Change log for CISCO_ASA_FIREWALL

Date Changes
2024-10-09 - Added support for message number 313005 and 710003 for action field to security_result.action = "BLOCK".
2024-08-16 - Added support for "cisco_message_number" 302014 for "security_result.action_details" as "Teardown TCP connection".
2024-06-13 - Updated Grok pattern for "cisco_message_number" 721018.
- Added support for "cisco_message_number" 317078.
2024-04-24 Updated Grok pattern for "cisco_message_number" 713016, 212005.
2023-12-15 Updated Grok pattern for "cisco_message_number" 302014, 302015, and 302016.
2023-12-13 Updated the Grok pattern to handle unparsed logs issue.
2023-11-29 Aligned "principal/target.hostname" and "principal/target.asset.hostname" mapping.
2023-09-06 - Updated Grok pattern for "cisco_message_number" 302013.
2023-08-09 - Updated Grok pattern for "cisco_message_number" 302014, 302015, and 302016.
2023-06-14 Updated the parser to include "parse_network_http_user_agent" to use "Parsed User Agent" and "User Agent".
2023-05-17 - Added support for logs with '<' and '>' characters where 'cisco_message_number=722051'.
2023-05-02 - Updated mapping for the "ori_src_ip" and "ori_dst_ip" fields.
2023-03-29 Changed validation for NETWORK_CONNECTION event.
- Extracted "asa_device_ip" from syslog header and mapped it to "observer.ip".
- Changed mapping of user IP address from "target.ip" to "principal.ip" for
cisco_message_number=113015.
- Updated Grok pattern for cisco_message_number=402116, 402119, 419003,
713025,713034,104002.
- Added Grok pattern for cisco_message_number=713024, 210007.
2022-12-20 Enhancement
- Updated the Grok pattern for cisco_message_number=113005, 737026.
- Added new Grok pattern for cisco_message_number=109201.
- Mapped metadata.event_type as USER_UNCATEGORIZED when principal.user.userid is not null.
- Mapped metadata.event_type as STATUS_UNCATEGORIZED when principal.ip is not null.
2022-10-12 Bugfix
- Added new Grok pattern for cisco_message_number=302015 for outbound connection.
2022-09-28 Promoted CISCO_ASA_FIREWALL parser to default. As part of promotion
customer's symlink are also being removed.
For the field mapping differences, see field mapping changes