Change log for BARRACUDA_WAF

Date Changes
2025-07-22 Enhancement:
- event.idm.read_only_udm.principal.hostname: Newly mapped `host` raw log field to event.idm.read_only_udm.principal.hostname and event.idm.read_only_udm.principal.asset.hostname.
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `_time` raw log field to event.idm.read_only_udm.metadata.event_timestamp.
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `recid` raw log field to event.idm.read_only_udm.metadata.product_log_id.
- event.idm.read_only_udm.intermediary.ip: Newly mapped `host_ip` raw log field to event.idm.read_only_udm.intermediary.ip and event.idm.read_only_udm.intermediary.asset.ip.
- event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `cribl_processing_time` raw log field to event.idm.read_only_udm.metadata.collected_timestamp.
- event.idm.read_only_udm.additional.fields: Newly mapped `cribl_wp_id`, `logType`, `timeTaken` and `query` raw log field to event.idm.read_only_udm.additional.fields.
- event.idm.read_only_udm.metadata.description: Newly mapped `_raw` raw log field to event.idm.read_only_udm.metadata.description.
- event.idm.read_only_udm.security_result.first_discovered_time: Newly mapped `time` raw log field to event.idm.read_only_udm.security_result.first_discovered_time.
- event.idm.read_only_udm.principal.ip: Newly mapped `src` raw log field to event.idm.read_only_udm.principal.ip and event.idm.read_only_udm.principal.asset.ip.
- event.idm.read_only_udm.principal.port: Newly mapped `srcPort` raw log field to event.idm.read_only_udm.principal.port.
- event.idm.read_only_udm.target.ip: Newly mapped `dst` raw log field to event.idm.read_only_udm.target.ip and event.idm.read_only_udm.target.asset.ip.
- event.idm.read_only_udm.target.port: Newly mapped `dstPort` raw log field to event.idm.read_only_udm.target.port.
- event.idm.read_only_udm.target.url: Newly mapped `url` raw log field to event.idm.read_only_udm.target.url.
- event.idm.read_only_udm.network.sent_bytes: Newly mapped `srcBytes` raw log field to event.idm.read_only_udm.network.sent_bytes.
- event.idm.read_only_udm.network.received_bytes: Newly mapped `dstBytes` raw log field to event.idm.read_only_udm.network.received_bytes.
- event.idm.read_only_udm.network.tls.version: Newly mapped `proto` raw log field to event.idm.read_only_udm.network.tls.version.
- event.idm.read_only_udm.network.http.response_code: Newly mapped `httpStatus` raw log field to event.idm.read_only_udm.network.http.response_code.
- event.idm.read_only_udm.network.http.referral_url: Newly mapped `referer` raw log field to event.idm.read_only_udm.network.http.referral_url.
- event.idm.read_only_udm.target.hostname: Newly mapped `hostname_1` raw log field to event.idm.read_only_udm.target.hostname.
- event.idm.read_only_udm.target.asset.hostname: Newly mapped `hostname_1` raw log field to event.idm.read_only_udm.target.asset.hostname.
- event.idm.read_only_udm.network.application_protocol_version: Newly mapped `httpVersion` raw log field to event.idm.read_only_udm.network.application_protocol_version.
- event.idm.read_only_udm.network.http.user_agent: Newly mapped `usrName` raw log field to event.idm.read_only_udm.network.http.user_agent.
- Set event.idm.read_only_udm.metadata.product_name to LEEF and event.idm.read_only_udm.metadata.product_event_type to WAF for JSON-based logs.
- Added logic to merge security_result into event.idm.read_only_udm.security_result.
2025-02-10 Enhancement:
- Mapped "inter_host" to "null" if it is not present in the log.
2025-01-16 Enhancement:
- Added a Grok pattern to support new format of syslog logs.
- Mapped "inter_host" to "intermediary.hostname".
2024-11-19 Enhancement:
- Added support for CEF format logs.
2024-11-18 Enhancement:
- Removed unnecessary drop condition to fix the parsing issue.
2024-09-25 Enhancement:
- Added support for a new pattern of SYSLOG logs.
2024-09-05 Enhancement:
- Added support for a new pattern of SYSLOG logs.
2023-07-19 Bug-Fix:
-Parsed uparsed raw logs using a Grok pattern.
-Mapped 'server' to 'target.ip'.
2022-09-09 Enhancement: Created a default parser and Migrated the custom parsers into default parser.
The following fields are mapped:
- 'duser' mapped to 'target.user.user_display_name'.
- 'suser' mapped to '.principal.user.user_display_name'.
- 'suid' mapped to 'principal.user.userid'.
- 'src' mapped to 'principal.ip'.
- 'dst' mapped to 'target.ip'.
- 'shost' mapped to 'principal.hostname'.
- 'severity' mapped to 'security_result.severity'.
- 'action' mapped to 'security_result.action'.
- 'user_name' mapped to 'target.user.userid'.
- 'domain_name' mapped to 'target.domain.name'.
- 'mac_address' mapped to 'principal.mac'.
- 'direction' mapped to 'network.direction'.
- 'ip_protocol' mapped to 'network.ip_protocol'.
- 'summary' mapped to 'security_result.summary'.