Change log for CB_EDR

Date Changes
2024-07-02 Enhancement:
- Added "gsub" function to parse the unparsed fields.
2024-05-13 Enhancement:
- Mapped "alert_url" field to "metadata.url_back_to_product" UDM field.
2024-01-19 Enhancement:
- Added a null check for "filemod_hash.0" and "filemod_hash.1" before mapping.
2023-12-27 Enhancement:
- Initialized "filemod_hash.0" and "filemod_hash.1" to null to parse the unparsed logs.
2023-10-26 Enhancement:
- Added "gsub" function to parse the unparsed fields.
2023-10-13 Enhancement:
- Handled new JSON logs by adding JSON block.
- Removed redundant code for fields "computer_name", "parent_name", "process_name", "pid", "process_path", "md5", "sha256", "process_guid", "parent_pid", "docs.0.process_pid", "cb_version", "process_hash.0", "process_hash.1", "parent_hash.0" and "parent_hash.1".
2023-07-21 - Added MITRE ATT&CK tactic and technique details to "security_result.attack_details".
2023-03-24 - Mapped the field "protocol" to "network.ip_protocol".
- Added null conditional check for the field "child_username", "child_pid", "child_command_line".
- Changed the "metadata.event_type" from "GENERIC_EVENT" to "STATUS_UPDATE" when "principal.hostname" or "principal.ip" is not null.
2023-03-14 Bug-fix:
- Mapped the following fields when the field "type" is null:
- Mapped the field "process_guid" to "principal.process.product_specific_process_id".
- Mapped the field "device_external_ip" to "target.ip".
- Mapped the field "device_os" to "principal.platform".
- Mapped the field "device_group" to "principal.group.group_display_name".
- Mapped the field "process_pid" to "principal.process.pid".
- Mapped the field "process_path" to "principal.process.file.full_path".
- Mapped the field "process_cmdline" to "principal.process.command_line".
- Mapped the field "process_hash.0" to "principal.process.file.md5".
- Mapped the field "principal.1" to "principal.process.file.sha256".
- Mapped the field "process_username" to "principal.user.userid".
- Mapped the field "clientIp" to "principal.ip".
- Mapped the field "description" to "metadata.description".
- Mapped the field "orgName" to "principal.administrative_domain".
- Mapped the following fields when the field "ruleName" contains "CYDERES":
- Mapped the field "deviceInfo.internalIpAddress" to "principal.ip".
- Mapped the field "deviceInfo.externalIpAddress" to "target.ip".
- Mapped the field "ruleName" to "security_result.rule_name".
- Mapped the field "deviceInfo.deviceType" to "principal.asset.platform_software.platform".
- Mapped the field "domain" to "principal.administrative_domain".
- Mapped the field "deviceInfo.groupName" to "principal.group.group_display_name".
- Mapped the field "deviceInfo.deviceVersion" to "principal.asset.platform_software.platform_version".
- Mapped the field "deviceInfo.deviceId" to "principal.asset.asset_id".
- Mapped the field "eventId" to "additional.fields".
- Changed the "metadata.event_type" from "GENERIC_EVENT" to "NETWORK_CONNECTION" when "principal.ip" and "target.ip" is not null.
- Changed the "metadata.event_type" from "GENERIC_EVENT" to "STATUS_UPDATE" when "principal.ip" is not null.
2023-02-03 Bug-fix:
- Map "filemod_hash" to "target.file" instead of "target.process.file".
2023-01-20 Bug-fix:
- Stopped populating and mapping product_specific_process_id for empty process ids.
2022-11-25 - Mapped 'remote_ip' to 'principal.ip' and 'local_ip' to 'target.ip' for 'Inbound' TCP/UDP events.
- Mapped 'remote_port' to 'principal.port' and 'local_port' to 'target.port' for 'Inbound' TCP/UDP events.
2022-10-06 - Migrated all customer specific parsers to default parser.
2022-07-10 - Updated mapping of 'event_type' to 'PROCESS_LAUNCH' for logs of type 'endpoint.event.'.