Change log for MICROSOFT_SENTINEL

Date Changes
2025-08-13 Enhancement:
- Added support for parsing errors.
- event.idm.read_only_udm.principal.hostname: Newly Mapped `entity_Hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field.
- event.idm.read_only_udm.principal.asset.hostname: Newly Mapped `entity_Hostname` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field.
- event.idm.read_only_udm.principal.ip: Newly Mapped `entity_SenderIP` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.ip: Newly Mapped `Client_IP_Address` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly Mapped `Client_IP_Address` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly Mapped `entity_SenderIP` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- event.idm.read_only_udm.principal.user.userid: Newly Mapped `entity_Name` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field.
- event.idm.read_only_udm.principal.user.email_addresses: Newly Mapped `entity_DisplayName` raw log field with `event.idm.read_only_udm.principal.user.email_addresses` UDM field.
- event.idm.read_only_udm.principal.user.product_object_id: Newly Mapped `entity_AadUserId` raw log field with `event.idm.read_only_udm.principal.user.product_object_id` UDM field.
- event.idm.read_only_udm.principal.user.user_display_name: Newly Mapped `entity_UPNSuffix` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `Alert_generation_status` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `OriginalQuery` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `Query` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `SystemAlertId` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `Data_Sources` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `Correlation_Id` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `_Internal_WorkspaceResourceId` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `_ItemId` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.additional.fields: Newly Mapped `Event_Grouping` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Query_End_Time_UTC` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Query_Start_Time_UTC` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Trigger_Threshold` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Trigger_Operator` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Search_Query_Results_Overall_Count` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `Query_Period` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.rule_id: Newly Mapped `Analytic_Rule_Ids` raw log field with `event.idm.read_only_udm.security_result.rule_id` UDM field.
- event.idm.read_only_udm.security_result.threat_name: Newly Mapped `AlertType` raw log field with `event.idm.read_only_udm.security_result.threat_name` UDM field.
- event.idm.read_only_udm.principal.ip: Newly Mapped `Previous_IP_Address` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly Mapped `Previous_IP_Address` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- event.idm.read_only_udm.target.user.userid: Newly Mapped `Custom_Details` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field.
2025-02-03 Enhancement:
- Added support for JSON logs.
2023-11-03 Enhancement:
- Mapped "ResourceId" to "target.resource.name".
- When "ResourceId" is 'not null' and event has one of "principal" or "target" as 'not null', then map "metadata.event_type" to "USER_RESOURCE_ACCESS".
2023-08-31 - Newly created parser.