Change log for NETAPP_ONTAP

Date Changes
2025-06-25 Enhancement:
- event.idm.read_only_udm.principal.ip: Newly mapped `accessLocation` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- event.idm.read_only_udm.principal.asset.ip: Newly mapped `accessLocation` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- event.idm.read_only_udm.principal.asset_id: Newly mapped `deviceId` raw log field with `event.idm.read_only_udm.principal.asset_id` UDM field.
- event.idm.read_only_udm.principal.asset.asset_id: Newly mapped `deviceId` raw log field with `event.idm.read_only_udm.principal.asset.asset_id` UDM field.
- event.idm.read_only_udm.principal.hostname: Newly mapped `deviceName` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field.
- event.idm.read_only_udm.principal.asset.hostname: Newly mapped `deviceName` raw log field with `event.idm.read_only_udm.principal.asset.hostname` UDM field.
- event.idm.read_only_udm.principal.administarative_domain: Newly mapped `domain` raw log field with `event.idm.read_only_udm.principal.administarative_domain` UDM field.
- event.idm.read_only_udm.target.file.names: Newly mapped `entityName` raw log field with `event.idm.read_only_udm.target.file.names` UDM field.
- event.idm.read_only_udm.target.file.full_path: Newly mapped `entityPath` raw log field with `event.idm.read_only_udm.target.file.full_path` UDM field.
- event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `entityType`, and `extension` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field.
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `entityAccessedTime` and `alertTimestamp` raw log fields with `event.idm.read_only_udm.metadata.event_timestamp` UDM field.
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field.
- event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `userDisplayName` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field.
- event.idm.read_only_udm.principal.user.userid: Newly mapped `userId` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field.
- event.idm.read_only_udm.additional.fields: Newly mapped `volumeId`, `volumeName`, `alertType`, `attributes.dataDestructionDetectedEntityCount`, and `attributes.changePercentage` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field.
- event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to `USER_UNCATEGORIZED` if `has_principal_user` is `true`.
2025-03-21 Enhancement:
- Mapped "severity" to "security_result.severity_details".
- Added Grok patterns to support new pattern of Syslog logs.
- Mapped "file_extn" to "security_result.detection_fields".
- Added gsubs to avoid new lines in "message".
- Added gsub to avoid additional quotations in "description".
2024-08-29 - Added support to parse unparsed logs.
- Mapped "descr" to "security_result.summary".
- Mapped "uid" to "metadata.product_log_id".
- Mapped "product_name" to "principal.hostname".
2023-04-03 Newly created parser.