Change log for SOPHOS_UTM

Date Changes
2025-07-25 Enhancement -
- `event.idm.read_only_udm.additional.fields` : Newly mapped `content-type`, `reason` , and `referer` raw log fields with `event.idm.read_only_udm.additional.fields` UDM fields.
- Added a new grok for the `url` raw log field to parse the `HOSTNAME` from the `url` raw log field and map it to the `target.hostname` and `target.asset.hostname` UDM field.
2024-12-18 Enhancement -
- Mapped "size" to "target.file.size".
- Mapped "subject" to "network.email.subject"
- Mapped "from" to "network.email.from".
- Mapped "to" to "network.email.to".
2024-10-10 Enhancement -
- Mapped "virus" to "security_result.detection_fields".
- Mapped "filename" to "target.file.names".
- Mapped "severity" to "security_result.severity_details".
- Added "gsub" to parse unparsed logs.
- Parsed "Authentication" logs to "USER_LOGIN" event type.
2024-05-29 Enhancement -
- Mapped "url" to "target.hostname" and "target.asset.hostname".
2022-06-30 Enhancement -
- Mapped "size" to "additional.fields".
- Mapped "fullreqtime" to "additional.fields".
- Mapped "category" to "security_result.detection_fields".
- Mapped "device" to "additional.fields".
- Mapped "exceptions" to "additional.fields".
- When "action" is equal to "DROP" then Mapped "security_result.action" to "BLOCK".
- Mapped "inter_host" to "intermediary.hostname".
2022-04-13 Enhancement - Added mappings for following fields:
- 'categoryname' to 'security_result.category_details'.
- 'user' to 'target.user.userid'
- 'ad_domain' to 'target.administrative_domain'
- 'group' to 'target.group.group_display_name'
- 'sys' to 'metadata.product_event_type'
- 'application' to 'principal.application'
- 'auth' to 'extensions.auth.auth_details'
- 'profile' to 'security_result1.rule_name'
- 'app-id', 'reputation', 'request', 'authtime', 'dnstime', 'aptptime', 'cattime', 'avscantime' to 'additional.fields'