Change log for VMWARE_NSX

Date	Changes
2024-09-25	Enhancement : - When "action" is "DROP" then set "security_result.action" to "BLOCK". - When "action" is not null then mapped "action" to "security_result.action_details".
2024-07-09	Enhancement : - Added "gsub" to replace "\\r\\n" from the message.
2024-06-17	Enhancement : - Added Grok patterns to parse newly ingested logs. - Mapped "type" to "metadata.product_event_type". - Mapped "protocol" to "network.ip_protocol". - Mapped "rule_id" to "security_result.rule_id". - When "direction" is "IN", then mapped "network.direction" to "INBOUND". - When "action" is "PASS", then mapped "security_result.action_details" to "ALLOW". - When "action" is "FAIL", then mapped "security_result.action_details" to "BLOCK". - When "src_ip" and "dst_ip" are not null, then mapped "metadata.event_type" to "NETWORK_CONNECTION".
2024-06-10	Enhancement : - Added a new Grok pattern to parse a new format of SYSLOG logs.
2023-11-15	Enhancement : - From "Old Value" field: - Mapped "unique_id" to "principal.resource.product_object_id". - Mapped "resource_type" to "principal.resource.sub_type". - Mapped "_create_user","_last_modified_user" to "principal.user.email_addresses". - Mapped "action" to "security_result.action". - Mapped "rule_id" to "security_result.rule_id". - Mapped "display_name" to "principal.resource.name". - Mapped "_last_modified_time" to "principal.resource.attribute.last_update_time". - Mapped "_create_time" to "principal.resource.attribute.creation_time". - Mapped "parent_path" to "principal.resource.parent". - Mapped "path" to "principal.process.file.full_path". - Mapped "id" to "principal.resource.id". - From New Value field: - Mapped "resource_type" to "target.resource.sub_type". - Mapped "unique_id" to "target.resource.product_object_id". - Mapped "path" to "target.process.file.full_path". - Mapped "display_name" to "target.resource.name". - Mapped "id" to "target.resource.id". - Mapped "vmw_host" to "target_details.hostname or target_details.ip" based on value in vmw_host. - Mapped "vmw_product" to "target.application". - Mapped "vmw_vcenter" to "target.cloud.availability_zone". - Mapped "vmw_cluster" to "target.resource.name". - Mapped "vmw_object_id" to "target.resource.product_object_id". - Mapped "vmw_datacenter" to "target.resource.attribute.labels". - Mapped "vmw_vcenter_id" to "target.resource.attribute.labels". - Mapped "vmw_vr_ops_logtype" to "intermediary.resource.attribute.labels". - Mapped "vmw_vr_ops_appname" to "intermediary.application". - Mapped "vmw_vr_ops_hostname" to "intermediary.hostname". - Mapped "vmw_vr_ops_nodename" to "intermediary.resource.attribute.labels". - Mapped "vmw_vr_ops_clustername" to "intermediary.resource.name". - Mapped "vmw_vr_ops_clusterrole" to "intermediary.resource.attribute.labels.roles.name". - Mapped "vmw_vr_ops_id" to "intermediary.resource.product_object_id".
2023-10-13	Enhancement : - Modified a Grok pattern to parse "sourceIp" with ports. - Mapped "vmw_host","vmw_product","vmw_vcenter","vmw_cluster","vmw_vr_ops_id","vmw_object_id","vmw_datacenter","vmw_vcenter_id","vmw_vr_ops_logtype","vmw_vr_ops_appname","vmw_vr_ops_hostname","vmw_vr_ops_nodename","vmw_vr_ops_clustername","vmw_vr_ops_clusterrole","managedExternally","update","filepath","eventType","resourceId" to "principal.resource.attribute.labels". - Mapped fields in "payload" to "principal.resource.attribute.labels". - Mapped "client" to "principal.ip" - Mapped fields in "new_value" to "target.resource.attribute.labels".
2023-10-03	Enhancement : - Added a Grok pattern to check if "sourceIp" is a valid IP address or not prior mapping it to UDM field.
2023-09-12	Enhancement : - Added support for syslog logs that have "New value" and "Old value" fields.
2023-06-26	Enhancement: - Mapped values in "PASS", "DROP", "REJECT", "NAT", "NONAT", "RDR", "NORDR", "PUNT", "REDIRECT", and "COPY" to "additional.fields" key as "Network_Status".
2023-03-07	Enhancement: - Mapped "errorCode" to "security_result.detection_fields". - Mapped "app_type" to "principal.application". - Mapped "tname", "s2comp", "node" to "principal.resource.attribute.labels". - Mapped "exe" to "target.process.file.full_path". - Mapped "dst_ip" to "target.ip". - Mapped "ses" to "network.session_id". - Mapped "hostname" to "principal.ip". - Mapped "direction" to "network.direction". - Mapped "reqId" to "metadata.product_log_id".
2022-06-10	Newly created parser