Change log for AZURE_RESOURCE_LOGS

Date Changes
2022-07-18 Enhancement - Mapped following fields :
- mapped "properties.activity" to "metadata.description".
- mapped "properties.riskType" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.riskLevelDuringSignIn" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.riskLevelAggregated" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.originalRequestId" to "event.idm.read_only_udm.additional.fields".
- mapped "Level","tenantId" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.conditionalAccessStatus" to "security_result.about.labels".
- mapped "properties.userType" to "target.user.attribute.labels".
- mapped "properties.provisioningSteps.0.details.city" to "principal.location.city".
- mapped "properties.provisioningSteps.0.details.country" to "principal.location.country_or_region".
- mapped "properties.sourceSystem.Id" to "principal.resource.product_object_id".
- mapped "properties.sourceIdentity.details.id" to "principal.user.product_object_id".
- mapped "properties.sourceSystem.Name" to "principal.resource.name".
- mapped "properties.accountEnabled","properties.isProcessing","properties.isGuest","properties.isDeleted" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.authenticationRequirement", "properties.status.errorCode", "properties.statusInfo.Status" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.sourceIdentity.details.odatatype", "properties.provisioningSteps.0.details.appRoleAssignments" to "principal.user.attribute.labels".
- mapped "properties.sourceIdentity.details.UserPrincipalName", "properties.ServicePrincipalId" to "principal.user.userid".
- mapped "properties.source","correlationId", "properties.activityDateTime", "properties.detectedDateTime","properties.lastUpdatedDateTime" to "security_result.detection_fields".
- mapped "properties.sourceIdentity.details.DisplayName", "properties.ServicePrincipalDisplayName", "properties.servicePrincipalName" to "principal.user.user_display_name".
- mapped "properties.servicePrincipalType", "properties.servicePrincipalCredentialKeyId" to "principal.resource.attribute.labels".
- mapped "properties.deviceDetail.isCompliant", "properties.deviceDetail.isManaged" to "principal.asset.attribute.labels".
2022-06-26 Parsed logs having "category" value as "UserRiskEvents" , "RiskyUsers" , "RiskyServicePrincipals" , "ServicePrincipalSignInLogs" , "NonInteractiveUserSignInLogs" , "ProvisioningLogs" , "ADFSSignInLogs".
- mapped "properties.ipAddress" to "principal.ip".
- mapped "properties.id" to "metadata.product_log_id".
- mapped "properties.displayName" to "target.application".
- mapped "properties.location.city" to "principal.location.city".
- mapped "properties.location.state" to "principal.location.state".
- mapped "properties.userDisplayName" to "target.user.user_display_name".
- mapped "properties.userId" to "target.user.product_object_id".
- mapped "properties.appId" to "target.resource.attribute.labels".
- mapped "properties.resourceDisplayName" to "target.resource.name".
- mapped "properties.resourceId" to "target.resource.product_object_id".
- mapped "properties.deviceDetail.operatingSystem" to "principal.platform_version".
- mapped "properties.deviceDetail.browser" to "network.http.user_agent".
- mapped "properties.deviceDetail.deviceId" to "principal.asset.asset_id".
- mapped "properties.deviceDetail.displayName" to "principal.asset.hostname".
- mapped "properties.sourceIdentity.details.id" to "principal.user.product_object_id".
- mapped "properties.location.countryOrRegion" to "principal.location.country_or_region".
- mapped "properties.location.geoCoordinates.latitude" to "principal.location.region_latitude".
- mapped "properties.location.geoCoordinates.longitude" to "principal.location.region_longitude".
- mapped "properties.sourceIdentity.details.DisplayName" to "principal.user.user_display_name".
- mapped "properties.authenticationDetails.0.authenticationMethodDetail" to "security_result.about.labels".
- mapped "properties.riskLevel", "properties.riskState", "properties.riskDetail" to "event.idm.read_only_udm.additional.fields".
- If value of "properties.authenticationDetails.0.authenticationMethod" is "Password", then mapped "extensions.auth.mechanism" to "USERNAME_PASSWORD".
- If value of "properties.userPrincipalName" is in email format then mapped it to "target.user.userid" and "target.user.email_addresses" , else mapped it only to "target.user.userid".
- If value of "properties.sourceIdentity.details.UserPrincipalName" is in email format then mapped it to "principal.user.userid" and "principal.user.email_addresses" , else mapped it only to "principal.user.userid".
For category "NonInteractiveUserSignInLogs" :
- mapped "properties.deviceDetail.trustType" to "event.idm.read_only_udm.additional.fields".
- mapped "properties.clientAppUsed" to "principal.application".
For category "UserRiskEvents" :
- If value of "properties.additionalInfo.Key" is "userAgent", then mapped "properties.additionalInfo.Value" to "network.http.user_agent".
2022-05-31 Newly created parser