Change log for FIREEYE_HX

Date Changes
2024-10-23 Enhancement:
- Mapped "cs12" to "additional.fields".
- Mapped "cs9" to "target.process.file.md5".
2024-10-15 Enhancement:
- Mapped "account_name", "UUID", "Mitre", "host_details.data.sysinfo.url", "host_details.route", "host_details.data.reported_clone", and "host_details.data.timezone" to "security_result.detection_fields".
- Mapped "Desc" to "metadata.description".
- Mapped "Confidence" to "security_result.confidence".
- Mapped "alert.appliance._id" to "additional.fields".
- Mapped "host_details.data.stats.acqs", "host_details.data.stats.alerting_conditions", "host_details.data.stats.alerts", "host_details.data.stats.exploit_alerts", "host_details.data.stats.exploit_blocks", and "host_details.data.stats.false_positive_alerts" to "security_result.detection_fields".
2024-09-12 Enhancement:
- Mapped "categoryOutcome", "cs13" to "additional.fields".
- Mapped "cs6" to "target.process.file.sha1".
- Mapped "cs9" to "target.process.file.md5".
2024-08-28 Enhancement:
- Mapped "host_details.message" to "security_result.action_details".
- Mapped "alert.md5values", "alert.resolution", "alert.is_false_positive", and "alert.alert_type" to "additional.fields".
- Mapped "type.threat_type" to "security_result.threat_name".
- Mapped "ent.lms_event_id" to "metadata.product_log_id".
- Mapped "email.smtp.mail_from" to "network.email.from".
- Mapped "email.headers.subject" to "network.email.subject".
- Mapped "email.headers.to" to "network.email.to".
- Mapped "ent.type", "ent.id", "ent.name", "ent.object_source", "ent.binary", and "ent.attributes.scan_id" to "security_result.detection_fields".
2024-08-13 Enhancement:
- Mapped "cs11Label" to "additional_cs11Label.key".
- Mapped "cs11" to "additional_cs11.value".
2024-04-04 Enhancement:
- Added a Grok pattern retrieve JSON data to parse unparsed logs.
- Mapped "alert.sysinfo.mac_address" to "principal.mac".
- Mapped "host_details.data.agent_version" to "metadata.product_version".
- Mapped "alert.url" to "metadata.url_back_to_product".
- Mapped "description" to "metadata.description".
- Mapped "alert.event_type" to "metadata.product_event_type".
- Mapped "alert.agent._id" to "principal.asset.asset_id".
- Mapped "alert.event_id" to "metadata.product_log_id".
2024-04-03 Enhancement:
- Mapped "deviceCustomDate1Label" to "additional_deviceCustomDate1.key".
- Mapped "deviceCustomDate1" to "additional_deviceCustomDate1.value".
- Mapped "deviceCustomDate2" to "additional_deviceCustomDate2.value".
2024-04-02 Enhancement:
- Added a regex check to "fileHash" to map md5 and sha256 respectively.
2024-01-04 Enhancement:
- Added support for dropped logs.
- Mapped "client" to "principal.ip".
- Mapped "principal_ip" to "principal.ip".
- Mapped "remoteaddress" to "principal.ip".
- Mapped "host_" to "principal.hostname".
- Mapped "line" to "principal.application".
- Mapped "username" to "principal.user.userid".
- Mapped "client_app_type" to "principal.resource.attribute.labels".
- Mapped "upstream" to "target.url".
- Mapped "role" to "target.user.role_name".
- Mapped "server" to "target.resource.attribute.labels".
- Mapped "localusername" to "target.user.user_display_name".
- Mapped "request" to "additional.fields".
- Mapped "mlocked" to "additional.fields".
- Mapped "kernel_stack" to "additional.fields".
- Mapped "sessionID" to "network.session_id".
- Mapped "auth_mechanism" to "extensions.auth.mechanism".
- Mapped "authsubmethod" to "extensions.auth.auth_details".
2023-05-08 Enhancement -
- Supported new type of JSON logs.
- "client_ip" mapped to "principal.ip".
- "client_src_port" mapped to "principal.port".
- "ssl_version" mapped" to "network.tls.version_protocol".
- "ssl_cipher" mapped to "network.tls.cipher".
- "method" mapped to "network.http.method".
- "uri_path" mapped to "network.http.referral_url".
- "persistent_session_id" mapped to "network.session_id".
- "uri_query" mapped to "additional.fields".
- "rewritten_uri_query" mapped to "additional.fields".
- "virtualservice" mapped to "additional.fields".
- "service_engine" mapped to "additional.fields".
- "etag" mapped to "additional.fields".
- "pool" mapped to "additional.fields".
- "pool_name" mapped to "additional.fields".
- "request_state" mapped to "additional.fields".
- "compression" mapped to "additional.fields".
- "vs_name" mapped to "additional.fields".
- "request_id" mapped to "additional.fields".
- "headers_received_from_server.Server" mapped to "additional.fields".
- "headers_received_from_server.X-Request-Id" mapped to "additional.fields".
- "headers_received_from_server.X-Server-Id" mapped to "additional.fields".
2023-04-24 Enhancement -
- Added support for CEF format logs.
2022-08-19 Fix -
- Mapped event_values.ipv4NetworkEvent/localIP to "principal.ip".
- Renamed event to event1 from log to avoid no descriptor error.
- Added null check to host_details.data.primary_ip_address prior mapping it to "principal.ip".
- Added null check to host_details.data.primary_mac prior mappig to "principal.mac".
- Added null check to alert.reported_at prior mapping to "event.timestamp".