Change log for CISCO_ACS

Date	Changes
2024-11-14	Enhancement: - Added support to parse unparsed logs.
2023-09-26	Enhancement - - Initialized "hostname" to null and added a hostname not null check prior setting "metadata.event_type" to "STATUS_UPDATE". - Added a valid IP address check to "kv.DeviceIPAddress", "kv.Remote-Address" prior to mapping to UDM fields.
2022-08-19	Enhancement - -Mapped "User-Name" to "principal.user.userid". -Renamed ip:source-ip" to "source_ip" and Mapped it to "principal.ip". -Renamed "kv.audit-session-id" to "kv.audit_session_id" and Mapped it to "network.session_id". -Mapped "kv.AuthenticationMethod" to "additional.fields". -Mapped "kv.SelectedAccessService" to "additional.fields". -Mapped "kv.SelectedAuthorizationProfiles" to "security_result.detection_fields". -Mapped "kv.SelectedAuthenticationIdentityStores" to "security_result.detection_fields". -Mapped "kv.device-uid-global" to "principal.asset.product_object_id". -Mapped "kv.device-uid" to "principal.asset.asset_id". -Mapped "metadata.event_type" to "USER_UNCATEGORIZED" where kv.DestinationIPAddress and kv.NAS-IP-Address and kv.NAS-IP-Address and kv.UserName and kv.NetworkDeviceName is null. -Added support for logs with LEEF format.
2022-06-14	Enhancement - Modified grok to parse logs of log_type = "CSCOacs_Passed_Authentications" which were failing due to multiple spaces. - Replaced the value of 'device-mac' with the dummy value of "00:00:00:00:00:00" for logtype "CSCOacs_RADIUS_Accounting" in case of invalid value (00).
2022-06-06	Enhancement - Parsed logs of type "CSCOacs_Passed_Authentications" that doesn't have either of "DestinationIPAddress" or "NAS-IP-Address" present in the logs. - Modified metadata.event_type from "USER_UNCATEGORIZED" to "USER_LOGIN" for logs of type "CSCOacs_Passed_Authentications"
2022-05-05	Enhancement - The newly ingested logs which do not have message code are parsed and dropped.
2022-04-27	Enhancement - Parsed the logs with log_type=CISE_TACACS_Accounting.