Change log for ATTIVO

Date Changes
2025-01-10 Enhancement:
- Added a new Grok pattern to parse the unparsed logs.
- Added a JSON block to parse the unparsed logs.
- Mapped "Alert.subject" to "metadata.description".
- Mapped "Alert.body" to "metadata.description".
- Mapped "Alert.app" to "principal.application".
- Mapped "Alert.dest_ip" to "target.ip" and "target.assest.ip".
- Mapped "Alert.dest_host" to "target.hostname".
- Mapped "Alert.src_hostname" to "principal.hostname".
- Mapped "Alert.src_ip_domain" to "principal.domain.name".
- Mapped "Alert.dest_ip_domain" to "target.domain.name".
- Mapped "Alert.id" to "metadata.product_log_id".
- Mapped "Alert.des_os" to "target.asset.platform_software.platform_version".
- Mapped "Alert.src_ip" to "principal.ip" and "prinicipal.asset.ip".
- Mapped "Alert.src_mac" to "prinicipal.mac".
- Mapped "Alert.id" to "metadata.product_log_id".
- Mapped "Alert.bootsink_ip" to "intermediary.ip".
- Mapped "Alert.forwarder" and "Alert.service" to "additional.fields".
- Mapped "techinque_id" to "security_result.attack_details.tactics.id".
- Mapped "techinque_name" to "security_result.attack_details.tactics.name".
- Mapped "Alert.severity" to "security_result.severity".
- Mapped "Alert.src_category" to "security_result.threat_name".
2024-04-19 Enhancement:
- Added support for new event types "NETWORK_UNCATEGORIZED" and "SCAN_NETWORK".
- Added support for certain new attributes.
2023-08-14 Enhancement:
- Added conditional check for "ips".
- If "ips" format matches IP address format, then map "ips" to "principal.ip", else map it to "intermediary.hostname".
2023-07-21 Newly created parser.