Change log for CISCO_ACS

Date Changes
2024-11-14 Enhancement:
- Added support to parse unparsed logs.
2023-09-26 Enhancement -
- Initialized "hostname" to null and added a hostname not null check prior setting "metadata.event_type" to "STATUS_UPDATE".
- Added a valid IP address check to "kv.DeviceIPAddress", "kv.Remote-Address" prior to mapping to UDM fields.
2022-08-19 Enhancement -
-Mapped "User-Name" to "principal.user.userid".
-Renamed ip:source-ip" to "source_ip" and Mapped it to "principal.ip".
-Renamed "kv.audit-session-id" to "kv.audit_session_id" and Mapped it to "network.session_id".
-Mapped "kv.AuthenticationMethod" to "additional.fields".
-Mapped "kv.SelectedAccessService" to "additional.fields".
-Mapped "kv.SelectedAuthorizationProfiles" to "security_result.detection_fields".
-Mapped "kv.SelectedAuthenticationIdentityStores" to "security_result.detection_fields".
-Mapped "kv.device-uid-global" to "principal.asset.product_object_id".
-Mapped "kv.device-uid" to "principal.asset.asset_id".
-Mapped "metadata.event_type" to "USER_UNCATEGORIZED" where kv.DestinationIPAddress and kv.NAS-IP-Address and kv.NAS-IP-Address and kv.UserName and kv.NetworkDeviceName is null.
-Added support for logs with LEEF format.
2022-06-14 Enhancement - Modified grok to parse logs of log_type = "CSCOacs_Passed_Authentications" which were failing due to multiple spaces.
- Replaced the value of 'device-mac' with the dummy value of "00:00:00:00:00:00" for logtype "CSCOacs_RADIUS_Accounting" in case of invalid value (00).
2022-06-06 Enhancement - Parsed logs of type "CSCOacs_Passed_Authentications" that doesn't have either of "DestinationIPAddress" or "NAS-IP-Address" present in the logs.
- Modified metadata.event_type from "USER_UNCATEGORIZED" to "USER_LOGIN" for logs of type "CSCOacs_Passed_Authentications"
2022-05-05 Enhancement - The newly ingested logs which do not have message code are parsed and dropped.
2022-04-27 Enhancement - Parsed the logs with log_type=CISE_TACACS_Accounting.