Change log for PAN_PRISMA_CA

Date Changes
2024-12-05 Enhancement:
- Mapped "record.region" to "principal.location.country_or_region".
- Mapped "record.policy.name" to "security_result.description".
- Mapped "record.account.cloudType" to "principal.cloud.environment".
- Mapped "record.policy.policyType", "record.policy.recommendation", and "record.policy.description" to "security_result.detection_fields".
- Mapped "record.policy.severity" to "security_result.severity".
- Mapped "record.policy.labels" to "additional.fields".
2024-11-27 Enhancement:
- Refreshed parser to have multi-valued arrayed entries altered to access commonly used fields without duplication within the array index.
2024-11-14 Enhancement:
- Added support for a new pattern of JSON logs.
- Mapped "callbackUrl" to "metadata.url_back_to_product".
- Mapped "errorMessage" to "metadata.description".
- Mapped "notificationRuleName" to "security_result.rule_name".
- Mapped "body", "title" to "additional.fields".
- Mapped "alarmType" to "principal.cloud.environment".
- Mapped "severity" to "security_result.severity".
2024-10-31 Enhancement:
- Mapped all instances of "aggregatedAlert.compilanceIssues" to different "security_result" blocks.
2024-10-17 Enhancement:
- Mapped "aggregatedAlert.vulnerabilities.imageID" to "extensions.vulns.vulnerabilities.about.file.sha256".
- Mapped "aggregatedAlert.vulnerabilities.imageName" to "extensions.vulns.vulnerabilities.about.file.path".
- Mapped "aggregatedAlert.vulnerabilities.distribution" to "extensions.vulns.vulnerabilities.name".
- Mapped "aggregatedAlert.vulnerabilities.newVulnerabilities.severity" to "extensions.vulns.vulnerabilities.severity".
- Mapped "aggregatedAlert.vulnerabilities.newVulnerabilities.cve" to "extensions.vulns.vulnerabilities.cve_id"
- Mapped "aggregatedAlert.vulnerabilities.newVulnerabilities.link" to "extensions.vulns.vulnerabilities.about.url".
- Mapped "aggregatedAlert.vulnerabilities.newVulnerabilities.status" to "extensions.vulns.vulnerabilities.description".
- Mapped "aggregatedAlert.vulnerabilities.newVulnerabilities.packages", "aggregatedAlert.vulnerabilities.newVulnerabilities.packageVersion", and "aggregatedAlert.vulnerabilities.newVulnerabilities.sourcePackage" to "target.resource.attribute.labels".
2024-09-15 Enhancement:
- Added support for a new pattern of JSON logs.
2024-06-21 Enhancement:
- Added support for a new pattern of unparsed JSON logs.
2024-06-18 Enhancement:
- Mapped "policyLabels" to "additional.fields".
- Mapped "policyType" to "security_result.detection_fields".
2024-06-17 Enhancement:
- Mapped "resource.unifiedAssetId" to "principal.asset.asset_id".
- Mapped "policyName" to "security_result.description".
- Mapped "resource.resourceConfigJsonAvailable", "resource.resourceDetailsAvailable", and "policy.deleted" to "additional.fields".
- Mapped "policy.recommendation", "policy.policyType", and "policy.description" to "security_result.detection_fields".
- Mapped "resource.url" to "principal.url".
- Mapped "reason" to "security_result.summary".
- Mapped "resource.region" to "principal.location.state".
- Mapped "resource.regionId" to "principal.location.country_or_region".
- Mapped "resource.resourceType" to "target.resource.resource_subtype".
- Mapped "resource.accountId" to "target.resource.product_object_id" and "target.resource.id".
- Mapped "resource.url" to "principal.url".'
- Mapped "reason" to "security_result.summary".
- If "resource.cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM".
2023-12-10 Enhancement:
- Added a Grok pattern to extract JSON part.
- Mapped "resourceId" to "principal.resource.product_object_id".
- Mapped "accountId" to "target.resource.product_object_id".
- Mapped "alertRuleName" to "security_result.rule_name".
- Mapped "accountName" to "target.resource.name".
- Mapped "hasFinding" to "security_result.detection_fields".
- Mapped "resourceRegionId" to "principal.cloud.availability_zone".
- Mapped "source" to "principal.application".
- Mapped "callbackUrl" to "metadata.url_back_to_product".
- Mapped "alertRuleId" to "security_result.rule_id".
- Mapped "alertId" to "security_result.detection_fields".
- Mapped "policyLabels" to "additional.fields".
- Mapped "policyName" to "security_result.description".
- Mapped "resourceName" to "principal.resource.name".
- Mapped "resourceRegion" to "principal.location.country_or_region".
- Mapped "policyDescription" to "security_result.detection_fields".
- Mapped "policyRecommendation" to "security_result.detection_fields".
- Mapped "resourceCloudService" to "principal.resource.attribute.labels".
- Mapped "resource.url" to "principal.url".
- Mapped "alertTs" to "security_result.detection_fields".
- Mapped "firstSeen" to "principal.asset.first_seen_time".
- Mapped "lastSeen" to "principal.asset.last_discover_time".
- Mapped "reason" to "security_result.summary".
- Mapped "alertStatus" to "security_result.detection_fields".
- If "severity" value is "HIGH", set "security_result.severity" to "HIGH".
- If "cloudType" value is "gcp", set "principal.cloud.environment" to "GOOGLE_CLOUD_PLATFORM".
2023-08-17 Newly created parser.