Added Trellix Endpoint Security Map based on the work from Peter Snyder on McAfee Endpoint Security (Worked without changes beyond the Provider Name)
Added F-Secure Anti-Virus 12 Security Maps (May work on other versions but 12 was the only one tested for these rules)
Added F-Secure Anti-Virus 11 Security Map (May work on other versions but 11 was the only one tested for these rules)
Checklist:
Please replace every instance of [ ] with [X] OR click on the checkboxes after you submit your PR
[X] I have ensured a Provider is listed for the new Map(s) being submitted
[X] I have ensured the filename(s) of any new Map(s) being submitted follows the approved format, i.e. Channel-Name_Provider-Name_EventID.map. In summary, all spaces and special characters are replaced with a hyphen with an underscore separates Channel Name, Provider Name, and Event ID
[X] I have tested and validated the new Map(s) work with my test data and achieve the desired output
[X] I have provided example event data (# Example Event Data:) at the bottom of my Map(s), if possible
[X] I have consulted the Guide/Template to ensure my Map(s) follow the same format
Thank you for your submission and for contributing to the DFIR community!
Description
Added Trellix Endpoint Security Map based on the work from Peter Snyder on McAfee Endpoint Security (Worked without changes beyond the Provider Name) Added F-Secure Anti-Virus 12 Security Maps (May work on other versions but 12 was the only one tested for these rules) Added F-Secure Anti-Virus 11 Security Map (May work on other versions but 11 was the only one tested for these rules)
Checklist:
Please replace every instance of
[ ]with[X]OR click on the checkboxes after you submit your PRProvideris listed for the new Map(s) being submittedChannel-Name_Provider-Name_EventID.map. In summary, all spaces and special characters are replaced with a hyphen with an underscore separates Channel Name, Provider Name, and Event ID# Example Event Data:) at the bottom of my Map(s), if possibleThank you for your submission and for contributing to the DFIR community!