Change log for CISCO_PRIME

Date	Changes
2025-04-30	Enhancement: - Added grok patterns to parse new pattern of logs. - event.idm.read_only_udm.metadata.timestamp: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `principal_hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `target_hostname` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.port: Newly mapped `target_port` raw log field with `event.idm.read_only_udm.target.port` UDM field.
2024-01-26	Bug-Fix: - Added Grok patterns to reduce percentage of `GENERIC_EVENT` event types. - Mapped "principal_port" to "principal.port". - Mapped "ip_address" to "principal.asset.ip". - Mapped "user_name" to "principal.user.userid". - Mapped "device_ip" to "principal.ip" and "principal.asset.ip". - Mapped "client_ip_address" to "principal.ip", "principal.asset.ip". - Mapped "principal_ip" to "principal.ip", "principal.asset.ip". - Mapped "Type" to "metadata.product_event_type". - Mapped "dst_user" to "target.user.userid". - Mapped "target_ip" to "target.asset.ip". - Mapped "device_type" to "target.resource.attribute.labels". - Mapped "device_hostname" to "target.resource.attribute.labels". - Mapped "sec_description" to "security_result.description".

Date

Changes

2025-04-30

Enhancement:
- Added grok patterns to parse new pattern of logs.
- event.idm.read_only_udm.metadata.timestamp: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field.
- event.idm.read_only_udm.principal.hostname: Newly mapped `principal_hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field.
- event.idm.read_only_udm.target.hostname: Newly mapped `target_hostname` raw log field with `event.idm.read_only_udm.target.hostname` UDM field.
- event.idm.read_only_udm.target.port: Newly mapped `target_port` raw log field with `event.idm.read_only_udm.target.port` UDM field.

2024-01-26

Bug-Fix:
- Added Grok patterns to reduce percentage of `GENERIC_EVENT` event types.
- Mapped "principal_port" to "principal.port".
- Mapped "ip_address" to "principal.asset.ip".
- Mapped "user_name" to "principal.user.userid".
- Mapped "device_ip" to "principal.ip" and "principal.asset.ip".
- Mapped "client_ip_address" to "principal.ip", "principal.asset.ip".
- Mapped "principal_ip" to "principal.ip", "principal.asset.ip".
- Mapped "Type" to "metadata.product_event_type".
- Mapped "dst_user" to "target.user.userid".
- Mapped "target_ip" to "target.asset.ip".
- Mapped "device_type" to "target.resource.attribute.labels".
- Mapped "device_hostname" to "target.resource.attribute.labels".
- Mapped "sec_description" to "security_result.description".