Change log for CATO_NETWORKS

Date Changes
2024-11-15 Enhancement -
- When "action" value is Monitor","Alert", and "Succeeded" then mapped "security_result.action" to "ALLOW".
- When "action" value is "Block" and "BLOCK" then mapped "security_result.action" to "BLOCK".
2024-01-26 Enhancement -
- Mapped "dest_port" to "target.port".
- Mapped "os_type" to "principal.platform".
- Mapped "pop_name" to "additional.fields".
- Mapped "domain_name" to "principal.administrative_domain".
- Mapped "account_id" to "target.user.userid".
- Mapped "event_sub_type" to "metadata.description".
- Mapped "rule_name" to "security_result.rule_name".
- Mapped "rule_id" to "security_result.rule_id".
- Mapped "user_id" to "principal.user.userid".
- Mapped "http_host_name" to "principal.hostname" and "principal.asset.hostname".
- Mapped "src_site_name", "event_type", "event_count", "dns_name", "insertionDate", "action", "subnet_name", "internalId", "src_site", "categories", "app_stack", "custom_categories", "ISP_name", and "rule" to "additional.fields".
- Mapped "src_country_code" to "principal.resource.attribute.labels".
- Mapped "dest_country_code" to "target.resource.attribute.labels".
- Mapped "src_is_site_or_vpn", and "is_sanctioned_app" to "security_result.detection_fields".
- Mapped "src_isp_ip" and "src_ip" to "src.ip" and "src.asset.ip".
- Mapped "application" to "principal.application".
- Mapped "ip_protocol" to "network.ip_protocol".
- Mapped "src_country" and "sourceCountry" to "principal.location.country_or_region".
- Mapped "dest_country" to "target.location.country_or_region".
- Mapped "tar_ip" and "dest_ip" to "target.ip" and "target.asset.ip".
- Mapped "prin_ip" to "principal.ip" and "principal.asset.ip".
2023-05-19 Enhancement -
- Added support for new logs by mapping all fields under 'fieldsMap'.
- Refactored code wherever possible.