Change log for VECTRA_DETECT

Date Changes
2024-08-21 Enhancement:
- Added support for a new pattern of syslog logs.
2024-07-22 Enhancement:
- Mapped "threat", "certainty", and "score_decreases" to "additional.fields".
2024-05-03 Enhancement:
- Mapped "detection_profile.name", "detection_profile.vname", and "detection_profile.scoringDetections" to "security_result.detection_fields".
2024-04-18 Enhancement:
- Mapped "msg.quadrant" to "security_result.priority_details".
2024-03-04 Enhancement:
- Added support for new pattern of "Audit" type logs.
- When "suser" is a valid email, then mapped "suser" to "principal.user.email_addresses".
- When "suser" is not a valid email, then mapped "suser" to "principal.user.userid".
- Added a conversion fail check for "flexNumber1" and "flexNumber2".
- When "src" is not empty, then set "metadata.event_type" to "STATUS_UPDATE".
- When "user_present" is "true", then set "metadata.event_type" to "USER_UNCATEGORIZED".
- When "principal_present" is "true" and "target_present" is "true", then set "mnetadata.event_type" to "NETWORK_CONNECTION".
- Aligned "target.ip" and "target.asset.ip" mappings.
- Aligned "target.hostname" and "target.asset.hostname" mappings.
- Aligned "principal.ip" and "principal.asset.ip" mappings.
- Aligned "principal.hostname" and "principal.asset.hostname" mappings.
2024-01-11 Enhancement:
- Added support for "Audit" and "Health" type logs.
- Mapped "message" to "security_result.summary".
- Mapped "security_result.action" to "BLOCK" when "result" is "failure".
- Mapped "security_result.action" to "ALLOW" when "result" is "true".
- Mapped "result" to "security_result.detection_fields".
- Mapped "type" to "metadata.product_event_type".
2023-10-12 Enhancement:
- Mapped "quadrant" to "security_result.priority_details".
- Added conditions to map "threat" to "security_result.severity" as "INFORMATIONAL", "LOW", "MEDIUM", "HIGH" and "CRITICAL".
- Added conditions to map "certainty" to "security_result.confidence" as "LOW_CONFIDENCE", "MEDIUM_CONFIDENCE" and "HIGH_CONFIDENCE".
2023-04-14 Enhancement -
- Mapped "device_version" to "metadata.product_version".
- Mapped "externalId" to "metadata.product_log_id".
- Mapped "event_name" and "device_event_class_id" to "metadata.product_event_type".
- Mapped "cat" to "security_result.category_details".
- Mapped "dvc" to "observer.ip".
- Mapped "dvchost" to "observer.hostname".
- Mapped "shost" to "principal.hostname".
- Mapped "src" to "principal.ip".
- Mapped "dst" to "target.ip".
- Mapped "dhost" to "target.hostname".
- Mapped "cs5" to "additional.fields".
- Mapped "cs4" to "metadata.target.url".
- Mapped "out" to "network.sent_bytes".
- Mapped "in" to "network.received_bytes".
- Mapped "dpt" to "target.port".
- Mapped "cs5" to read_only_udm.alert.
- Mapped "severity" to security_result.severity_details.
- Mapped "flexNumber1" to security_result.severity.
- Mapped "flexNumber2" to security_result.confidence.
- Mapped "proto" to "network.ip_protocol".
- Added "on_error" check for "severity" parameter.
2022-09-26 Enhancement -
- Mapped "version" to "metadata.product_version".
- Mapped "detection_id" to "metadata.product_log_id".
- Mapped "category" to "security_result.category_details".
- Mapped "d_type" to "additional.fields".
- Mapped "d_type_vname" to "additional.fields".
- Mapped "triaged" to "additional.fields".
- Mapped "headend_addr" to "observer.ip".
- Mapped "href" to "metadata.target.url".
- Mapped "dd_bytes_sent" to "network.sent_bytes".
- Mapped "account_uid" to "additional.fields".
2022-08-25 Enhancement -
- Converted the parser from SDM to UDM.
- Mapped "triage" to read_only_udm.alert.
- Mapped severity to security_result.severity_details.