AgentXKB

AgentXWindowsCompiledNormalizer now supports normalization of SMS Passcode logs.

• eventdata{product Name} to product 
• eventdata{product Version} to product_version
• eventdata_new_value to new_value
• eventdata_old_value to old_value

The event id for these fields is 5007 and the normalizer is "AgentXWindowsCompiledNormalizer". 

The taxonomy of normalized fields is updated for AgentX Windows Security Audit.

• eventdata_new_target_user_name → new_user

• eventdata_old_target_user_name → target_user

• eventdata_home_directory → home_directory

• eventdata_home_path → home_path

• eventdata_profile_path → path

• eventdata_script_path → script_path

• eventdata_user_parameters → parameter

• eventdata_user_workstations → workstation

The taxonomy of normalized fields is updated for AgentXWindowsCompiledNormalizer.

• eventdata_nASIPv4Address → nas_ipv4_address

• eventdata_clientIPAddress → client_address

• eventdata_nASPortType → nas_port_type

• eventdata_eAPType → eap_type

• eventdata_nASIdentifier → nas_identifier

• eventdata_nASPort → nas_port

• log_file_cleared_client_process_id → process_id

• log_file_cleared_client_process_start_key → process_start_key

• log_file_cleared_subject_logon_id -> logon_id