Change log for VECTRA_STREAM

Date Changes
2024-07-26 Enhancement:
- Mapped "attributes" to "additional.fields".
2024-06-18 Enhancement:
- Mapped "first_orig_resp_data_pkt", "first_orig_resp_data_pkt_time", "cookie", "keyboard_layout", "name", and "query_scope" to "additional.fields".
- Mapped "operation" to "security_result.action_details".
2024-02-26 Enhancement:
- Handled DHCP logs.
2024-01-12 Enhancement:
- Handled invalid JSON in "rcpt_to" field.
2023-10-15 Enhancement:
- Handled unparsed JSON logs having field "metadata_type" as "metadata_smbfiles".
- Mapped "dns_server_ips" to "principal.ip".
- Mapped "assigned_ip" to "network.dhcp.yiaddr".
- Mapped "dhcp_server_ip" to "network.dhcp.giaddr".
- Mapped "path" to "target.file.full_path".
2023-09-14 Fix -
- Initialized "uid", "metadata_type", "orig_sluid", "intermediary", "has_target_file", "qclass_name" to null.
- Added not null check to "uid" and "metadata_type" prior to mapping to UDM.
- Mapped "orig_sluid" to "principal.hostname" if "orig_hostname" is null.
- Mapped "qclass_name" to "question.name".
- Added a check to event_type "FILE_MODIFICATION" to verify that "target.file" is not null.
2023-07-31 Bug-Fix-
- Added "on_error" check for 'date' filter.
2023-07-24 Bug-Fix-
- Added check for 'UNIX' and 'UNIX_MS' timestamp check before mapping "certificate.not_valid_after" to "network.tls.client.certificate.not_after".
- Added check for 'UNIX' and 'UNIX_MS' timestamp check before mapping "certificate.not_valid_before" to "network.tls.client.certificate.not_before".
2022-10-27 Enhancement-
Added Json support for the logs.
Added extra grok pattern for failing logs.
Added extra grok pattern for the "_raw" data present in some json logs.
Added "metadata_type" conditions along with already present "log_type" conditions for json logs.
Mapped "status_code" to "network.http.response_code".
Mapped "user_agent" to "network.http.user_agent".
Added condtions to check if the data is from json log inorder to convert the integer/float values to string for variables:
"version_num","certificate.not_valid_before","certificate.not_valid_after","certificate.versio".
Added condtions to check if the data is from syslog inorder to convert the string values to boolean for variables:
"AA","RD","RA","TC","established".
Added condition to check if "duration" is extracted from json log or syslog.
Added grok pattern to extract "answers" as string from json logs.
2022-10-25 Enhancement-Added mappings
-common fields
sensor_uid mapped to observer.asset_id.
-metadata_radius
account_session_id mapped to network.session_id.
account_session_time mapped to network.session_duration.
calling_station_id mapped to intermediate.asset.product_object_id.
connect_info mapped to security_result.description.
radius_type mapped to metadata.description.
result mapped to security_result.summary.
nas_identifier mapped to target.user.attribute.roles.name.
dst_display_name mapped to target.hostname.
dst_luid mapped to target.asset.product_object_it.
src_display_name mapped to principal.hostname.
src_luid mapped to principal.asset.product_object_it.
-metadata_beacon
beacon_type mapped to metadata.description
beacon_uid mapped to network.session_id
ja3 mapped to network.tls.ja3
-metadata_httpsessioninfo
method mapped to network.http.method.
uri mapped to target.url.
host mapped to target.hostname.
referrer mapped to network.http.referral_url.
user_agent mapped to network.http.user_agent.
orig_mime_types mapped to principal.file.mime_type.
resp_mime_types mapped to target.file.mime_type.
status_code mapped to network.http.response_code.
status_msg mapped to security_result.summary.
proxied mapped to principal.ip.
host_multihomed mapped to additionals.key/value
-metadata_ldap
query mapped to principal.process.command_line.
result mapped to security_result.description.
result_code mapped to security_result.action_details.
-metadata_ntlm
hostname mapped to target.hostname.
domain mapped to target.domain.name.
status mapped to security_result.summary.
success mapped to seucirty_result.action.
-metadata_rdp
cookie mapped to target.user.userid
-metadata_smbfiles
action mapped to metadata.event_type (FILE_*)
name mapped to target.file.full_path.
version mapped to principal.platform_version.
-metadata_smbmapping
path mapped to target.file.full_path.
-metadata_ssh
client mapped to principal.application.
server mapped to target.application.
cipher_alg mapped to network.tls.cipher.
mac_alg mapped to additionals.key/value.
compression_alg mapped to additionals.key/value.
kex_alg mapped to additionals.key/value.
host_key_alg mapped to additionals.key/value.
host_key mapped to additionals.key/value.
hassh mapped to additionals.key/value.
hasshServer mapped to additionals.key/value.
2022-07-22 Enhancement-Added mappings
radius log type mapped to metadata.event_type=NETWORK_FLOW.
beacon log type mapped to metadata.event_type=NETWORK_FLOW.
httpsessioninfo log type mapped to metadata.event_type=NETWORK_NETWORK_HTTP.
ldap log type mapped to metadata.event_type=NETWORK_USER_STATS.
smbmapping log type mapped to metadata.event_type=NETWORK_FLOW.
ntlm log type mapped to metadata.event_type=NETWORK_CONNECTION.
rdp log type mapped to metadata.event_type=NETWORK_CONNECTION.
smbfiles log type mapped to metadata.event_type=NETWORK_FTP.
ssh log type mapped to metadata.event_type=NETWORK_CONNECTION.