Change log for QUALYS_VM

Date Changes
2025-07-03 Enhancement:
- Newly added a grok pattern to parse the new format of logs.
- Newly added kv filter to parse `kv_data` data field.
- `event.idm.read_only_udm.metadata.event_timestamp` : Newly mapped `time` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field.
- `event.idm.read_only_udm.principal.hostname` : Newly mapped `host_name` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field and set `has_principal` as `true`.
- `event.idm.read_only_udm.principal.asset.hostname` : Newly mapped `host_name` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field and set `has_principal` as `true`.
- `event.idm.read_only_udm.target.application` : Newly mapped `application` raw log field with `event.idm.read_only_udm.target.application` UDM field.
- `event.idm.read_only_udm.target.process.pid` : Newly mapped `processid` raw log field with `event.idm.read_only_udm.target.process.pid` UDM field.
- `event.idm.read_only_udm.target.resource.product_object_id` : Newly mapped `SLICEID` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field.
- `event.idm.read_only_udm.target.hostname` : Newly mapped `SCANNER` raw log field with `event.idm.read_only_udm.target.hostname` UDM field and set `has_target` as `true`.
- `event.idm.read_only_udm.target.asset.hostname` : Newly mapped `SCANNER` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field and set `has_target` as `true`.
- `event.idm.read_only_udm.security_result.category_details` : Newly mapped `CAT` raw log field with `event.idm.read_only_udm.security_result.category_details` raw log field.
- `event.idm.read_only_udm.security_result.detection_fields` : Newly mapped `EVENT` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- `event.idm.read_only_udm.principal.ip` : Newly mapped `IPV4` raw log field with `event.idm.read_only_udm.principal.ip` UDM field and set `has_principal` as `true`.
- `event.idm.read_only_udm.principal.asset.ip` : Newly mapped `IPV4` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field and set `has_principal` as `true`.
- `event.idm.read_only_udm.event_type` : Newly mapped `event.idm.read_only_udm.event_type` UDM field as `NETWORK_CONNECTION` when `has_principal` and `has_target` are `true` and as `STATUS_UPDATE` when `has_principal` is `true` and `has_target` is `false` and as `GENERIC_EVENT` when `has_principal` is `false` and `has_target` is `false`.
2023-10-27 Enhancement:
- Added a "for" loop to split the events when there are multiple "QIDs".
2023-04-25 Enhancement:
- Mapped "DetectionList.FirstFoundTime" to "extensions.vulns.vulnerabilities.first_found".
- Mapped "DetectionList.LastFoundTime" to "extensions.vulns.vulnerabilities.last_found".
- Mapped "DetectionList.TimesFound" to "extensions.vulns.vulnerabilities.about.resource.attribute.labels".
- Mapped "DetectionList.LastTestDateTime" to "extensions.vulns.vulnerabilities.about.resource.attribute.labels".
- Mapped "DetectionList.LastUpdateDateTime" to "extensions.vulns.vulnerabilities.about.resource.attribute.labels".
- Mapped "DetectionList.LastProcessedDatetime" to "extensions.vulns.vulnerabilities.about.resource.attribute.labels".
2023-01-23 Enhancement:
- Mapped "DetectionList" array details to "extensions.vulns.vulnerabilities".
- Mapped "DetectionList.Qid" to "extensions.vulns.vulnerabilities.name".
- Mapped "DetectionList.Severity" to "extensions.vulns.vulnerabilities.severity".
- Mapped "DetectionList.Results" to "extensions.vulns.vulnerabilities.description".
- Mapped "DetectionList.Status", "DetectionList.DType" to "extensions.vulns.vulnerabilities.about.resource.attribute.labels".
2022-09-29 Enhancement:
- Mapped "ID" to "metadata.product_log_id".
- Mapped "Netbios","TrackingMethod","NetworkID" to "additional.fields".
- Mapped "QgHostID" to "principal.asset_id".
- Mapped "Os" to "principal.platform_version".
- Added conditional check for "_vulns".
2022-07-20 Enhancement: added mapping for following fields:
- "DETECTION.FIRST_FOUND_DATETIME" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.first_found".
- "DETECTION.LAST_FOUND_DATETIME" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.last_found".
- "HOST.LAST_VM_SCANNED_DATE" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.scan_end_time".
- "HOST.LAST_SCAN_DATETIME" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.scan_start_time".
- "DETECTION.QID" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.name".
- "DETECTION.SEVERITY" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.severity".
- "DETECTION.TYPE" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.about.labels".
- "DETECTION.STATUS" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.labels".
- "DETECTION.RESULTS" mapped to "event.idm.read_only_udm.extensions.vulns.vulnerabilities.description".
- "HOST.DNS_DATA.DOMAIN" mapped to "event.idm.read_only_udm.principal.domain.name".
- "HOST.ASSET_ID" mapped to "event.idm.read_only_udm.principal.asset_id".
- "HOST.IP" mapped to "event.idm.read_only_udm.principal.ip".
- "HOST.OS" mapped to "event.idm.read_only_udm.principal.platform_version".
- "HOST.DNS" mapped to "event.idm.read_only_udm.principal.hostname".
- "HOST.QG_HOSTID" mapped to "event.idm.read_only_udm.additional.fields".
- "HOST.NETBIOS" mapped to "event.idm.read_only_udm.additional.fields".
- "HOST.TRACKING_METHOD" mapped to "event.idm.read_only_udm.additional.fields".