Change log for IMPERVA_SECURESPHERE

Date Changes
2025-07-18 Enhancement:
- Added mappings for `cs7` and `cs11` raw log fields globally.
- Modified the condition to map `cs12` raw log field to `security_result.description` UDM field when `cs12Label` is not `OSUser`.
- Modified the condition to map `cs17` raw log field to `event.idm.read_only_udm.target.resource.resource_subtype` UDM field when `cs17Label` is not `Error`.
- `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `cs17` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field when cs17Label is `Error`.
2025-07-03 Enhancement:
- Added Grok patterns to support new pattern of syslog logs.
- `event.idm.read_only_udm.additional.fields`: Newly mapped `cs2`, `cs2Label`, and `additional_json_data` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field when cs2Label is `ServerGroup`.
- `event.idm.read_only_udm.target.application`: Newly mapped `cs5` raw log field with `event.idm.read_only_udm.target.application` UDM field when cs5Label is `ApplicationName`.
- `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `cs4` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field when cs4Label is `ServiceName`.
- `event.idm.read_only_udm.principal.application`: Newly mapped `cs6` raw log field with `event.idm.read_only_udm.principal.application` UDM field when cs11Label is `SrcApp`.
- `event.idm.read_only_udm.security_result.description`: Newly mapped `cs7` raw log field with `event.idm.read_only_udm.security_result.description` UDM field when cs7Label is `AlertDesc`.
- `event.idm.read_only_udm.target.resource.name`: Newly mapped `cs11` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field when cs11Label is `DatabaseName`.
- `event.idm.read_only_udm.target.resource.resource_type`: Newly mapped `DATABASE` with `event.idm.read_only_udm.target.resource.resource_type` UDM field when cs11Label is `DatabaseName`.
- `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `cs10` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field when cs10Label is `EventID`.
- `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `cs15` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field when cs15Label is not `ViolatedItem`.
- `event.idm.read_only_udm.security_result.threat_id`: Newly mapped `cs9` raw log field with `event.idm.read_only_udm.security_result.threat_id` UDM field when cs9Label is `AlertID`.
- `event.idm.read_only_udm.principal.user.userid`: Newly mapped `cs12` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field when cs12Label is `OSUser`
- `event.idm.read_only_udm.intermediary.hostname`: Newly mapped `inter_host` raw log field with `event.idm.read_only_udm.intermediary.hostname` UDM field.
- `event.idm.read_only_udm.principal.hostname`: Newly mapped `cs13` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field when cs13Label is `HostName`.
- Modified condition such that `cs2` raw log field is mapped to `event.idm.read_only_udm.principal.group.group_display_name` when `cs2Label` is `ServerGroup`.
- Modified condition such that `cs4` raw log field is mapped to `event.idm.read_only_udm.target.application` UDM field when `cs4Label` is `ApplicationName`.
- Modified condition such that `cs5` raw log field is mapped to `event.idm.read_only_udm.metadata.description` UDM field when `cs5Label` is `Description`.
- Modified condition such that `cs15` raw log field is mapped to `security_result.summary` UDM field when `cs15Label` is `ViolatedItem`.
- Modified condition such that `cs9` raw log field is mapped to `event.idm.read_only_udm.principal.user.userid` UDM field when `cs9Label` is `osUser`.
- Modified condition such that `cs8` raw log field is mapped to `event.idm.read_only_udm.target.resource.name` UDM field when `cs8Label` is `DatabaseName` or `ApplicationName`.
2024-04-01 Enhancement -
- Added support for JSON logs.
2023-04-26 Enhancement -
- Mapped "cs1" to "security_result.rule_name".
- Mapped "cs2" to "principal.group.group_display_name".
- Mapped "cs3" to "principal.hostname".
- Mapped "cs6" to "target.resource_ancestors.name".
- Mapped "cs7" to "target.resource_ancestors.resource_subtype".
- Mapped "cs5" to "metadata.description".
- Mapped "cs12" to "security_result.description".
- Mapped "cs14" to "target.resource.attribute.labels".
- Mapped "cs15" to "security_result.summary".
- Mapped "cs16" to "principal.process.command_line".
- Mapped "cs17" to "target.resource.resource_subtype".
- Parsed "severity" field.
- Mapped "act" to "security_result.action_details".
- Mapped "cs13" to "metadata.product_log_id".
2022-07-24 Enhancement -
- Mapped "proto" to "network.ip_protocol".
- Mapped "severity" to "security_result.severity_details".
- Mapped "cs1Label" to "security_result.detection_fields".
- Mapped "cs2Label" to "security_result.detection_fields".
- Mapped "cs3Label" to "security_result.detection_fields".
- Mapped "cs4" to "target.application".
- Mapped "cs5Label" to "security_result.detection_fields".
- Mapped "cs8" to "target.resource.name".
- Mapped "cs9" to "principal.user.userid".
- Mapped "cs10Label" to "additional.fields".
- Mapped "cs11" to "principal.application".
- Mapped "cs12Label" to "additional.fields".
- Mapped "cs13Label" to "additional.fields".
- Mapped "cs14Label" to "additional.fields".
- Mapped "cs16Label" to "additional.fields".
- Mapped "cs17Label" to "additional.fields".