Change log for SNARE_SOLUTIONS

Date	Changes
2024-01-24	Enhancement: - Added Grok patterns to parse dropped "SYSLOG + KV" format logs. - Mapped "ts" to "metadata.event_timestamp". - Mapped "hostname" and "src_host" to "principal.asset.hostname". - Mapped "src_ip" to "principal.asset.ip". - Mapped "Namespace" to "principal.user.userid". - Mapped "ClientProcessID" to "principal.process.pid". - Mapped "HostApplication" to "principal.application". - Mapped "Id" to "principal.resource.product_object_id". - Mapped "ip_protocol" to "network.ip_protocol". - Mapped "event_id" and "Component" to "additional.fields". - Mapped "NotificationQuery", "PossibleCause", "Operation" and "ResultCode" to "security_result.detection_fields". - Mapped "ProviderName", "NewProviderState", "SequenceNumber", "HostName", "HostVersion", "HostId", ""EngineVersion", "RunspaceId", "PipelineId", "CommandName", "ScriptName", "CommandPath", "Volume_GUID", and "Volume_name" to "principal.resource.attribute.labels".
2022-07-29	Newly created parser

Date

Changes

2024-01-24

Enhancement:
- Added Grok patterns to parse dropped "SYSLOG + KV" format logs.
- Mapped "ts" to "metadata.event_timestamp".
- Mapped "hostname" and "src_host" to "principal.asset.hostname".
- Mapped "src_ip" to "principal.asset.ip".
- Mapped "Namespace" to "principal.user.userid".
- Mapped "ClientProcessID" to "principal.process.pid".
- Mapped "HostApplication" to "principal.application".
- Mapped "Id" to "principal.resource.product_object_id".
- Mapped "ip_protocol" to "network.ip_protocol".
- Mapped "event_id" and "Component" to "additional.fields".
- Mapped "NotificationQuery", "PossibleCause", "Operation" and "ResultCode" to "security_result.detection_fields".
- Mapped "ProviderName", "NewProviderState", "SequenceNumber", "HostName", "HostVersion", "HostId", ""EngineVersion", "RunspaceId", "PipelineId", "CommandName", "ScriptName", "CommandPath", "Volume_GUID", and "Volume_name" to "principal.resource.attribute.labels".

2022-07-29

Newly created parser