Change log for ELASTIC_WINLOGBEAT

Date Changes
2022-08-09 Bug-fix
- Added conditions for extracting Target user details.
- Reduced the generic percentage by changing the event_type from "GENERIC_EVENT" to "STATUS_UPDATE".
2022-05-26 Enhancement
- kind mapped to additional.fields.
- ephemeral_id mapped to additional.fields.
- cs.version mapped to metadata.product_version.
- agent.name mapped to observer.user.userid.
- agent.ephemeral_id mapped to additional.fields.
- winlog.provider_guid mapped to additional.fields.
- winlog.channel mapped to additional.fields.
- winlog.api mapped to additional.fields.
- winlog.process.pid mapped to principal.process.pid.
- winlog.user.domain mapped to principal.administrative_domain.
- winlog.user.identifier mapped to principal.user.windows_sid.
- winlog.user.name mapped to target.user.userid.
- winlog.user.type mapped to security_result.about.labels.
- ip mapped to principal.ip.
- mac mapped to principal.mac.
- image mapped to target.process.file.full_path.
- processGuid mapped to target.process.product_specific_process_id.
- eventType mapped to target.registry.registry_key.
- TargetObject mapped to target.registry.registry_value_name.
- Action ID mapped to security_result.about.labels.
- Action Name mapped to security_result.about.labels.
2022-05-19 Bug-Fix:
Mapped following fields for event_id = 1, 3, 5:
"agent.name" mapped to "principal.hostname".
"winlog.process.pid" mapped to "principal.process.pid".
"winlog.event_data.Image" mapped to "target.process.file.full_path".
Mapped following fields for event_id = 7, 11, 18, 17:
"agent.name" mapped to "principal.hostname".
"winlog.event_data.Image" mapped to "target.process.file.full_path".
Mapped following fields for event_id = 4, 8, 9, 14, 13, 12, 10, 26, 16, 19, 20, 21:
"agent.name" mapped to "principal.hostname":
Mapped following fields for event_id = 6:
"agent.name" mapped to "principal.hostname".
"winlog.event_data.Hashes" mapped to target.process.file.sha1.
Mapped following fields for event_id = 2, 15:
"agent.name mapped" to "principal.hostname".
"winlog.event_data.TargetFilename" mapped to "target.file.full_path".
Added check for file.path in event_id=9.
2022-05-04 Enhancement
-Mapped timestamp.
-Mapped winlog.event_data.TargetFilename and winlog.event_data.ProcessId for event_id 11.
-Mapped winlog.event_data.SourcePort,winlog.event_data.DestinationPort, winlog.event_data.DestinationIp, winlog.event_data.SourceIp,winlog.event_data.Protocol for event_id 3.
-Added conditional checks for the field process.pid.
2022-04-27 Enhancement-Added new field mapping.
mapped StartAddress to target.labels
2022-04-13 Enhancement
-Mapped ReferrerUrl, HostUrl from additional to security_result.rule_labels.
-Mapped CallTrace field to security_result.detection_fields.
Handled the below errors:
"winlog.keywords.0" not found in state data
"security_result" not found in state data
"winlog.record_id": field not set
"_event.provider": field not set
"powershell.file.script_block_id": field not set
"winlog.opcode": field not set
"_event.action": field not set
"auth_mechanism" must not be empty
"winlog.process.pid": field not set
"winlog.event_data.TargetUserName": field not set
"agent.type": field not set
"host.name": field not set
"agent.version": field not set
2022-03-25 Enhancement
- Added check for event_type where event.code is either 11, 12, or 13.