Change log for IBM_SAFENET

Date	Changes
2026-03-05	Enhancement: - `event.idm.read_only_udm.principal.process.command_line`: Newly mapped `cmd_data` raw log field with `event.idm.read_only_udm.principal.process.command_line` UDM field. - `event.idm.read_only_udm.security_result.description`: Newly mapped `description` raw log field with `event.idm.read_only_udm.security_result.description` UDM field. - Added a grok pattern on description to extract `cmd_data`, `process_id`, `status`, and `application` fields. - Added support for new pattern of SYSLOG logs, this is allowing the following UDM fields to be mapped correctly: - `event.idm.read_only_udm.metadata.event_timestamp.seconds`. - `event.idm.read_only_udm.metadata.event_type`. - `event.idm.read_only_udm.metadata.log_type`. - `event.idm.read_only_udm.metadata.product_name`. - `event.idm.read_only_udm.metadata.vendor_name`. - `event.idm.read_only_udm.principal.application`. - `event.idm.read_only_udm.principal.asset.hostname`. - `event.idm.read_only_udm.principal.hostname`. - `event.idm.read_only_udm.principal.process.command_line`. - `event.idm.read_only_udm.principal.process.pid`. - `event.idm.read_only_udm.security_result.description`. - `event.idm.read_only_udm.security_result.summary`.
2023-05-24	Newly created parser.

Date

Changes

2026-03-05

Enhancement:
- `event.idm.read_only_udm.principal.process.command_line`: Newly mapped `cmd_data` raw log field with `event.idm.read_only_udm.principal.process.command_line` UDM field.
- `event.idm.read_only_udm.security_result.description`: Newly mapped `description` raw log field with `event.idm.read_only_udm.security_result.description` UDM field.
- Added a grok pattern on description to extract `cmd_data`, `process_id`, `status`, and `application` fields.
- Added support for new pattern of SYSLOG logs, this is allowing the following UDM fields to be mapped correctly:
- `event.idm.read_only_udm.metadata.event_timestamp.seconds`.
- `event.idm.read_only_udm.metadata.event_type`.
- `event.idm.read_only_udm.metadata.log_type`.
- `event.idm.read_only_udm.metadata.product_name`.
- `event.idm.read_only_udm.metadata.vendor_name`.
- `event.idm.read_only_udm.principal.application`.
- `event.idm.read_only_udm.principal.asset.hostname`.
- `event.idm.read_only_udm.principal.hostname`.
- `event.idm.read_only_udm.principal.process.command_line`.
- `event.idm.read_only_udm.principal.process.pid`.
- `event.idm.read_only_udm.security_result.description`.
- `event.idm.read_only_udm.security_result.summary`.

2023-05-24

Newly created parser.