Change log for SYMANTEC_EVENT_EXPORT

Date	Changes
2023-11-07	Enhancement: - Added support for SYSLOG format logs. - Added "not null" checks to "parent.cmd_line", "parent.pid", "actor.pid", "actor.cmd_line", "device_name", "device_group", "device_os_name", "device_group", "device_domain", "device_uid" prior mapping to UDM. - Mapped "device_name" to "principal.hostname". - Mapped "user_name" to "principal.user.user_display_name". - Mapped "actor.user.name" to "principal.user.user_display_name". - Mapped "actor.user.domain" to "principal.administrative_domain". - Mapped "actor.user.sid" to "principal.user.windows_sid". - Mapped "actor.file.size" to "principal.process.file.size". - Mapped "device_public_ip" to "principal.ip". - Mapped "device_networks.ipv6" to "intermediary.ip". - Mapped "user_email" to "principal.user.email_addresses".
2022-08-19	Enhancement - Reduced Generic Event percentage. - Mapped "type_id" to event.idm.read_only_udm.metadata.event_type - Parsed logs for type_id = 21

Date

Changes

2023-11-07

Enhancement:
- Added support for SYSLOG format logs.
- Added "not null" checks to "parent.cmd_line", "parent.pid", "actor.pid", "actor.cmd_line", "device_name", "device_group", "device_os_name", "device_group", "device_domain", "device_uid" prior mapping to UDM.
- Mapped "device_name" to "principal.hostname".
- Mapped "user_name" to "principal.user.user_display_name".
- Mapped "actor.user.name" to "principal.user.user_display_name".
- Mapped "actor.user.domain" to "principal.administrative_domain".
- Mapped "actor.user.sid" to "principal.user.windows_sid".
- Mapped "actor.file.size" to "principal.process.file.size".
- Mapped "device_public_ip" to "principal.ip".
- Mapped "device_networks.ipv6" to "intermediary.ip".
- Mapped "user_email" to "principal.user.email_addresses".

2022-08-19

Enhancement - Reduced Generic Event percentage.
- Mapped "type_id" to event.idm.read_only_udm.metadata.event_type
- Parsed logs for type_id = 21