Change log for AZURE_COSMOS_DB

Date	Changes
2023-02-22	Enhancement - - Mapped "TenantId" to "metadata.product_deployment_id". - Mapped "Computer" to "principal.hostname". - Mapped "EventSourceName" to "metadata.product_event_type" and mapped "principal.platform" based on "EventSourceName". - Mapped "EventID" to "metadata.product_log_id". - Mapped "Activity" to "metadata.description". - Mapped "CommandLine" to "target.process.command_line". - Mapped "Process" to "target.process.file.full_path". - Mapped "ProcessId" to "target.process.pid". - Mapped "ParentProcessName" to "target.process.parent_process.file.full_path". - Mapped "SubjectUserSid" to "principal.user.windows_sid". - Mapped "SubjectDomainName" to "principal.administrative_domain". - Mapped "SubjectLogonId" to "principal.user.userid". - Mapped "SubjectUserName" to "principal.user.user_display_name". - Mapped "TargetDomainName" to "target.administrative_domain". - Mapped "TargetLogonId" to "target.user.userid". - Mapped "TargetUserName" to "target.user.user_display_name". - Mapped "TargetUserSid" to "target.user.windows_sid". - Mapped "_ResourceId" to "target.resource.product_object_id". - Mapped "_Internal_WorkspaceResourceId", "TokenElevationType" to "target.resource.attribute.labels" - Mapped "Channel", "Task", "SourceSystem", "EventOriginId", "ManagementGroupName" to "additional.fields". - Mapped "FilePath" to "target.file.full_path". - Mapped "FileHash" to "target.file.sha256". - Mapped "SourceComputerId" to "principal.asset.asset_id".
2022-04-13	Newly created parser.

Date

Changes

2023-02-22

Enhancement -
- Mapped "TenantId" to "metadata.product_deployment_id".
- Mapped "Computer" to "principal.hostname".
- Mapped "EventSourceName" to "metadata.product_event_type" and mapped "principal.platform" based on "EventSourceName".
- Mapped "EventID" to "metadata.product_log_id".
- Mapped "Activity" to "metadata.description".
- Mapped "CommandLine" to "target.process.command_line".
- Mapped "Process" to "target.process.file.full_path".
- Mapped "ProcessId" to "target.process.pid".
- Mapped "ParentProcessName" to "target.process.parent_process.file.full_path".
- Mapped "SubjectUserSid" to "principal.user.windows_sid".
- Mapped "SubjectDomainName" to "principal.administrative_domain".
- Mapped "SubjectLogonId" to "principal.user.userid".
- Mapped "SubjectUserName" to "principal.user.user_display_name".
- Mapped "TargetDomainName" to "target.administrative_domain".
- Mapped "TargetLogonId" to "target.user.userid".
- Mapped "TargetUserName" to "target.user.user_display_name".
- Mapped "TargetUserSid" to "target.user.windows_sid".
- Mapped "_ResourceId" to "target.resource.product_object_id".
- Mapped "_Internal_WorkspaceResourceId", "TokenElevationType" to "target.resource.attribute.labels"
- Mapped "Channel", "Task", "SourceSystem", "EventOriginId", "ManagementGroupName" to "additional.fields".
- Mapped "FilePath" to "target.file.full_path".
- Mapped "FileHash" to "target.file.sha256".
- Mapped "SourceComputerId" to "principal.asset.asset_id".

2022-04-13

Newly created parser.