Change log for SYMANTEC_WSS

Date Changes
2024-11-24 Enhancement :
- Added support to handle the unparsed syslog logs.
2024-09-24 Enhancement :
- Added support to handle JSON logs which were parsing as "GENERIC_EVENT".
2024-08-07 Enhancement :
- Added support to handle the unparsed JSON logs.
2024-05-31 Enhancement :
- When "when" is empty, then mapped "device_time" and "log_time" to "metadata.event_timestamp".
2024-01-23 Enhancement :
- Modified few Grok patterns to parse additional requested fields.
- Mapped "device_name" to "target.hostname" and "target.asset.hostname".
- Mapped "hostname" to "principal.hostname" and "principal.asset.hostname".
- Mapped "target_ip" to "target.ip" and "target.asset.ip".
- Mapped "result" to "security_result.action_details".
- Mapped "product_data.x-client-device-id" and "device_id" to "target.resource.product_object_id".
- If "has_principal" is "true" and "has_target" is "true", then set "metadata.event_type" as "NETWORK_CONNECTION".
2023-06-19 Bug-fix :
- Parsed JSON logs.
- Mapped "proxy_connection.src_ip" to "intermediary.ip".
- Mapped "connection.protocol_version" to "tls.version".
- Mapped "user.full_name" to "user.user_display_name".
- Mapped "connection.dst_location.country" to "target.location.country_or_region".
- Mapped "ref_uid" to "metadata.product_log_id".
- Mapped "network.ip_protocol" for "TCP" field.
- Mapped events without "target.host" and "target.ip" to "NETWORK_UNCATEGORIZED" event type.
- Parsed UNIX timestamp for "device_time" field.
2023-01-31 Enhancement:
- "product_data.x-client-device-name" mapped to "src.hostname".
- "connection.src_ip" mapped to "src.ip".
2022-08-29 Enhancement -
- Added grok pattern to parse syslog logs.
- Mapped field "supplier_country" to "principal.location.country_or_region".
- Added conditional check for fields "product_data.x-cs-connection-negotiated-cipher","product_data.x-bluecoat-transaction-uuid","product_data.r-supplier-country","product_ver","product_data.x-cs-client-ip-country","product_name".
- Added error check for field "product_data.sc-filter-result"
- Mapped field "src_ip" to "principal.ip".
- Mapped field "uri_scheme" to "network.application_protocol".
- Mapped field "uuid" to metadata.product_log_id".
- Mapped field "cs_connection_negotiated_cipher" to "network.tls.cipher".
- Mapped field "certificate_hostname" to "tls.client.server_name".
- Mapped field "cs_ssl_version" to "network.tls.version_protocol".
- Mapped field "certificate_validate" to "network.tls.server.certificate.subject".
- Mapped field "cs_icap_status" to "security_result.description".
- Mapped field "sent_bytes" to "network.sent_bytes".
- Mapped field "received_bytes" to "network.received_bytes".
- Mapped field "device_name" to "target.resource.name".
- Mapped field "device_id" to "target.resource.id".
- Mapped field "agent_type" to "observer.application".
- Mapped field "os_version" to "observer.platform_version".
- Mapped field "s_action" to "metadata.description".