Change log for FORCEPOINT_DLP

Date Changes
2025-08-20 Enhancement:
- event.idm.read_only_udm.target.hostname and event.idm.read_only_udm.target.asset.hostname: Newly mapped `destinationDnsDomain` raw log field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field.
- event.idm.read_only_udm.intermediary.hostname: Newly mapped `ahost` raw log field to `event.idm.read_only_udm.intermediary.hostname` UDM field.
- event.idm.read_only_udm.intermediary.ip: Newly mapped `agt` raw log field to `event.idm.read_only_udm.intermediary.ip` UDM field.
- event.idm.read_only_udm.intermediary.namespace: Newly mapped `agentZoneURI` raw log field to `event.idm.read_only_udm.intermediary.namespace` UDM field.
- event.idm.read_only_udm.intermediary.mac: Newly mapped `amac` raw log field to `event.idm.read_only_udm.intermediary.mac` UDM field.
- event.idm.read_only_udm.observer.ip: Newly mapped `dvc` raw log field to `event.idm.read_only_udm.observer.ip` UDM field.
- event.idm.read_only_udm.observer.hostname: Newly mapped `dvchost` raw log field to `event.idm.read_only_udm.observer.hostname` UDM field.
- event.idm.read_only_udm.observer.mac: Newly mapped `dvcmac` raw log field to `event.idm.read_only_udm.observer.mac` UDM field.
- event.idm.read_only_udm.observer.namespace: Newly mapped `deviceZoneURI` raw log field to `event.idm.read_only_udm.observer.namespace` UDM field.
- event.idm.read_only_udm.additional.fields: Newly mapped `cs2`, `start`, `end`, `mrt`, `art`, `rt`, `fileType`, `atz`, `dtz`, `geid`, `cefVer`, `aid`, `maxMatches` raw log field to `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.security_result.detection_fields: Newly mapped `categorySignificance`, `categoryBehavior`, `categoryDeviceGroup`, `catdt`, `categoryOutcome`, `categoryObject` raw log field to `event.idm.read_only_udm.security_result.detection_fields` UDM field.
- event.idm.read_only_udm.security_result.severity_details: Newly mapped `header_severity` raw log field to `event.idm.read_only_udm.security_result.severity_details` UDM field.
- Modified Grok pattern to include `header_severity` extraction from the CEF header.
- Added gsub to pre-process kv_data to handle keys prefixed with `ad.`.
- Added logic to use `header_severity` from the CEF header as a fallback for `security_result.severity` and `security_result.severity_details`.
- Conditionally set `event.idm.read_only_udm.metadata.event_type` to `EMAIL_TRANSACTION` when `sourceServiceName` is "SMTP".
- Adjusted conditional checks for `sourceHostname` and `sourceHost` to map them unless they are empty or exactly "N/A".
2025-03-06 Enhancement:
- Mapped "inter_host" to "intermediary.hostname".
2025-02-19 Enhancement:
- Mapped "violationTriggers.*" fields to "additional.fields".
2025-01-03 Enhancement:
- Mapped "violationTriggers.VZ CPNI" and "violationTriggers.Controlled Unclassified Information: Portion Marking" to "additional.fields".
2024-11-19 Enhancement:
- Added support for new CEF format logs.
2024-08-05 Enhancement:
- When "act" is "Quarantined", then mapped "act" to "security_result.action_details" and "security_result.action" to "ALLOW".
- Mapped "caseDescription" to "metadata.description".
- Mapped "eventIDs" to "metadata.product_event_type".
- When "sourceServiceName" is a valid application_protocol, then mapped "sourceServiceName" to "network.application_protocol".
- Mapped "productVersion" to "metadata.product_version".
- Mapped "riskScore" to "additional.fields".
2024-05-20 Enhancement:
- Mapped "fname" to "target.file.full_path".
- Mapped "destinationHosts" to "target.hostname" and "target.asset.hostname".
- Mapped "productVersion" and "analyzedBy" to "additional.fields".
2024-03-25 Bug-fix:
- Added support for new format logs.
- Mapped "timeStamp" to "metadata.event_timestamp".
- Mapped "act" to "security_result.description".
- Mapped "cat" to "security_result.category_details".
- Mapped "severityType" to "security_result.severity".
- Mapped "msg" to "metadata.description".
- Mapped "eventId" to "metadata.product_log_id".
- Mapped "sourceServiceName" to "principal.application".
- Mapped "sourceHost" to "principal.hostname" and "principal.asset.hostname".
- Mapped "sourceIp" to "principal.ip" and "principal.asset.ip".
- Mapped "suser" to "principal.user.userid".
- Mapped "loginName" to "principal.user.user_display_name".
2022-11-07 - Newly Created Parser.