ASIM Authentication Parsers: Hostname Resolution and Alias Fixes

What Changed

Critical fixes to ASIM Authentication parsers for Microsoft Windows Event and SSH (sshd) sources addressing SrcHostname resolution when WorkstationName is empty and correcting IpAddr field aliasing.

Parser Impact

• Microsoft Windows Event parser: SrcHostname now falls back to Computer when WorkstationName is empty or ‘-’, preventing null hostname values in normalized output
• SSH parser: IpAddr alias corrected to reference SrcIpAddr instead of DvcIpAddr for proper source IP visibility
• Added DvcHostName alias mapping in both parsers for improved field standardization
• No change to normalised field names or core filter logic — safe for existing detections using these parsers

Affected Files

Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftWindowsEvent.yaml
Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml
Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml
(ARM templates: ASimAuthenticationMicrosoftWindowsEvent.json, ASimAuthenticationSshd.json, vimAuthenticationMicrosoftWindowsEvent.json, vimAuthenticationSshd.json)