Change log for CYNET_360_AUTOXDR

Date	Changes
2025-10-01	- event.idm.read_only_udm.additional.fields: Newly mapped `externalId`, `fname`, `sev`, `gpParams`, `gpprUser`, `gpSign`, `hostLS`, `epsVer`, `confVer`, `scanGroupId`, `sign`, `pssdeep`, `pSign`, `pct`, `gpssdeep`, `clientId`, `etwAlertId`, `pParams` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.severity: Newly mapped `sev` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `remedStat` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `actRem` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.security_result.category_details: Newly mapped `cat` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `prUser` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `dhost` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `dhost` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field. - event.idm.read_only_udm.principal.platform_version: Newly mapped `osVer` raw log field with `event.idm.read_only_udm.principal.platform_version` UDM field. - event.idm.read_only_udm.principal.file.sha256: Newly mapped `pFileHash` raw log field with `event.idm.read_only_udm.principal.file.sha256` UDM field. - event.idm.read_only_udm.principal.administrative_domain: Newly mapped `pprUser` raw log field with `event.idm.read_only_udm.principal.administrative_domain` UDM field. - event.idm.read_only_udm.principal.process.file.full_path: Newly mapped `ppParams` raw log field with `event.idm.read_only_udm.principal.process.file.full_path` UDM field. - event.idm.read_only_udm.principal.process.parent_process.file.sha256: Newly mapped `gpFileHash` raw log field with `event.idm.read_only_udm.principal.process.parent_process.file.sha256` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `dst` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `dst` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.target.file.full_path: Newly mapped `filePath` raw log field with `event.idm.read_only_udm.target.file.full_path` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `duser` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.security_result.summary: Newly mapped `cef_header` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field. - event.idm.read_only_udm.target.administrative_domain: Newly mapped `duser` raw log field with `event.idm.read_only_udm.target.administrative_domain` UDM field. - event.idm.read_only_udm.target.group.group_display_name: Newly mapped `scanGroupName` raw log field with `event.idm.read_only_udm.target.group.group_display_name` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `dtUtc`, `rt` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `rtUtc` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - event.idm.read_only_udm.metadata.event_type: The condition to set the event type to USER_UNCATEGORIZED was updated to include a check on the `has_target_user` field. - Added conditional check for json_failed to parse CEF formatted logs as a fallback. - Added conditional check for duser to parse domain and user. - Added conditional check for dtUtc and rt for event timestamp mapping. - Added conditional check for sev to map severity values.
2024-07-09	- Newly created parser.

Date

Changes

2025-10-01

- event.idm.read_only_udm.additional.fields: Newly mapped `externalId`, `fname`, `sev`, `gpParams`, `gpprUser`, `gpSign`, `hostLS`, `epsVer`, `confVer`, `scanGroupId`, `sign`, `pssdeep`, `pSign`, `pct`, `gpssdeep`, `clientId`, `etwAlertId`, `pParams` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.security_result.severity: Newly mapped `sev` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field.
- event.idm.read_only_udm.security_result.summary: Newly mapped `remedStat` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field.
- event.idm.read_only_udm.security_result.action_details: Newly mapped `actRem` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field.
- event.idm.read_only_udm.security_result.category_details: Newly mapped `cat` raw log field with `event.idm.read_only_udm.security_result.category_details` UDM field.
- event.idm.read_only_udm.principal.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.user.userid: Newly mapped `prUser` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- event.idm.read_only_udm.principal.hostname: Newly mapped `dhost` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field.
- event.idm.read_only_udm.principal.asset.hostname: Newly mapped `dhost` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field.
- event.idm.read_only_udm.principal.platform_version: Newly mapped `osVer` raw log field with `event.idm.read_only_udm.principal.platform_version` UDM field.
- event.idm.read_only_udm.principal.file.sha256: Newly mapped `pFileHash` raw log field with `event.idm.read_only_udm.principal.file.sha256` UDM field.
- event.idm.read_only_udm.principal.administrative_domain: Newly mapped `pprUser` raw log field with `event.idm.read_only_udm.principal.administrative_domain` UDM field.
- event.idm.read_only_udm.principal.process.file.full_path: Newly mapped `ppParams` raw log field with `event.idm.read_only_udm.principal.process.file.full_path` UDM field.
- event.idm.read_only_udm.principal.process.parent_process.file.sha256: Newly mapped `gpFileHash` raw log field with `event.idm.read_only_udm.principal.process.parent_process.file.sha256` UDM field.
- event.idm.read_only_udm.target.ip: Newly mapped `dst` raw log field with `event.idm.read_only_udm.target.ip` UDM field.
- event.idm.read_only_udm.target.asset.ip: Newly mapped `dst` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field.
- event.idm.read_only_udm.target.file.full_path: Newly mapped `filePath` raw log field with `event.idm.read_only_udm.target.file.full_path` UDM field.
- event.idm.read_only_udm.target.user.userid: Newly mapped `duser` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field.
- event.idm.read_only_udm.security_result.summary: Newly mapped `cef_header` raw log field with `event.idm.read_only_udm.security_result.summary` UDM field.
- event.idm.read_only_udm.target.administrative_domain: Newly mapped `duser` raw log field with `event.idm.read_only_udm.target.administrative_domain` UDM field.
- event.idm.read_only_udm.target.group.group_display_name: Newly mapped `scanGroupName` raw log field with `event.idm.read_only_udm.target.group.group_display_name` UDM field.
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `dtUtc`, `rt` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field.
- event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `rtUtc` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field.
- event.idm.read_only_udm.metadata.event_type: The condition to set the event type to USER_UNCATEGORIZED was updated to include a check on the `has_target_user` field.
- Added conditional check for json_failed to parse CEF formatted logs as a fallback.
- Added conditional check for duser to parse domain and user.
- Added conditional check for dtUtc and rt for event timestamp mapping.
- Added conditional check for sev to map severity values.

2024-07-09

- Newly created parser.