Change log for AWS_WAF

Date	Changes
2026-01-10	Enhancement: - `event.idm.read_only_udm.metadata.product_version`: Newly mapped `formatVersion` raw log field with `event.idm.read_only_udm.metadata.product_version` UDM field. - `event.idm.read_only_udm.principal.location.country_or_region`: Newly mapped `httpRequest.country` raw log field with `event.idm.read_only_udm.principal.location.country_or_region` UDM field. - `event.idm.read_only_udm.network.application_protocol_version`: Newly mapped `httpRequest.httpVersion` raw log field with `event.idm.read_only_udm.network.application_protocol_version` UDM field. - `event.idm.read_only_udm.target.application`: Newly mapped `httpRequest.scheme` raw log field with `event.idm.read_only_udm.target.application` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `rateBasedRuleList`, `requestBodySize`, and `requestBodySizeInspectedByWAF` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result`: Refactored mapping for `ruleGroupList.nonTerminatingMatchingRules` to create a distinct `security_result` entry for each rule. `ruleId` is mapped to `security_result.rule_id`, `action` to `security_result.action_details`, and `overriddenAction` to `security_result.action`. This prevents values from being overwritten when multiple rules are present. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `ruleGroupList.customerConfig` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field.
2025-08-12	Enhancement: - event.idm.read_only_udm.security_result.action: Newly mapped `matchingrules.overriddenAction` raw log field with `event.idm.read_only_udm.security_result.action` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `matchingrules.action` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field when `action` is `ALLOW` or `BLOCK`. - event.idm.read_only_udm.network.tls.client.ja3: Newly mapped `ja3Fingerprint` raw log field with `event.idm.read_only_udm.network.tls.client.ja3` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `ja4Fingerprint` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `labels` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
2025-04-25	Enhancement: - event.idm.read_only_udm.target.hostname: Newly mapped `http_request.url.hostname` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `http_request.url.hostname` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `Http_request.Url.Hostname` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `Http_request.Url.Hostname` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field.
2025-02-17	Enhancement: - Added support for OCSF JSON format logs.
2024-03-14	Enhancement: - Added gsub function to handle invalid escape characters "\" in the source logs to valid JSON format.
2023-12-29	Enhancement: - Mapped "user-agent" and "User-Agent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped the base64 decoded value of "authorization" header from "httpRequest.header" to "target.user.userid".
2023-12-08	Bug-Fix: - Modified the condition before mapping "header.value" to "target.hostname". - Modified the mapping of "target.url" from "http://%{header.value}%{httpRequest.uri}" to "httpRequest.uri". - If "terminatingRuleType" is "MANAGED_RULE_GROUP", then added a condition for mapping "ruleGroupList.terminatingRule". - Added "on_error" for mutate blocks wherever required".
2023-09-11	Enhancement: - Added a Grok pattern to support a new log format.
2023-08-16	Enhancement: - Mapped "ruleGroup.terminatingRule.action" to "security_result.detection_fields" when "terminatingRuleType" is "REGULAR".
2022-12-16	Enhancement: - Combined two date filters into one and updated condition for date filter to if "timestamp" is not null. - Dropped logs when "json_failure" is true. - Mapped "httpRequest.headers.value" to "event.idm.read_only_udm.network.http.parsed_user_agent" when "httpRequest.headers.name" is "user-agent".
2022-08-11	Enhancement:- Removed the logic to handle CSV and SYSLOG message logs.
2022-07-22	Newly Created Parser