Change log for IBM_DATAPOWER

Date	Changes
2024-06-18	Enhancement: - Added new Grok patterns to parse the new type of unparsed logs. - Mapped "target_host" to "target.hostname". - Mapped "prin_ip" to "principal.ip". - Mapped "prin_port" to "principal.port". - Mapped "prod_event_type" to "metadata.product_event_type".
2023-11-09	Enhancement: - Added new Grok patterns to parse the new type of unparsed logs. - Added new Grok patterns to parse "summary" from the log. - Mapped "principal_host" to "principal.hostname". - Changed the mapping of "user_id" from "principal.user.userid" to "target.user.userid". - For successful login events, "event_type" is mapped to "USER_LOGIN" and "security_result.action" to "ALLOW". - For failed login events, "event_type" is mapped to "USER_LOGIN" and "security_result.action" to "BLOCK".
2023-10-18	Enhancement: - Added a Grok pattern to parse the unparsed failed user login logs. - Added a Grok pattern to parse the fields "ip" and "user_id" from the logs. - Mapped "user_id" to "principal.user.userid". - If a log contains the value "failed to log in" in the description: Set "metadata.event_type" to "USER_UNCATEGORIZED". Set "extensions.auth.type" to "AUTHTYPE_UNSPECIFIED".
2022-12-26	Enhancement: - Added GROK pattern to parse the unparsed SYSLOG logs. - If log contains the Logged out and Logged fields, then "metadata.event_type" is set to either "USER_LOGOUT" or "USER_LOGIN".
2022-06-30	Enhancement: - Added a Grok pattern for retrieving "src_ip".
2022-06-10	Enhancement - The newly ingested SYSLOG format logs have been handled and parsed.. - If Log contains any response code value such as 200, 201,203 are mapped to 'network.http.response_code'. - If Log contains application protocols such as HTTP, FTP etc, are mapped to 'network.application_protocol'. - If Target IP and Principal Hostname are not null then metadata.event_type mapped to 'NETWORK_UNCATEGORIZED'. - If Source Ip and Principal Hostname are not null then metadata.event_type mapped to 'STATUS_UPDATE'.