Change log for PROOFPOINT_ON_DEMAND

Date Changes
2024-11-28 Enhancement:
- Mapped "msgParts.metadata.company" and "msgParts.metadata.author" to "security_result.detection_fields".
- Removed duplicate mapping of "email.subject".
- Changed mapping of "filter.modules.dmarc.authResults.*" fields from "additional.fields" to "security_result.detection_fields".
2024-08-28 Enhancement:
- Changed "security_result.detection_fields" key from "filterQid" to "qid".
2024-08-21 Enhancement:
- Mapped "metadata.origin.data.cid" to "additional.fields".
2024-07-22 Enhancement:
- If "about.file.size" is a valid Unsigned Integer, then mapped "msgPart.detectedSizeBytes" to "about.file.size".
- Added support for new pattern of SYSLOG logs.
2024-07-09 Enhancement:
- Mapped "msg.header.x-mailer" to "additional.fields".
2024-07-09 Enhancement:
- Mapped "msg.header.x-mailer" to "additional.fields".
2023-11-13 Enhancement:
- Mapped "subject" to "network.email.subject".
- Mapped "messageID" to "network.email.mail_id".
- Mapped "fromAddress" to "network.email.from".
- Mapped "ccAddresses" to "network.email.cc".
- Mapped "replyToAddress" to "network.email.reply_to".
- Mapped "toAddresses" to "network.email.to".
- Mapped "sender" to "principal.user.email_addresses".
- Mapped "senderIP" to "principal.ip".
- Mapped "recipient" to "target.user.email_addresses".
- Mapped "spamScore", "phishScore", "threatsInfoMap", "impostorScore", "malwareScore", "" to "security_result.detection_fields".
2023-10-26 Enhancement:
- Mapped "msg.headeparsedAddressesr.from.0" to "principal.user.email_addresses".
- Modified mappings from using deprecated UDM fields to alternative fields.
- Added mapping from "about.labels" to "about.resource.attribute.labels".
- Added mapping from "principal.labels" to "principal.resource.attribute.labels".
2023-06-05 - Added check to "msg.header.reply-to.0" prior mapping to UDM to check if it is any array of emails.
- Added not "-1" check to "msgPart.detectedSizeBytes" prior mapping to UDM.
2022-07-14 Enhancement to map following element to UDM element:
Mapped langs to additional.fields.
Mapped definitions to security_result.summary.
Mapped engine to metadata.product_version.
2022-06-29 Enhancement - Added gsub to remove '<>' from the fields 'sm.msgid' and 'msg.header.message-id.0' mapped to 'network.email.mail_id'.
2022-05-20 Enhancement to map following elements to UDM elements:
Mapped 'tls.verify', 'filter.disposition' to 'security_result.action_details'.
Mapped 'filter.modules.dmarc.authResults.result' to 'additional.fields'.
Mapped 'filter.quarantine.module', 'filter.quarantine.folder', 'filter.quarantine.type', 'filter.quarantine.folderId', 'filter.modules.spam.scores.overall', 'filter.modules.spam.scores.engine', 'filter.modules.spam.scores.classifiers.spam', 'filter.modules.spam.scores.classifiers.mlxlog', 'filter.modules.spam.scores.classifiers.phish', 'filter.modules.spam.scores.classifiers.impostor', 'filter.modules.spam.scores.classifiers.lowpriority', 'filter.modules.spam.scores.classifiers.mlx', 'filter.modules.spam.scores.classifiers.bulk', 'filter.modules.spam.scores.classifiers.suspect', 'filter.modules.spam.scores.classifiers.malware', 'filter.modules.spam.scores.classifiers.adult' to 'security_result.detection_fields'.
2022-04-13 Enhancement to map following element to UDM element:
Mapped filter.modules.av.virusNames to 'security_result.threat_name'.