Change log for APPIAN_CLOUD

Date Changes
2025-02-12 - Changed "metadata.vendor_name" mapping from "APPIAN_CLOUD" to "Appian".
- Changed "metadata.product_name" mapping from "APPIAN_CLOUD" to "Cloud Platform".
2025-01-24 - Added Grok patterns to parse the logs.
- Mapped "src_host" to "intermediary.hostname".
- Mapped "sqlcmd" to "security_result.detection_fields".
- Mapped "oid" to "target.resource.product_object_id".
- Mapped "detail" to "security_result.severity_details".
- Mapped "thread" to "additional.fields".
- Mapped "document_name" to "target.files.names".
- Mapped "hash" to "target.file.md5".
- Mapped "src_ip1" to "target.ip" and "target.asset.ip".
- Mapped "name" to "target.resource.resource_subtype".
- Mapped "msg" and "reason" to "security_result.summary".
- Mapped "hostname" to "principal.hostname" and "principal.asset.hostname".
- Mapped "details" to "security_result.description" and "security_result.detection_fields".
- Mapped "user" to "principal.user.product_object_id".
- Mapped "action" to "target.resource.resource_subtype" and "target.resource.attribute.labels".
- Mapped "original_value", "setting_new_value", "setting_old_value", and "new_value" to "target.resource.attribute.labels".
- Mapped "username" to "principal.user.userid".
- Mapped "property" to "target.resource.name".
- Mapped "modified_by_uuid" to "principal.user.product_object_id".
- Mapped "modified_by_username" to "principal.user.userid".
- Mapped "page_involved", "site_involved", and "page_group_involved" to "target.resource.attribute.labels".
- Mapped "total_thread_count", "daemon_thread_count", used_heap_space", "available_heap_space", "tenured_generation_usage_after_collection", "tenured_generation_used", "tenured_generation_available", "permanent_generation_used", and "permanent_generation_available" to "additional.fields".
- Mapped "young_collection_count", "young_cllection_time", "tenured_collection_count", "tenured_collection_time", "cpu_core_count", "total_system_memory", "used_system_memory", "total_swap_space", "used_swap_space", "load_average", and "session_count" to "additional.fields".
- Mapped "record_type_name" to "target.resource.name".
- Mapped "record_identifier", "record_type_url_stub", "view", "filters", "environment", and "site_url_stub" to "target.resource.attribute.labels".
- Mapped "data_store", "entity", and "operation_type" to "additional.fields".
- Mapped "action1" to "security_result.summary".
- Mapped "user_uuid" to "target.user.product_object_id".
- Mapped "operation_name", "prepare_time", "transform_time", and "execute_time" to "additional.fields".
- Mapped "operation_detail" to "security_result.summary".
- Mapped "object" to "security_result.summary".
- Mapped "host" to "principal.hostname" and "principal.asset.hostname".
- Mapped "database" to "target.resource.name".
- Mapped "retcode" to "additional.fields".
- Mapped "connectionid" to "network.session.id".
- Mapped "queryid" to "target.resource.product_object_id".
- When "userid" is emailaddress, mapped these fields to "principal.user.userid", and "principal.user.email_address".
- Mapped "server_host" to "target.hostname" and "target.asset.hostname".
- Mapped "minimum_execution_time", "execution_count", "status_code_1xx_count", "status_code_2xx_count", "status_code_3xx_count", "status_code_4xx_count", "status_code_5xx_count", "minimum_response_size", "maximum_response_time", "maximum_response_size", "mean_execution_time", and "maximum_response_size" to "security_result.detection_fields".
- Mapped "http_method" to "network.http.method".
- Mapped "act" to "security_result.action".
- When "message" is "record-usage" or "sites-usage", then "metadata.event_type" is "USER_RESOURCE_ACCESS".
- When message is "admin-console-audit", then "metadata.event_type" is "USER_RESOURCE_UPDATE_CONTENT".
- When message is "delete", then "metadata.event_type" is "USER_RESOURCE_DELETION".
2024-11-14 - Newly created parser.