Change log for CS_EDR

Date Changes
2022-05-20 Enhancement:
- Mapped "LinkName" to "target.resource.attribute.labels".
- Switched possible "GENERIC_EVENTS" occurrences to "STATUS_UPDATE".
- Added Backslash between the process and its parent root directory.
- Parsed platform if the "event_platform" is iOS.
- Changed resource.type to resource_type.
2022-05-12 Enhancement - resourceName mapped to
resourceId mapped to target.resource.product_object_id
Namespace mapped to target.namespace
Category mapped to security_result.category_details
description mapped to security_result.description
sourceAgent mapped to network.http.user_agent
Severity mapped to security_result.severity
resourceKind mapped to target.resource.type
detectionName mapped to
clusterName mapped to target.resource.attribute.labels
clusterId mapped to target.resource.attribute.labels
detectionId mapped to target.resource.attribute.labels
Type mapped to additional.fields
Remediation to additional.fields
Benchmarks to additional.fields
badResources to additional.fields
2022-04-27 Bug - Fix: 1. Changed udm event_type from GENERIC_EVENT to USER_LOGIN for logs with ExternalApiType = Event_AuthActivityAuditEvent.
2. Changed mappings for target_user,actor_user, actor_user_uuid from additional.fields to target.user.email_addresses, target.user.user_display_name, target.user.userid respectively.
2022-04-25 Enhancement - Mapped "RemoteAddressIP4" to principal.ip.
2022-04-14 Bug - Added Support for ScriptContent field for all type of logs
2022-04-13 Enhancement-Added mappings for new fields
Added new event mappings - AuthenticationPackage mapped to
2022-04-04 Bug - Mapped "OriginatingURL" to principal.url for NetworkConnect events.