Change log for F5_VPN

Date Changes
2024-05-20 Enhancement:
- Modified a Grok pattern to parse "principal.resource.name" correctly.
- Added a Grok pattern to parse "uid" and "sAmAccountName" and mapped to "target.hostname".
- Mapped "Hostname" to "target.hostname" and "target.asset.hostname".
- Mapped "sess_id" to "network.session_id" for "SAML Agent" messages.
2024-03-05 Enhancement:
- Added a Grok pattern to parse syslog logs.
- Mapped "internal_ip" to "target.ip" and "target.asset.ip".
- Mapped "sess_id" to "network.session_id".
- Mapped "file_path" to "principal.resource.name".
- Mapped "useragent" to "network.http.user_agent".
- Mapped "User-Agent" and "useragent" to "network.http.parsed_user_agent".
- Mapped "username" to "target.user.userid".
- Mapped "sid" to "target.user.windows_sid".
- Mapped "bytes_out" to "network.sent_bytes".
- Mapped "bytes_in" to "network.received_bytes".
- Mapped "Platform" to "principal.platform".
- Mapped "Platform_Version" to "principal.platform_version".
- Mapped "Javascript_Support", "ActiveX_Support", "Plugin_Support", "Version", "Model", "CPU", "UI_Mode", "SP", "IDP", "to_rule_item", "from_rule_item", "policy_result", "rule", "resource", "ppp_id", "tunnel_resource", "server_vip_ip", "server_vip_name", and "Canonical_Info" to "additional.fields".
2022-07-22 Enhancement:
- Modified grok pattern to parse the date present in "RFC 3339" format.
- Added "gsub" to remove "/" from "resource_id".
2022-07-08 Enhancement:
- Mapped "uri_path" to "target.url".
- Mapped "protocol" to "network.application_protocol".
- Mapped "method" to "network.http.method".
- Mapped "User-Agent" to "network.http.user_agent".
- Mapped "s_ip" to "src.ip".
- Mapped "t_ip" to "target.ip".
- Mapped "t_port" to "target.port".
- Mapped "s_nat_ip" to "target.nat_ip".
- Mapped "ip_protocol" to "network.ip_protocol".
- Mapped "descrip" to "security_result.description".
- Mapped "user" to "principal.user.userid".
- Mapped "command" to "target.process.command_line".
When "application" is equal to "logger"
- Mapped "cipher_name" to "network.tls.cipher".
- Mapped "tls_version" to "network.tls.version".
- Mapped "resource_id" to "target.resource.id"
- Mapped "src_ip" to "principal.ip".
- Mapped "url" to "network.http.referral_url".
- Mapped "status" to "network.http.response_code".
2022-07-08 Enhancement:
- Mapped "uri_path" to "target.url".
- Mapped "protocol" to "network.application_protocol".
- Mapped "method" to "network.http.method".
- Mapped "User-Agent" to "network.http.user_agent".
- Mapped "s_ip" to "src.ip".
- Mapped "t_ip" to "target.ip".
- Mapped "t_port" to "target.port".
- Mapped "s_nat_ip" to "target.nat_ip".
- Mapped "ip_protocol" to "network.ip_protocol".
- Mapped "descrip" to "security_result.description".
- Mapped "user" to "principal.user.userid".
- Mapped "command" to "target.process.command_line".
When "application" is equal to "logger"
- Mapped "cipher_name" to "network.tls.cipher".
- Mapped "tls_version" to "network.tls.version".
- Mapped "resource_id" to "target.resource.id"
- Mapped "src_ip" to "principal.ip".
- Mapped "url" to "network.http.referral_url".
- Mapped "status" to "network.http.response_code".