Change log for STIX

Date Changes
2024-11-07 Enhancement:
- Added a Grok pattern to parse unparsed logs.
2024-10-15 Enhancement:
- Added support to parse unparsed logs.
- Removed duplicate code.
- Renamed field "extension-definition--322b8f77-262a-4cb8-a915-1e441e00329b" to "mitre-extension-definition" and mapped "mitre-extension-definition.extension_type" to "entity.resource.attribute.labels.value".
- Renamed field "extension-definition--f93e2c80-4231-4f9a-af8b-95c9bd566a82" to "sco-extension-definition" and mapped "sco-extension-definition.extension_type" to "entity.resource.attribute.labels.value".
2024-09-25 Enhancement:
- Mapped "x_ctix_confidence_score" to "threat_detail.confidence_score".
2024-09-25 Enhancement:
- Mapped "x_ctix_confidence_score" to "threat_detail.confidence_score".
2024-09-20 Enhancement:
- Added drop statement to drop unsupported logs.
- Mapped "modified" to "timestamp".
- Mapped "valid_from" to "entity_event.metadata.interval.start_time".
- Added support for logs with the "pattern" value "hostname:value".
- If the "entity_type" field is not equal to "File," then map the "valid_until" field to the value of "entity_event.metadata.interval.end_time."
2024-09-19 Enhancement:
- Added new Grok patterns to parse the field "pattern".
- Mapped "valid_until" to "metadata.interval.end_time".
2024-09-18 Enhancement:
- Added support for logs with the "pattern" value "ipv4:addr".
- Added support for logs with the "main_observable_type" value "Hostname".
- Mapped "confidence" to "threat_detail.confidence_score".
- When "main_observable_type" is "StixFile", then mapped "name" to "entity.entity.file.full_path".
2024-03-06 Enhancement:
- Added support for logs with the "type" value "indicator".
2024-02-07 Enhancement:
- Added support for entity field mappings for new set of ingested logs.
- Mapped "description" to "threat_detail.description".
- Mapped "external_references.0.source_name" to "entity_event.entity.hostname".
- Mapped fields present in nested JSON field "extensions.extension-definition" to "threat_detail.detection_fields".
2023-11-08 Enhancement:
- Added support for entity field mappings for new set of ingested logs.
- Mapped "entity_type" to "IP_ADDRESS" and "entity_event.entity.ip" to "ip" for "pattern" = "ipv4-addr".
- Mapped "entity_type" to "USER" and "entity_event.entity.user.email_addresses" to "mail" for "pattern" = "email-addr".
- Mapped "entity_type" to "FILE" and "entity_event.entity.file.sha256" to "sha256val","entity_event.entity.file.md5" to "MD5_val" and "entity_event.entity.file.sha1" to "sha1_val" for "pattern" = "file:hashes".
- Mapped "entity_type" to "DOMAIN_NAME" and "entity_event.entity.hostname" to "dom" for "pattern" = "domain-name".
- Mapped "entity_type" to "URL" and "entity_event.entity.url" to "url_val" for "pattern" = "url:value".
2023-03-24 Enhancement: Added support for entity field mappings.
2022-12-12 Bug Fix - Mapped timestamp to "metadata.event_timestamp".
- Added Grok patterns to identify the type of log.
- Added type specific blocks like 'md5', 'sha1', 'sha256', 'domain-name', 'mal_file_name' etc.
2022-12-03 Bug Fix - Parsed unparsed logs:
- Added Grok patterns to identify the type of log.
- Added type specific blocks like 'mal_md5', 'mal_url' etc.
- Parsed 'SHA-512' as 'security_result.detection_fields' due to large size.
2022-11-27 Newly created parser.