<html lang="en">
<body>

<p>
    <b>[OOTB] KESL syslog cef. Version 3</b><br>
	Change log:
		<ul>
			<li>Mapping was changed in the extra normalizer "ProcessCreate". Event field "dproc" was mapped to the KUMA field DestinationProcessName.</li>
			<li>Mapping was changed in the extra normalizer "ProcessTerminate". Event field "dproc" was mapped to the KUMA field DestinationProcessName.</li>
			<li>Mapping was changed in the extra normalizer "EventLog". Event field "dproc" was mapped to the KUMA field DestinationProcessName. Event field "deviceExternalId" was mapped to the KUMA field DeviceExternalId.</li>
		</ul>	
  </p>

   <p>
    <b>[OOTB] KESL syslog cef. Version 2</b><br>
	Change log:
		<ul>
			<li>New extra normalizers were added:  "ProcessCreate", "ProcessTerminate", "FileChange", "rest event types".</li>
			<li>Mapping was changed in the extra normalizer "ProcessCreate". Event field "cs1" was mapped to the KUMA field DeviceCustomString6. Event field "cs1Label" was mapped to the KUMA field "DeviceCustomString6Label". Event field "cs6" was mapped to the KUMA field "DeviceCustomString1". Event field "cs6Label" was mapped to the KUMA field "DeviceCustomString1Label".</li>
			<li>Mapping was changed in the extra normalizer "FileChange". Event field "cs1" was mapped to the KUMA field "DeviceCustomString6". Event field "cs1Label" was mapped to the KUMA field "DeviceCustomString6Label". Event field "deviceExternalId" was mapped to the KUMA field "DeviceAction". Event field "dproc" was mapped to the KUMA field "FilePath". Event field "cs6" was mapped to the KUMA field DeviceCustomString1. Event field "cs6Label" was mapped to the KUMA field "DeviceCustomString1Label".</li>
			<li>Mapping was changed in the extra normalizer "ProcessTerminate". Event field "cs1" was mapped to the KUMA field DeviceCustomString6. Event field "cs1Label" was mapped to the KUMA field "DeviceCustomString6Label".</li>
			<li>Mapping was changed in the extra normalizer "Message Normalization". Mapping of event fields was removed: "cs1", "cs1Label", "deviceExternalId", "dproc", "cs6", "cs6Label".</li>
			<li>Mapping was changed in the extra normalizer "rest event types". Event field "cs1" was mapped to the KUMA field "DeviceCustomString1". Event field "cs1Label" was mapped to the KUMA field "DeviceCustomString1Label". Event field "deviceExternalId" was mapped to the KUMA field "DeviceExternalID". Event field "dproc" was mapped to the KUMA field "DestinationProcessName". Event field "cs6" was mapped to the KUMA field "DeviceCustomString6Label".</li>
			<li>Mapping was changed in the extra normalizer "EventLog". Event field "cs1" was mapped to the KUMA field "DeviceCustomString6". Event field "cs1Label" was mapped to the KUMA field "DeviceCustomString6Label". Event field "cs6" was mapped to the KUMA field DeviceCustomString1. Event field "cs6Label" was mapped to the KUMA field "DeviceCustomString1Label".</li>
			<li>Mapping of "Severity" field was removed from the main normalizer.</li>
			<li>In the extra normalizer "Message Normalization" function "Keep extra fields" was disabled.</li>
			<li>Event enrichment was added in the extra normalizer "Message Normalization" to the KUMA field "Severity".</li>
			<li>Extra normalizer "KasperskyMsg for EventLog" was renamed to "EventLog".</li>
		</ul>	
  </p>
    
  <p>
    <b>[OOTB] KESL syslog cef. Version 1</b><br>
	This is the first version of the package.
  </p>

</body>
</html>