Change log for SONIC_FIREWALL

Date	Changes
2023-05-26	Enhancement - - Mapped "fw_action" to "security_result.action_details". - Mapped "spkt" to "network.sent_packets".
2023-03-08	Enhancement - - Added a condition check to "User" field to parse the appropriate field (i.e. principal.user.email_addresses or principal.user.user_display_name or principal.user.userid). - Removed "pri" from "security_result.detection_fields" and mapped it to "security_result.severity". - Mapped "usr" to "principal.user.email_addresses". - Mapped "vpnpolicy" field to "security_result.detection_fields". - Mapped "cdur" field to "security_result.detection_fields". - Mapped "sess" field to "security_result.detection_fields".
2023-03-06	Enhancement - - Mapped "fw" to "observer.ip" instead of target.ip.
2023-02-22	Enhancement - - Events are parsing traffic as "NETWORK_HTTP" are mapped to "NETWORK_CONNECTION" instead, when the protocol is not HTTP. - Mapped "msg" to "security_result.summary" where "fw_action" is equal to "drop" Mapped "BLOCK" to "security_result.action". - Mapped "fw" to "observer.ip" and "src" to "principal.ip".
2022-06-24	Enhancement - - Mapped "msg" to "security_result.summary". - Where "fw_action" is equal to "drop" Mapped "BLOCK" to "security_result.action". - Mapped "sent" to "network.sent_bytes". - Mapped "rcvd" to "network.received_bytes". - Mapped "usr" to "principal.user.userid". - Mapped "pri" to "additional.fields". - Mapped "sn" to "additional.fields". - Mapped "id" to "target.resource.id".
2022-05-26	Bug fix- Mapped duration to network.session_duration.seconds. Mapped user to principal.user.userid. Mapped agent to network.http.user_agent. Mapped avgThroughput to target.resource.attribute.labels. Mapped bytesIn to network.sent_bytes. Mapped bytesOut to network.received_bytes. Mapped bytesTotal to target.resource.attribute.labels. Mapped maxThroughput to target.resource.attribute.labels. Mapped dst to target.ip. Mapped fw to principal.ip. Mapped pri to event.idm.read_only_udm.additional.fields.
2022-05-19	Enhancement - Converted parser from SDM to UDM (changed mapping from webproxy fields to event fields).