.</li>
		<li>Event mapping was changed in the extra normalizer "JSON Message Normalization". Event field "Источник KL категории" was mapped to the KUMA field "DeviceCustomString6". Event field "Тип события" was mapped to the KUMA field "Message". Event field "Оригинальное название объекта" was mapped to the KUMA field "DeviceCustomString4". Event field "Тип правила" was mapped to the KUMA field "FlexString2".</li>
	</ul>
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 5</b><br>
	Change log:
	<ul>	
		<li>Extra normalizer "GNRL_EV_VIRUS_FOUND_BY_KSN" was deleted.</li>
		<li>New extra normalizer "GNRL_EV_OBJECT_DELETED" was added.</li>
	</ul>
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 4</b><br>
	Change log:
	<ul>	
		<li>Event enrichment in the "Extra normalizer conditions" parameter was changed for the extra normalizer "GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN": new event enrichments were added.</li>
		<li>Event enrichment to the KUMA field "Message" in the extra normalizer "GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN" was updated. Additional event enrichment with function replaceWithRegexp was added.</li>
		<li>Event enrichment in the "Extra normalizer conditions" parameter was changed for the extra normalizer "GNRL_EV_VIRUS_FOUND_AND_BLOCKED": new event enrichment was added.</li>
		<li>Event mapping was changed in the extra normalizer "GNRL_EV_WEB_URL_BLOCKED". Event field "Путь к приложению" was mapped to the KUMA field "OldFilePath". Event field "Приложение" was mapped to the KUMA field "FlexString1".</li>
	</ul>
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 3</b><br>
	Change log:
	<ul>	
		<li>Event enrichment in the "Extra normalizer conditions" parameter was changed for the extra normalizer "GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN": new event enrichments were added.</li>
		<li>Event mapping was changed in the extra normalizer "GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN". Event field "MD5 хеш файла" was mapped to the KUMA field "OldFileHash". Event field "SHA256 файла" was mapped to the KUMA field "FileHash". Event field "Имя объекта" was mapped to the KUMA field "FilePath". Event field "PID" was mapped to the KUMA field "DeviceCustomNumber1". Event field "Обнаружен возможно зараженный объект" was mapped to the KUMA field "DeviceCustomString1". Event field "Обнаружен объект" was mapped to the KUMA field "DeviceCustomString1". Event field mapping "Тип" was removed from the KUMA field "Message".</li>
		<li>New event enrichments were added in the extra normalizer "GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN": event enrichment to the KUMA field "DeviceCustomString1", event enrichment to the KUMA field "Message", event enrichment to the KUMA field "OldFileHash".</li>
		<li>Event enrichment with regexp to the KUMA field "SourceUserName" was removed from the main normalizer.</li>
		<li>Event enrichment to the KUMA field "SourceNtDomain" was removed  from the main normalizer.</li>
	</ul>
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 2</b><br>
	Event enrichment in the "Extra normalizer conditions" parameter was changed for the extra normalizer "GNRL_EV_ATTACK_DETECTED".
</p>

<p>
	<b>[OOTB] KSC from SQL. Version 1</b><br>
	Event enrichment in the "Extra normalizer conditions" parameter was changed for the extra normalizers GNRL_EV_ATTACK_DETECTED and GNRL_EV_VIRUS_FOUND and GNRL_EV_VIRUS_FOUND_BY_KSN.
</p>

</body>
</html>