Change log for CISCO_STEALTHWATCH

Date Changes
2025-07-29 Enhancement:
- Added grok patterns to parse unparsed logs.
- event.idm.read_only_udm.target.hostname: Newly mapped target_hostname raw log field to event.idm.read_only_udm.target.hostname.
- event.idm.read_only_udm.target.mac: Newly mapped target_mac_address raw log field to event.idm.read_only_udm.target.mac.
- event.idm.read_only_udm.principal.mac: Newly mapped source_mac_address raw log field to event.idm.read_only_udm.principal.mac.
- event.idm.read_only_udm.security_result.severity: Newly mapped alarm_severity_id raw log field to event.idm.read_only_udm.security_result.severity.
- event.idm.read_only_udm.principal.user.user_display_name: Newly mapped source_username raw log field to event.idm.read_only_udm.principal.user.user_display_name.
- Consolidated all mapping for event.idm.read_only_udm.additional.fields.
2024-10-29 Enhancement:
- Added support to handle JSON logs.
2024-09-26 Enhancement:
- Added support to parse CEF format logs.
2024-06-11 Enhancement:
- Updated the Grok pattern to parse the "emc1502" value and mapped it to "principal.hostname".
2023-06-19 Enhancement:
- Mapped "sourceIPv4Address" to "principal.ip".
- Mapped "SourceModuleType" to "observer.application".
- Mapped "SourceModuleName" to "target.resource.name".
- Mapped "MessageSourceAddress" to "principal.ip".
- Mapped "SourcePort" to "principal.port".
- Mapped "Version" to "metadata.product_version".
- Mapped "DestPort" to "target.port".
- Mapped "DestIPv4Address" to "target.ip".
- Mapped "ProtocolIdentifier" to "network.ip_protocol".
- Mapped "inputSNMPIface", "outputSNMPIface", "InPackets" to "additional.fields".
2023-02-10 FIX -
- Added new Grok patterns to parse NFS and SMB protocol type logs.
2022-07-06 Enhancement-Added mappings for unparsed log (audit, alarm).
FC_Name mapped to principal.user.userid.
src mapped to principal.ip.
dst mapped to target.ip.
Source_HG mapped to principal.location.country_or_region.
category mapped to security_result.category_details.
details mapped to metadata.description.
vendor_severity Minor mapped to security_result.severity (INFORMATIONAL).
vendor_severity Major mapped to security_result.severity (ERROR).
Added Event_type USER_UNCATEGORIZED for unparsed log.
Added additional field Alarm_ID.