Change log for EFFICIENTIP_DDI

Date Changes
2025-07-03 Enhancement:
- Added grok pattern to parse new format of logs.
- `event.idm.read_only_udm.principal.process.pid`: Newly mapped `process_id` with `event.idm.read_only_udm.principal.process.pid` UDM field.
- Mapped `has_principal` to `true` when `event.idm.read_only_udm.principal.mac` is present.
- `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `src_ip` with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields.
- Added a conditional check to see if log has `dhcp` in it before setting event_type to `NETWORK_DHCP`.
- Added an IP validation before mapping intermediary, If the value is IP `intermediary` is mapped to `event.idm.read_only_udm.intermediary.ip` else mapped to `event.idm.read_only_udm.intermediary.hostname`.
2025-06-26 Enhancement:
- Added Grok pattern to extract `domain_name` from `description`.
- event.idm.read_only_udm.principal.hostname and event.idm.read_only_udm.principal.asset.hostname : Newly mapped `domain_name` with `event.idm.read_only_udm.principal.hostname` and `event.idm.read_only_udm.principal.asset.hostname` UDM fields, if `principal.hostname` and `principal.asset.hostname` is not mapped else it is mapped to `event.idm.read_only_udm.additional.fields`.
- Removed duplicate `dns_domain` in same grok pattern overwrite. This has been removed because it is redundant.
2025-05-13 Enhancement:
- Added Grok patterns to parse new format of logs.
- event.idm.read_only_udm.metadata.event_type: Setting `event.idm.read_only_udm.metadata.event_type` UDM field as `NETWORK_DNS` when `has_dns_questions` is "true", else `STATUS_UPDATE` when `has_principal` is "true" and `GENERIC_EVENT` for any other case.
- event.idm.read_only_udm.metadata.event_type: Setting `event.idm.read_only_udm.metadata.event_type` UDM field as `USER_UNCATEGORIZED` when `has_user` is "true", else `STATUS_UPDATE` when `has_principal` is "true" and `GENERIC_EVENT` for any other case.
2024-11-07 Enhancement:
- Mapped "hostname" to "principal.hostname" and "principal.asset.hostname".
- When "data.code" is "1", then set "additional.fields.key" to "subnet_mask".
- When "data.code" is "2", then set "additional.fields.key" to "time_offset".
- When "data.code" is "4", then set "additional.fields.key" to "time_server".
- When "data.code" is "3", then set "additional.fields.key" to "default_router".
- When "data.code" is "6", then set "additional.fields.key" to "dns".
- When "data.code" is "12", then set "additional.fields.key" to "hostname".
- When "data.code" is "15", then set "additional.fields.key" to "domain".
- When "data.code" is "42", then set "additional.fields.key" to "ntp".
- When "data.code" is "51", then set "additional.fields.key" to "lease_time".
- When "data.code" is "58" or "59", then set "additional.fields.key" to "renewal_time".
- When "data.code" is "60", then set "additional.fields.key" to "class_identifier".
- When "data.code" is "61", then set "additional.fields.key" to "client_identifier".
- When "data.code" is "69", then set "additional.fields.key" to "smtp".
- When "data.code" is "70", then set "additional.fields.key" to "pop3".
- When "data.code" is "81", then set "additional.fields.key" to "fqdn".
- When "data.code" is "100", then set "additional.fields.key" to "posix".
- When "data.code" is "101", then set "additional.fields.key" to "time_zone".
- When "data.code" is "119", then set "additional.fields.key" to "dns_searchlist".
- When "data.code" is "121", then set "additional.fields.key" to "static_route".
2024-08-21 Enhancement:
- When "activity-type" is dns related, then mapped "metadata.event_type" to "NETWORK_DNS".
2024-06-11 Enhancement:
- Handled unparsed JSON logs.