Change log for LINUX_SYSMON

Date Changes
2025-07-29 Enhancement:
- Modified the grok pattern to fetch timestamp and Added date filter to support new format of timestamps.
- Added a Grok pattern to support new pattern of logs.
- Modified else condition to filter null values in `Category` raw log field.
- Added KV filter to support new format of logs.
- event.idm.read_only_udm.additional.fields: Newly mapped `logname`,`tty`,`uid`,`euid` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.target.user.userid: Newly mapped `user` raw log fields with `event.idm.read_only_udm.target.user.userid` UDM field.
- event.idm.read_only_udm.security_result.summary: Newly mapped `summary` raw log fields with `event.idm.read_only_udm.security_result.summary` UDM field.
2025-07-02 Enhancement:
- event.idm.read_only_udm.intermediary.hostname: Newly mapped `Computer` raw log field with `event.idm.read_only_udm.intermediary.hostname` UDM field.
- event.idm.read_only_udm.additional.fields: Newly mapped `Channel`, `ThreadID`, `SystemTime`, `Keywords`, `Task`, `Version`, `ProviderGuid`, `SourceName` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field.
2024-10-22 Enhancement:
- Added support for the new pattern of syslog logs.
2024-06-17 Enhancement:
- Added support for the new pattern of JSON logs.
2024-01-25 Enhancement :
- Removed extra escape characters from the "message" to avoid 'xml' filter failure.
- Changed mapping for "UserID" from "principal.user.windows_sid" to "principal.user.userid".
2023-11-09 Enhancement :
- Mapped "User" to "target.user.userid".
- Mapped "ParentUser" to "principal.user.userid".
- Mapped "ProcessId" to "target.process.pid".
- Mapped "FileVersion" to "principal.software.version".
- Mapped "Product" to "principal.software.name".
- Mapped "Company" to "principal.software.vendor_name".
- Mapped "LogonId" to "principal.network.session_id".
- Mapped "OriginalFileName", "CurrentDirectory", "LogonGuid", "TerminalSessionId", "IntegrityLevel" to "additional.fields".
2022-07-12 Enhancement :
- Added null check to EventID field prior mapping.
- Mapped insertId to metadata.product_log_id.
- Mapped logName to target_process_file.
- Mapped resource.type to target.resource.type.
- Mapped resource.labels.project_id to target.resource.product_object_id.
- Mapped resource.labels.instance_id to target.resource.id.
- Mapped refer_url to network.http.referral_url.
2022-05-10 Initial creation of the LINUX_SYSMON Chronicle parser, based upon WINDOWS_SYSMON
- Supports events IDs 1, 3, 5, 9, 11, 16, 23.
- Uses the Chronicle Forwarder Regex Filter capabilities with an allow filter of 'sysmon' to exclude syslog logs.