Change log for SURICATA_EVE

Date Changes
2024-12-03 Enhancement:
- Added support to parse requested fields.
2024-11-07 Enhancement:
- Mapped "alert.metadata.stamus_classification" to "additional.fields".
- Mapped "alert.metadata.sightings_key" to "additional.fields".
- Mapped "alert.metadata.sightings_asset" to "additional.fields".
2024-09-11 Enhancement:
- Mapped "discovery" to "additional.fields".
2024-08-22 Enhancement:
- When "app_proto" is a valid enum value, then mapped to "network.application_protocol" else mapped it to "additional.fields".
- Mapped "dns.rrtype" to "network.dns.questions.type".
- Mapped "dns.rrname" to "network.dns.questions.name".
- Mapped "dns.id" to "network.dns.id".
- Mapped "see_id" to "network.session_id".
- Mapped "flow_id" to "additional.fields".
2024-05-16 Enhancement:
- Declared fields "direction", "dstnetwork", and "application_port".
2024-04-17 Enhancement:
- Mapped "payload_printable" to "additional.fields".
2022-08-17 Enhancement -
- Mapped dest_ip to target.ip.
- Modified mapping of security_result.severity from critical to high where severity is 1.
- Added a grok to parse logs with syslog header.
2022-07-25 Enhancement -
- Mapped "process.executable" to "principal.process.file.full_path".
- Mapped "process.pid" to "principal.process.pid".
- Mapped "process.command_line" to "principal.process.command_line".
- Mapped "service.type" to "additional.fields".
- Mapped "event.dataset" to "about.labels".
- Mapped "event.module" to "about.labels".
- Mapped "event.duration" to "about.labels".
- Mapped "agent.id" to "metadata.product_log_id".
- Mapped "agent.type" to "metadata.product_event_type".
- Mapped "agent.version" to "metadata.product_version".
- Mapped "agent.hostname" to "principal.hostname".
- Mapped "agent.name" to "principal.hostname".
- Mapped "agent.ephemeral_id" to "additional.fields".
- Mapped "ecs.version" to "principal.asset.attribute.labels".
- Mapped "process.args" to "about.file.capabilities_tags".
2022-07-08 Enhancement - Added mappings for following fields :
- 'tls.sni' mapped to 'target.hostname'.
- 'tls.issuerdn' mapped to 'network.tls.client.certificate.issuer'.
- 'tls.subject' mapped to 'network.tls.client.certificate.subject'.
- 'tls.serial' mapped to 'network.tls.client.certificate.serial'.
- 'tls.fingerprint' mapped to 'network.tls.client.certificate.sha256'.
- 'tls.version' mapped to 'network.tls.version'.
- 'tls.ja3.hash' mapped to 'network.tls.client.ja3'.
- 'tls.ja3s.hash' mapped to 'network.tls.server.ja3s'.
- 'tls.notbefore' mapped to 'network.tls.client.certificate.not_before'.
- 'tls.notafter' mapped to 'network.tls.client.certificate.not_after'.
- 'tls.sni' mapped to 'network.tls.client.server_name'.
- Modified the mappings for following fields :
- if 'alert.severity' has values 0,1,2 then 'security_result.severity' mapped to CRITICAL.
- if 'alert.severity' has values 3,4 then 'security_result.severity' mapped to HIGH.
- if 'alert.severity' has values 5,6,7 then 'security_result.severity' mapped to LOW.