Change log for AKAMAI_WAF

Date Changes
2024-09-10 Enhancement
- Mapped "attackData.ruleActions" to "security_result.action_details".
2024-05-21 Enhancement
- Mapped "rules.data" to "security_result.detection_fields".
- Mapped "rules.action", "rules.selector", and "rules.version" to "security_result.action_details".
- Mapped "rules.id" to "security_result.rule_id",
- Mapped "rules.tag" to "security_result.category_details".
- Mapped "rules.message" to "security_result.threat_name".
2024-03-01 Enhancement
- Mapped "attackData.configId" to "metadata.product_log_id" and "security_result.detection_fields".
2023-10-27 Enhancement
- Mapped "rule.id" to "security_result.rule_id".
- When "httpMessage.host" is not present, changed value set in "metadata.event_type" from "NETWORK_HTTP" to "GENERIC_EVENT".
- Added support to parse "attackData" when "attackData.rules" is an array.
2023-04-24 Enhancement
- Parsed logs ingested in CEF format.
2023-04-04 Enhancement
- Mapped 'reqHost' to 'target.hostname'.
- Mapped 'reqPort' to 'target.port'.
- Mapped 'reqPath' to 'target.url'.
- Mapped 'reqId' to 'network.session_id'.
- Mapped 'statusCode' to 'network.http.response_code'.
- Mapped 'reqMethod' to 'network.http.method'.
- Mapped 'UA' to 'network.http.user_agent'.
- Mapped 'bytes' to 'network.sent_bytes'.
- Mapped 'reqMethod' to 'network.http.method'.
- Parsed failing logs in syslog format.
- Added condition checks for 'attackData.rules' for proper parsing.
- Modified 'metadata.event_type' to 'NETWORK_HTTP' from 'STATUS_UPDATE' wherever possible.
2022-11-07 Enhancement
- update SecurityRules to check ["-"] also in data.
2022-08-12 Enhancement
- Mapped "security_policy_id" to security_result.rule_name.
- Mapped "non_deny_rules" to security_result.about.resource.attribute.labels.
- Mapped "deny_rule_format" to security_result.about.resource.attribute.labels.
2022-06-14 Enhancement-
Mapped proto to security_result.summary.
Mapped securityRules to security_result.rule_name.
Mapped city to principal.location.city.
Mapped country to principal.location.country_or_region.
Mapped cliIP to principal.ip.
Mapped cp to event.idm.read_only_udm.additional.fields.
Mapped reqId to metadata.product_log_id.
Mapped rspContentType to target.file.mime_type.
Mapped state to target.user.personal_address.state.
Mapped version to principal.asset.software.version.
2022-06-14 Enhancement-
Mapped proto to security_result.summary.
Mapped securityRules to security_result.rule_name.
Mapped city to principal.location.city.
Mapped country to principal.location.country_or_region.
Mapped cliIP to principal.ip.
Mapped cp to event.idm.read_only_udm.additional.fields.
Mapped reqId to metadata.product_log_id.
Mapped rspContentType to target.file.mime_type.
Mapped state to target.user.personal_address.state.
Mapped version to principal.asset.software.version.
2022-03-23 Bugfix-Fix for failed to parse data with all match patterns.
Added mappings for new fields.
eventId mapped to metadata.product_log_id.
eventDefinitionId mapped to target.resource.product_object_id.
eventDescription mapped to metadata.description.
eventName mapped to metadata.product_event_type.
eventTypeName mapped to additional.fields.
eventTypeId mapped to additional.fields.
eventData mapped to additional.fields.