Change log for RSA_AUTH_MANAGER

Date Changes
2026-06-17 Enhancement:
- Added a new grok pattern to parse the new `SYSLOG` and `SYSLOG+KV` format logs.
- event.idm.read_only_udm.target.file.full_path: Newly mapped `PWD` raw log field to `event.idm.read_only_udm.target.file.full_path`.
- event.idm.read_only_udm.target.user.userid: Newly mapped `USER` raw log field to `event.idm.read_only_udm.target.user.userid`.
- event.idm.read_only_udm.target.process.command_line: Newly mapped `COMMAND` raw log field to `event.idm.read_only_udm.target.process.command_line`.
- event.idm.read_only_udm.principal.user.userid: Newly mapped `principal_user` raw log field to `event.idm.read_only_udm.principal.user.userid`.
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped `column15` raw log field to `event.idm.read_only_udm.security_result.detection_fields`.
- Added support for the events `PROCESS_LAUNCH`, `USER_UNCATEGORIZED` and `NETWORK_CONNECTION` and relevant corresponding raw log fields.
2026-05-21 - event.idm.read_only_udm.security_result.description: Newly mapped `auth_module` raw log field to `event.idm.read_only_udm.security_result.description` UDM field.
- event.idm.read_only_udm.target.application: Newly mapped `auth_service` raw log field to `event.idm.read_only_udm.target.application` UDM field.
- event.idm.read_only_udm.security_result.action_details: Newly mapped `auth_action` raw log field to `event.idm.read_only_udm.security_result.action_details` UDM field.
- event.idm.read_only_udm.target.user.product_object_id: Newly mapped `uid` raw log field to `event.idm.read_only_udm.target.user.product_object_id` UDM field.
- event.idm.read_only_udm.target.user.userid: Newly mapped `target_user` raw log field to `event.idm.read_only_udm.target.user.userid` UDM field.
- event.idm.read_only_udm.additional.fields: Newly mapped `priority` and `program` raw log field to `event.idm.read_only_udm.additional.fields` UDM field.
2025-10-29 Enhancement:
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `product_log_id` raw log field to `event.idm.read_only_udm.metadata.product_log_id` UDM field.
- event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `principal_product_object_id` raw log field to `event.idm.read_only_udm.principal.user.product_object_id` UDM field.
- event.idm.read_only_udm.principal.user.user_display_name: Conditionally mapped from the `custom_last_name` raw log field. If `custom_last_name` contains only "^[a-zA-Z]*$" and is not empty, it is mapped to `event.idm.read_only_udm.principal.user.user_display_name`. Otherwise, `custom_last_name` is not empty, its value is mapped to `event.idm.read_only_udm.additional.fields` under the key `custom_last_name`.
- event.idm.read_only_udm.target.resource.type: Newly mapped `Type` raw log field to `event.idm.read_only_udm.target.resource.type` UDM field.
- event.idm.read_only_udm.target.user.product_object_id: Newly mapped `tar_product_object_id` raw log field to `event.idm.read_only_udm.target.user.product_object_id` UDM field.
- event.idm.read_only_udm.target.user.userid: Newly mapped `path` raw log field to `event.idm.read_only_udm.target.user.userid` UDM field.
- event.idm.read_only_udm.additional.fields: Newly mapped `logger_class`, `event_code` and `application_session_id` raw log field to `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `correlation_id` raw log field to `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field.
- event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `principal_hostname` raw log field to `event.idm.read_only_udm.target.resource.attribute.labels` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped `principal_security_domain_guid` raw log field to `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.target.user.attribute.labels: Newly mapped `username_1` raw log field to `event.idm.read_only_udm.target.user.attribute.labels` UDM field.
2024-03-13 Enhancement:
- Modified the Grok pattern to parse the data in the header of the log.
2022-08-09 Enhancement-Removed the dropped condition, handled and parsed the logs with appropriate GROK pattern.
2022-06-13 Enhancement-Removed drop condition for logs with event_name = ACCESS_DIRECTORY.