Change log for CISCO_EMAIL_SECURITY

Date Changes
2024-10-30 Bug-Fix:
- Changed mapping of "host_msg" from "principal.hostname" to "intermediary.hostname".
- When "host_msg" is an IP address, then mapped "host_msg" to "intermediary.ip".
2024-09-05 Enhancement:
- Mapped "host_msg" to "principal.hostname" and "principal.asset.hostname".
2023-10-05 Bug-Fix:
- Renamed the 'product_event' from 'amp' to 'SIEM_AMPenginelogs'.
2023-09-15 Enhancement:
- Added support for "SIEM_proxylogs","SIEM_webrootlogs","SIEM_AMPenginelogs" of json logs.
2023-09-04 Enhancement
- Added a Grok pattern to parse unparsed logs and mapped the fields accordingly.
- Added support for new pattern of JSON logs.
2022-12-16 Enhancement
- Modified conditional checks for the fields mapped to 'network.email.to', 'network.email.from', 'principal.user.email_addresses', 'target.user.email_addresses' and 'network.email.reply_to'.
- Added support for json logs :
- Mapped the field 'host' to 'principal.hostname'.
- Mapped the field 'domain' to 'target.administrative_domain'.
- Mapped the field 'mail_id' to 'network.email.mail_id'.
- Mapped the field 'mailto' to 'network.email.to' and 'target.user.email_addresses'.
- Mapped the field 'source' to 'network.ip_protocol'.
- Mapped the field 'reputation' to 'security_result.confidence_details'.
- Mapped the field 'log_type' to 'security_result.severity' and 'security_result.severity_details'.
- Mapped the field 'cribl_pipe' to 'additional.fields'.
2022-09-22 Enhancement
- Added a grok pattern for unparsed logs, having the field "product_event" as empty.
2022-08-02 Enhancement
- Added conditions for newly added event_type "STATUS_UPDATE", "USER_UNCATEGORIZED", "SCAN_PROCESS"
- Mapped "attack" to "security_result.category_details"
- Enahanced parser to parse "ESAAttachmentDetails" field of different types of logs.
2022-06-09 Enhancement- Mapped "from_user" to "principal.user.user_display_name".
- Updated "metadata.product_event_type" from "Consolidated Log Event" to "ESA_CONSOLIDATED_LOG_EVENT".
2022-06-07 Enhancement- Mapped suser to network.email.bounce_address.
2022-05-17 Enhancement - Mapped duser to network.email.to.
- Added on_error for product_version and product_description fields to avoid null value mapping to UDM.
- Added additional logic to parse logs starting with "DAY TIMESTAMP YEAR" format, for example: Wed Feb 18 00:34:12 2021.
2022-05-05 Enhancement-Used grok for network.email.from
2022-03-31 Enhancement-Added mappings for new fields.
- ESAReplyTo mapped to network.email.reply_to.
- duser mapped to network.email.to.