Change log for ZSCALER_CASB

Date	Changes
2025-03-28	Enhancement: - Added gsub to parse "ZSCALERFIREWALL" type of logs. - evnet.idm.read_only_udm.principal.asset.ip: Newly mapped `CLIENTIP` raw log field correctly with `evnet.idm.read_only_udm.principal.asset.ip` UDM field instead of mapping "CLIENTINTIP" twice.
2025-03-13	Enhancement: - Mapped "APPNAME" to "principal.application". - Mapped "CLIENTINTIP" to "principal.ip". - Mapped "CLIENTIP" to "principal.ip". - Mapped "HOST" to "principal.hostname". - Mapped "LOCATION" to "principal.location.name". - Mapped "DESTINATIONIP" to "target.ip". - Mapped "LOGINNAME" to "principal.user.email_addresses" if it matches email format, otherwise to "principal.user.userid". - Mapped "MALWARECAT" to "security_result.category_details". - Mapped "MALWARECLASS" to "security_result.threat_name". - Mapped "MD5HASH" to "principal.process.file.md5". - Mapped "NSSFEEDIP" to "principal.ip". - Mapped "PROTOCOL" to "network.application_protocol" if "HTTP" or "HTTPS", else to "network.ip_protocol" if "UDP". - Mapped "REASON" to "security_result.summary". - Mapped "RECORDID" to "metadata.product_log_id". - Mapped "REFERER" to "network.http.referral_url". - Mapped "REQMETHOD" to "network.http.method". - Mapped "REQSIZE" to "network.received_bytes". - Mapped "RESPCODE" to "network.http.response_code". - Mapped "RESPSIZE" to "network.sent_bytes". - Mapped "RISKSCORE" to "security_result.risk_score". - Mapped "SUPERCAT" to "security_result.category_details". - Mapped "THREATNAME" to "security_result.threat_name". - Mapped "URL" to "target.url". - Mapped "URLCAT" to "security_result.category_details". - Mapped "URLCLASS" to "security_result.description". - Mapped "USERAGENT" to "network.http.user_agent" and parsed it to "network.http.parsed_user_agent". - Mapped "ACTION" to "security_result.action_details" and to "security_result.action" based on the value ("Allowed" to "ALLOW", "Blocked" to "BLOCK"). - Mapped "APPCLASS" to "additional.fields". - Mapped "BWTHROTTLE" to "additional.fields". - Mapped "CTIME" to "additional.fields". - Mapped "DEPARTMENT" to "principal.user.department". - Mapped "DLPDICT" to "additional.fields". - Mapped "DLPENGINE" to "additional.fields". - Mapped "FILECLASS" to "additional.fields". - Mapped "FILETYPE" to "additional.fields".
2024-06-04	Enhancement: - Added the "gsub" function to handle invalid escape characters in the following fields: "filename", "fileid", "filemd5", and "filesource".
2024-03-27	Enhancement: - Added "gsub" function to handle invalid escape character in "filename".
2024-03-05	Enhancement: - Mapped "event.fileid", "event.intcollabnames", "event.extownername", "event.extcollabnames" to "additional.fields".
2024-01-29	Enhancement: - Added "gsubs" function to handle invalid escape character, "," in "filesource". - Added "gsubs" function to handle invalid escape character in "filename".
2023-12-21	Enhancement: - Added gsubs to handle invalid characters for unparsed JSON logs.
2023-09-30	Enhancement: - Mapped "event.login" to "principal.user.userid". If not available, set "principal.user.userid" to "n/a". - Added "on_error" check for "date" filter as "event.lastmodtime" which is an optional parameter.
2022-08-16	Newly created parser