Change log for CORTEX_XDR

Date Changes
2024-11-18 Enhancement:
- Mapped "event_name" to "security_result.description".
- Mapped "shost" to "principal.ip" and "principal.asset.ip".
2024-08-20 Enhancement:
- Mapped "user_name" to "target.user.userid".
2024-08-19 Enhancement:
- Mapped "actor_process_os_pid" to "target.process.pid".
- Changed mapping of "alert_id" from "security_result.rule_id" to "security_result.detection_fields".
- Changed mapping of "endpoint_id" from "target.process.product_specific_process_id" to "principal.asset.asset_id".
- Added support to parse new format of unparsed JSON logs.
2024-07-02 Enhancement:
- Mapped "external_id" to "metadata.product_log_id".
- Mapped "action_pretty" to "security_result.action_details".
2024-06-17 Enhancement:
- When "severity" is less than or equal to 6, then set "security_result.severity" to "LOW".
- when "severity" is greater than 6 and less than or equal to 8, then set "security_result.severity" to "MEDIUM".
- When "severity" is greater than 8, then set "security_result.severity" to "HIGH".
- Mapped "action" to "security_result.action_details".
- Mapped "original_tags" to "additional.fields".
2024-04-17 Enhancement:
- Mapped "action_local_port" to "principal.port".
- Mapped "dst_agent_id" to "principal.ip".
- Mapped "action_remote_ip" to "target.ip".
- Mapped "action_remote_port" to "target.ip".
- Added check if "target_device" is preset prior setting "metadata.event_type" to "NETWORK_CONNECTION".
2024-03-15 Enhancement:
- Added a Grok to retrieve "source" and "sr_summary" from the message header.
- Mapped "sr_summary" to "security_result.summary"
2024-03-11 Enhancement:
- Added support for CEF format logs.
- Mapped "rt" to "metadata.event_timestamp".
- Mapped "category" and "cat" to "security_result.category_details".
- Mapped "cs2Label", "cs2", "tenantname", "tenantCDLid" and "CSPaccountname" to "additional.fields".
- Mapped "shost" to "principal.hostname" and "principal.asset.hostname".
- Mapped "spt" to "principal.port".
- Mapped "src" to "principal.ip" and "principal.asset.ip".
- Mapped "suser" to "principal.user.user_display_name".
- Mapped "dpt" to "target.port".
- Mapped "dst" to "target.ip" and "target.asset.ip".
- Mapped "fileHash" to "target.file.sha256".
- Mapped "filePath" to "target.file.full_path".
- Mapped "request" to "network.http.referral_url".
- Mapped "msg" to "security_result.description".
2024-01-18 Enhancement:
- Changed "action_file_path" mapping from "target.file.full_path" to "target.resource.attribute.labels".
- Mapped "domain" to "target.asset.hostname".
- Mapped "destinationTranslatedAddress" to "target.asset.ip".
- Mapped "host_name" to "principal.asset.hostname".
- Mapped "dvchost" to "principal.asset.hostname".
- Mapped "ip" to "principal.asset.ip".
- Mapped "sourceTranslatedAddress" to "principal.asset.ip".
2023-11-10 Enhancement:
- When "event_type" is "RPC Call", then mapped "metadata.event_type" to "STATUS_UPDATE".
- Mapped "events.action_country" to "security_result.about.location.country_or_region".
- Mapped "events.actor_process_command_line" to "target.process.command_line".
- Mapped "events.actor_process_image_md5" to "target.file.md5".
- Mapped "events.actor_process_image_path" to "target.file.full_path".
- Mapped "events.actor_process_image_sha256" to "target.file.sha256".
- Mapped "events.actor_process_instance_id" to "target.process.pid".
- Mapped "events.os_actor_process_command_line" to "principal.process.command_line".
- Mapped "events.os_actor_process_image_path" to "principal.file.full_path".
- Mapped "events.os_actor_process_image_sha256" to "principal.file.sha256".
- Mapped "events.os_actor_process_instance_id" to "principal.process.pid".
- Mapped "events.causality_actor_process_command_line" to "intermediary.process.command_line".
- Mapped "events.causality_actor_process_image_path" to "intermediary.file.full_path".
- Mapped "events.causality_actor_process_image_sha256" to "intermediary.file.sha256".
- Mapped "events.causality_actor_process_instance_id" to "intermediary.process.pid".
- Mapped "events.causality_actor_process_image_md5" to "intermediary.file.md5".
- Mapped "events.event_type" to "metadata.product_event_type".
- Mapped "events.user_name" to "principal.user.user_display_name".
2023-10-16 Enhancement:
- Mapped "source" to "principal.asset.attribute.labels".
- Set "metadata.event_type" to "NETWORK_CONNECTION" if "event_type" in "Network Connections" or "Network Event".
2022-11-03 Enhancement:
- Mapped "PanOSConfigVersion" to "security_result.detection_fields".
- Mapped "PanOSContentVersion" to "security_result.detection_fields".
- Mapped "PanOSDGHierarchyLevel1" to "security_result.detection_fields".
- Mapped "PanOSDestinationLocation" to "target.location.country_or_region".
- Mapped "PanOSDynamicUserGroupName" to "principal.group.group_display_name".
- Mapped "PanOSSourceLocation" to "principal.location.country_or_region".
- Mapped "PanOSThreatCategory" to "security_result.category_details".
- Mapped "PanOSThreatID" to "security_result.threat_id".
- Mapped "app" to "target.application".
- Mapped "cs1" to "additional.fields".
- Mapped "cs3" to "additional.fields".
- Mapped "cs4" to "additional.fields".
- Mapped "cs5" to "additional.fields".
- Mapped "cs6" to "additional.fields".
- Mapped "cn1" to "additional.fields".
- Mapped "sourceTranslatedPort" to "principal.port".
- Mapped "sourceTranslatedAddress" to "principal.ip".
- Mapped "destinationTranslatedAddress" to "target.ip".
- Mapped "destinationTranslatedPort" to "target.port".
- Mapped "act" to "security_result.action_details".
- Mapped "deviceExternalId" to "security_result.about.asset_id".
- Mapped "dvchost" to "principal.hostname".
- Mapped "proto" to "network.ip_protocol".
- Mapped "fileId" to "target.resource.attribute.labels".