Change log for INFOBLOX

Date Changes
2024-09-17 Enhancement:
- Added a Grok pattern to support unparsed logs.
2024-05-03 Enhancement:
- Parsed unparsed NIOS logs by adding a new Grok pattern and KV filter.
2024-04-29 Enhancement:
- Added a Grok pattern to parse syslog logs.
2024-02-23 Enhancement:
- Mapped "queries" section in log to "network.dns.questions".
2023-11-07 Enhancement
- Parsed DNS response logs by adding new Grok patterns.
2023-10-30 Enhancement
- Parsed unparsed DNS logs using a Grok pattern.
2023-03-09 - Mapped "question.type" based on the "record_type" in the log.
2023-01-16 Bug-fix
- Added grok pattern for login and logout related logs.
- Mapped "USER_LOGIN" to "metadata.event_type" when "desc" is "login_allowed","login_denied".
- Mapped "USER_LOGOUT" to "metadata.event_type" when "desc" is "logout".
- Mapped "group" to "target.user.group_identifiers".
- Mapped "to" to "role.name".
- Mapped "trigger_event" to "seecurity_result.summary".
- Mapped "SSO" to "extensions.auth.type" based on "auth".
- Mapped "auth" to "extensions.auth.auth_details".
- Mapped "SERVICE","REMOTE" to "extensions.auth.mechanism" based on "apparently_via".
- Mapped "sys_host" to "principal.hostname" when "principal_ip" and "intermediary_ip" is null.
- Mapped "dns_question" to "network.dns.questions".
- Mapped "answers1" to "network.dns.answers".
- Mapped "USER_RESOURCE_ACCESS" to "metadata.event_type" when "principal_ip","clientMac" and "intermediary_ip" are null and "event_type" is "STATUS_UPDATE".
- Mapped "principal_ip" to "principal.ip".
- Mapped "principal_port" to "principal.port".
2022-12-12 - Added a grok pattern for "eventType" = "success".
2022-08-05 - Modified "event_type" from "GENERIC_EVENT" to "STATUS_UPDATE" to reduce generic percentage.
- Mapped "event.idm.read_only_udm.principal.ip" as "event.idm.read_only_udm.intermediary.ip" where "event.idm.read_only_udm.principal.ip" is null in order to facilitate mapping of "event_type" to "STATUS_UPDATE".
2022-07-10 Enhancement - Modified grok pattern to parse the logs.
Handled the dropped logs and mapped them to valid event_types.
- Dropped logs had following eventType, which are now handled:
"forward map", "Reverse", "Forward", "Removed", "Processed", "Dynamic", "Lease", "Unable", "reverse map", "bind", "map update", "parse_option_buffer", "Added","DDNS", "ICMP","update-security" ,"update","notify","general","LPF", "Sending".
- Also, following "process" were dropped earlier are now handled:
"netauto_discovery", "ntpd".
- Other condition checks like "msg1" containing "DNS update latency|pool|syslog|declaration|write|Consortium|reserved|duplicate|leases|visit|disconnected" are handled.
- Added new code block to handle "forward map", "Forward map", "Reverse map" and "reverse map" and made them parse.
- Added new code block to handle "bind", "netauto_discovery" and made them parse.
- Changed event type from "GENERIC_EVENT" to "STATUS_UPDATE" wherever possible.
2022-05-08 Bug - Changing the parser logic to map hostname.