Change log for BITDEFENDER

Date Changes
2023-05-02 Enhancement:
- Parsed logs ingested in CEF format.
2022-09-28 Enhancement:
- Mapped "security_result.action" to "BLOCK" when "status" is "portscan_blocked" or "uc_site_blocked".
- Mapped "security_result.action" to "BLOCK" when "main_action" is "blocked".
- Mapped "security_result.action" to "BLOCK" when "actionTaken" is "block".
- Mapped "security_result.action" to "BLOCK" when "final_status" is "blocked" or "deleted".
- Mapped "security_result.action" to "ALLOW" when "final_status" is "ignored" or "still present".
- Mapped "security_result.action" to "ALLOW" when "main_action" is "no action".
- Mapped "security_result.action" to "QUARANTINE" when "final_status" is "quarantined".
- Mapped "security_result.action" to "ALLOW_WITH_MODIFICATION" when "final_status" is "disinfected" or "restored".
2022-08-17 Enhancement
- Modified mapping for "source_ip" from "principal.ip" to "srcc.ip".
- Set "event_type" to "SCAN_NETWORK" when "module" is equal to "network-monitor" or "fw".
- Mapped "user.userSid" to "principal.user.windows_sid".
- Mapped "user.userName" to "target.user.user_display_name".
- Mapped "protocol_id" to "network.ip_protocol".
- Set "security_result.action" to "BLOCK" when "status" is equal to "portscan_blocked" or "uc_site_blocked".
- Mapped "local_port" to "principal.port".
- Mapped "actionTaken" to "security_result.action".
- Mapped "detection_attackTechnique" to "security_result.detection_fields".
2022-08-13 Bug-fix - Modified mapping for the field 'computer_name' from 'principal.asset.hostname' to 'event.idm.read_only_udm.principal.resource.attribute.labels'.
2022-08-11 Bug fix-
- Modified conditional checks for the field 'main_action' mapped to 'security_result.action'.
- Mapped 'STATUS_UPDATE' to 'metadata.event_type' for the logs having 'task-status' module.
2022-04-14 Enhancement-Added mappings for computer_name, computer_id, uc_type, block_type,status,product_installed.
2022-03-30 Bug fix-Corrected the timestamp error and mapped the fields user.id, user.name, companyId, computer_name, computer_fqdn, computer_ip, computer_id, url and categories.