Yes, there are plans to do this and other improvements to CIM datamodel for better ES integration. Keep an eye out in the next couple Add-on releases. Thanks for the feedback!
Thank you Brian. Do you have a road map or a time frame for when this support will be added?
Hi saurabhtek11, thanks for bumping this. We support network sessions, see eventtype=pantrafficstart and pantraffic_end. We could support Authentication to some extent with USERID type logs from the firewall, but the Authentication CIM is not a great fit because it's geared more toward the logs from the actual point of authentication, which the firewall typically is not in enterprise environments. This would be your RADIUS, LDAP, or AD server usually.
I opened a feature request so you can share your use cases for supporting the Authentication CIM. I'm very interested in any feedback, thanks!