⚠️ Important update: HarfangLab EDR Log Parsing Enhancement

As part of our ongoing efforts to improve data consistency and analysis capabilities across our XDR platform, we are implementing an important modification to the HarfangLab EDR log parsing process.

What's Changing?

We are enhancing the way user information is parsed to ensure better standardization across all data sources. This change specifically affects how domain and username information is structured.

Current Format

  • Single field: user.name = domain\user
  • This format creates inconsistencies with other data source formats

New Format

  • Split into two distinct fields
  • user.domain = domain
  • user.name = user

When

🗓️ Deployment is scheduled for February 20th, 2025 at 12:00 CET

Required Actions

  • Review and update any custom detection rules, automations using the user.name field
  • Update any saved queries or dashboards referencing this field
  • Test modified queries before the deployment date

Need Help?

Contact our Support Team if you have any questions or need assistance preparing for this change.

Best regards,
The Integrations Team

What do you think about this update?