Change log for HALCYON

Date	Changes
2025-04-09	Enhancement: - event.idm.read_only_udm.additional.fields: Newly mapped "dataType" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "totalOccurrences" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.principal.process.file.mime_type: Newly mapped "process.artifact.kind" raw log field with "event.idm.read_only_udm.principal.process.file.mime_type" UDM field. - event.idm.read_only_udm.principal.process.file.sha256: Newly mapped "process.artifact.sha256" raw log field with "event.idm.read_only_udm.principal.process.file.sha256" UDM field. - event.idm.read_only_udm.principal.process.file.full_path: Newly mapped "process.artifact.filePath" raw log field with "event.idm.read_only_udm.principal.process.file.full_path" UDM field. - event.idm.read_only_udm.principal.process.command_line: Newly mapped "process.commandLine" raw log field with "event.idm.read_only_udm.principal.process.command_line" UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped "firstOccurredAt" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field. - event.idm.read_only_udm.principal.process.file.last_seen_time: Newly mapped "lastOccurredAt" raw log field with "event.idm.read_only_udm.principal.process.file.last_seen_time" UDM field. - event.idm.read_only_udm.target.asset_id: Newly mapped "id" raw log field with "event.idm.read_only_udm.target.asset_id" UDM field.
2024-10-17	- Newly created parser.

Date

Changes

2025-04-09

Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped "dataType" raw log field with "event.idm.read_only_udm.additional.fields" UDM field.
- event.idm.read_only_udm.additional.fields: Newly mapped "totalOccurrences" raw log field with "event.idm.read_only_udm.additional.fields" UDM field.
- event.idm.read_only_udm.principal.process.file.mime_type: Newly mapped "process.artifact.kind" raw log field with "event.idm.read_only_udm.principal.process.file.mime_type" UDM field.
- event.idm.read_only_udm.principal.process.file.sha256: Newly mapped "process.artifact.sha256" raw log field with "event.idm.read_only_udm.principal.process.file.sha256" UDM field.
- event.idm.read_only_udm.principal.process.file.full_path: Newly mapped "process.artifact.filePath" raw log field with "event.idm.read_only_udm.principal.process.file.full_path" UDM field.
- event.idm.read_only_udm.principal.process.command_line: Newly mapped "process.commandLine" raw log field with "event.idm.read_only_udm.principal.process.command_line" UDM field.
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped "firstOccurredAt" raw log field with "event.idm.read_only_udm.metadata.event_timestamp" UDM field.
- event.idm.read_only_udm.principal.process.file.last_seen_time: Newly mapped "lastOccurredAt" raw log field with "event.idm.read_only_udm.principal.process.file.last_seen_time" UDM field.
- event.idm.read_only_udm.target.asset_id: Newly mapped "id" raw log field with "event.idm.read_only_udm.target.asset_id" UDM field.

2024-10-17

- Newly created parser.