Change log for BARRACUDA_EMAIL

Date Changes
2024-05-28 Enhancement-
- Mapped "attachments" to "additional.fields".
2024-01-08 Enhancement-
- Mapped "recipients.action" to "security_result.action_details".
- Mapped "recipients.email" to "network.email.to".
- Mapped "recipients.delivery_detail", "recipients.reason", "recipients.taxonomy", "recipients.reason_extra" and "recipient.delivered" to "security_result.detection_fields".
- Mapped "dst_domain" to "target.hostname".
- Mapped "geoip" to "target.location.country_or_region".
2023-01-19 Bug-Fix-
- Modified grok pattern to extract "subject" and mapped to "network.subject".
2022-12-16 Enhancement-
- Added grok pattern for new logs.
- Mapped "host" to "principal.hostname".
- Mapped "product_log_id" to "metadata.product_log_id".
- Mapped "network.application_protoco" to "SMTP" where process includes "smtp".
- Mapped "sender_email" to "network.email.from".
- Mapped "recipient_email" to "network.email.to".
- Mapped "network.direction" to "INBOUND" where process includes "inbound".
- Mapped "network.direction" to "OUTBOUND" where process includes "outbound".
- Mapped "target_ip" to "target.ip".
- Mapped "queue_id" to "security_result.detection_fields".
- Mapped "security_result.action" to "ALLOW" where "action_code" are "0" or "7" and "service" are "RECV" or "SCAN".
- Mapped "security_result.action" to "BLOCK" where "action_code" is "2" and "service" are "RECV" or "SCAN".
- Mapped "security_result.action" to "QUARANTINE" where "action_code" is "3" and "service" are "RECV" or "SCAN".
2022-05-19 Enhancement-modified data extraction for email and hdr_from to improve parsing.