Change log for EFFICIENTIP_DDI

Date	Changes
2025-05-13	Enhancement: - Added Grok patterns to parse new format of logs. - event.idm.read_only_udm.metadata.event_type: Setting `event.idm.read_only_udm.metadata.event_type` UDM field as `NETWORK_DNS` when `has_dns_questions` is "true", else `STATUS_UPDATE` when `has_principal` is "true" and `GENERIC_EVENT` for any other case. - event.idm.read_only_udm.metadata.event_type: Setting `event.idm.read_only_udm.metadata.event_type` UDM field as `USER_UNCATEGORIZED` when `has_user` is "true", else `STATUS_UPDATE` when `has_principal` is "true" and `GENERIC_EVENT` for any other case.
2024-11-07	Enhancement: - Mapped "hostname" to "principal.hostname" and "principal.asset.hostname". - When "data.code" is "1", then set "additional.fields.key" to "subnet_mask". - When "data.code" is "2", then set "additional.fields.key" to "time_offset". - When "data.code" is "4", then set "additional.fields.key" to "time_server". - When "data.code" is "3", then set "additional.fields.key" to "default_router". - When "data.code" is "6", then set "additional.fields.key" to "dns". - When "data.code" is "12", then set "additional.fields.key" to "hostname". - When "data.code" is "15", then set "additional.fields.key" to "domain". - When "data.code" is "42", then set "additional.fields.key" to "ntp". - When "data.code" is "51", then set "additional.fields.key" to "lease_time". - When "data.code" is "58" or "59", then set "additional.fields.key" to "renewal_time". - When "data.code" is "60", then set "additional.fields.key" to "class_identifier". - When "data.code" is "61", then set "additional.fields.key" to "client_identifier". - When "data.code" is "69", then set "additional.fields.key" to "smtp". - When "data.code" is "70", then set "additional.fields.key" to "pop3". - When "data.code" is "81", then set "additional.fields.key" to "fqdn". - When "data.code" is "100", then set "additional.fields.key" to "posix". - When "data.code" is "101", then set "additional.fields.key" to "time_zone". - When "data.code" is "119", then set "additional.fields.key" to "dns_searchlist". - When "data.code" is "121", then set "additional.fields.key" to "static_route".
2024-08-21	Enhancement: - When "activity-type" is dns related, then mapped "metadata.event_type" to "NETWORK_DNS".
2024-06-11	Enhancement: - Handled unparsed JSON logs.