Change log for AWS_ROUTE_53

Date	Changes
2025-04-10	Enhancement: - `event.idm.read_only_udm.network.dns.questions.name`: Newly mapped `Query.Hostname` raw log field with `event.idm.read_only_udm.network.dns.questions.name` UDM field. - `event.idm.read_only_udm.metadata.event_type`: Newly mapped `event.idm.read_only_udm.metadata.event_type` UDM field as `NETWORK_DNS` when `Query.Hostname` raw log field is present. - `event.idm.read_only_udm.network.application_protocol`: Newly mapped `event.idm.read_only_udm.network.application_protocol` UDM field as `DNS` when `Query.Hostname` raw log field is present. - Changed the logic of mapping `Query.Hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field and `event.idm.read_only_udm.principal.domain.name` UDM field as per the previous parser version. - `event.idm.read_only_udm.principal.domain.name`: Removed mapping of `Query.Hostname` raw log field from `event.idm.read_only_udm.principal.domain.name` UDM field due to logic change.
2025-03-13	Enhancement: - Mapped "Cloud.Region" to "principal.location.name". - Mapped "Src_endpoint.Vpc_uid" to "principal.resource.name". - Mapped "Src_endpoint.Ip" to "principal.ip" and "principal.asset.ip". - Mapped "Src_endpoint.Port" to "principal.port". - Mapped "Query.Hostname" to "principal.hostname" and "principal.domain.name". - Mapped "Query.Type" to "metadata.product_event_type". - Mapped "Rcode" to "metadata.description" and "network.dns.response_code". - Mapped "Connection_info.Protocol_name" to "network.ip_protocol". - Mapped "Src_endpoint.Instance_uid" to "principal.hostname" and "principal.asset.hostname". - Mapped "Dst_endpoint.Instance_uid" and "Dst_endpoint.Interface_uid" to "security_result.rule_labels". - Mapped "Category_uid", "Class_uid", "Class_name", "Cloud.Provider", "Metadata.Product.Feature.Name", "Type_name", "Type_uid", "Metadata.Profiles" to "additional.fields". - Mapped "Category_name" to "security_result.category_details". - Mapped "Firewall_rule.Uid" to "security_result.rule_id". - Mapped "Metadata.Product.Name" to "metadata.product_name". - Mapped "Metadata.Product.Vendor_name" to "metadata.vendor_name". - Mapped "Severity" to "security_result.severity" after uppercasing. - Mapped "Activity_id" and "Activity_name" to "metadata.product_event_type". - Mapped "Observables.Array" to "security_result.detection_fields".
2025-02-06	Enhancement: - Added "gsub" to parse new type of logs. - Added JSON filter to parse new type of logs.
2025-01-28	Enhancement: - Mapped "answers.Class", "answers.Type", "query_class" to "additional.fields".
2024-10-22	Enhancement: - Mapped "answers" field to "network.dns.answers".
2024-10-17	Enhancement: - Added on_error to all fields before mapping to UDM.
2023-12-20	Bug-Fix: - Added gsub to replace "\\" with "#" to convert SYSLOG into JSON. - Added gsub to replace back "#" with "\\".
2023-05-08	Enhancement: - Modified Grok pattern for the query DNS logs to support a new log format. - Handle JSON logs containing multiple events.
2022-08-10	Removed extra uppercase mutate blocks.
2022-07-22	Newly created parser.