Change log for MOBILEIRON

Date	Changes
2025-11-10	Enhancement - Added support for syslog format. - Set metadata.event_type to NETWORK_CONNECTION when both principal and target IP addresses are present. - `event.idm.read_only_udm.security_result.description`: Newly mapped `description` raw log field to `event.idm.read_only_udm.security_result.description` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `timestamp` raw log field to `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.product_version`: Newly mapped `version` raw log field to `event.idm.read_only_udm.metadata.product_version` UDM field. - `event.idm.read_only_udm.principal.application`: Newly mapped `app_name` raw log field to `event.idm.read_only_udm.principal.application` UDM field. - `event.idm.read_only_udm.principal.process.pid`: Newly mapped `procid` raw log field to `event.idm.read_only_udm.principal.process.pid` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `msgid` raw log field to `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.target.hostname`: Newly mapped `target_host` raw log field to `event.idm.read_only_udm.target.hostname` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `url_1` raw log field to `event.idm.read_only_udm.target.url` UDM field. - `event.idm.read_only_udm.target.user.userid`: Newly mapped `session_user` raw log fields to `event.idm.read_only_udm.target.user.userid` UDM field. - `event.idm.read_only_udm.network.received_bytes`: Newly mapped `response_size` raw log field to `event.idm.read_only_udm.network.received_bytes` UDM field. - `event.idm.read_only_udm.network.http.method`: Newly mapped `http_method` raw log field to `event.idm.read_only_udm.network.http.method` UDM field. - `event.idm.read_only_udm.network.http.referral_url`: Newly mapped `referrer` raw log field to `event.idm.read_only_udm.network.http.referral_url` UDM field. - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `user_agent` raw log field to `event.idm.read_only_udm.network.http.user_agent` UDM field. - `event.idm.read_only_udm.network.http.response_code`: Newly mapped `http_status` raw log field to `event.idm.read_only_udm.network.http.response_code` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `date_time` raw log field to `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.target.process.pid`: Newly mapped `pid` raw log field to `event.idm.read_only_udm.target.process.pid` UDM field. - `event.idm.read_only_udm.principal.ip`: Newly mapped `client_ip` raw log field to `event.idm.read_only_udm.principal.ip` UDM field. - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `client_ip` raw log field to `event.idm.read_only_udm.principal.asset.ip` UDM field. - `event.idm.read_only_udm.principal.port`: Newly mapped `client_port` raw log field to `event.idm.read_only_udm.principal.port` UDM field. - `event.idm.read_only_udm.target.ip`: Newly mapped `target_ip` raw log field to `event.idm.read_only_udm.target.ip` UDM field. - `event.idm.read_only_udm.target.asset.ip`: Newly mapped `target_ip` raw log field to `event.idm.read_only_udm.target.asset.ip` UDM field. - `event.idm.read_only_udm.target.port`: Newly mapped `target_port` raw log field to `event.idm.read_only_udm.target.port` UDM field. - `event.idm.read_only_udm.intermediary.ip`: Newly mapped `ip_1` raw log field to `event.idm.read_only_udm.intermediary.ip` UDM field. - `event.idm.read_only_udm.security_result.first_discovered_time`: Newly mapped `time` raw log field to `event.idm.read_only_udm.security_result.first_discovered_time` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `t1`, `mem_percent`, `vsz`, `rss`, `stat`, `start`, `token_id`, `tag`, `safepoint_ns_1`, `safepoint_ns_2`, `ns_1`, `duration_ms`, `apache_error_code`, `log_year`, `module`, `error_code` and `attempts` raw log field to `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `run_user`, `systemd_user`, `type`, `safepoint_type` and `http_request` raw log field to `event.idm.read_only_udm.security_result.detection_fields` UDM field. - `event.idm.read_only_udm.security_result.severity`: Newly mapped from the `loglevel` raw field, set to "INFORMATIONAL", "ERROR", or "MEDIUM" based on case-insensitive checks for "INFO", "Error", or "Warning" to `event.idm.read_only_udm.security_result.severity` UDM field. - `event.idm.read_only_udm.security_result.severity_details`: Newly mapped from the `loglevel` raw field when loglevel does not match the conditions for security_result.severity to `event.idm.read_only_udm.security_result.severity_details` UDM field. - `event.idm.read_only_udm.security_result.summary`: Newly mapped `summary` raw log field to `event.idm.read_only_udm.security_result.summary` UDM field. - `event.idm.read_only_udm.security_result.action`: Newly mapped `action` raw log field to `event.idm.read_only_udm.security_result.action` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `program_name` raw log field to `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.principal.resource.attribute.labels`: Newly mapped `user`, `nice`, `iowait`, `steal`, `idle` and `system` raw log field to `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field.
2024-11-07	Enhancement - Added support for syslog format.
2023-02-02	Enhancement - Update the existing mapping "security_result.summary" to "security_result.description" for "complianceViolationTypeToReason.BLACKLIST_APPS". - Mapped 'complianceViolationTypeToReason.SA' to 'security_result.summary'.
2022-04-25	Enhancement - Modified event_type from 'GENERIC_EVENT' to 'USER_UNCATEGORIZED' - Mapped 'policyViolatedAt' to 'metadata.event_timestamp' - Mapped 'platformType' to 'principal.asset.platform_software.platform'