Change log for STORMSHIELD_FIREWALL

Date	Changes
2026-01-22	Enhancement: - `event.idm.read_only_udm.principal.port`: Newly mapped `port` raw log field to `event.idm.read_only_udm.principal.port`. - `event.idm.read_only_udm.principal.administrative_domain`: Newly mapped `domain` raw log field to `event.idm.read_only_udm.principal.administrative_domain`. - `event.idm.read_only_udm.target.ip`: Newly mapped `remotenet` raw log field to `event.idm.read_only_udm.target.ip`. - `event.idm.read_only_udm.target.asset.ip`: Newly mapped `remotenet` raw log field to `event.idm.read_only_udm.target.asset.ip`. - `event.idm.read_only_udm.principal.ip`: Newly mapped `localnet` raw log field to `event.idm.read_only_udm.principal.ip`. - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `localnet` raw log field to `event.idm.read_only_udm.principal.asset.ip`. - `event.idm.read_only_udm.security_result.category_details`: Newly mapped `site` raw log field to `event.idm.read_only_udm.security_result.category_details`. - `event.idm.read_only_udm.security_result.rule_id`: Newly mapped `urlruleid` raw log field to `event.idm.read_only_udm.security_result.rule_id`. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `status`, `auditid`, `tgt` (renamed from `target`), `sensible`, `contentpolicy`, `cnruleid`, `vulnid`, `family` raw log fields to `event.idm.read_only_udm.security_result.detection_fields`. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `dstiprep` raw log field to `event.idm.read_only_udm.target.resource.attribute.labels`. - `event.idm.read_only_udm.additional.fields`: Newly mapped `Ethernet0`, `Ethernet1`, `Ethernet2`, `Ethernet3`, `Ethernet4`, `Ethernet5`, `Ethernet6`, `Ethernet7`, `Ethernet8`, `Ethernet9`, `Ethernet10`, `Ethernet11`, `Pvm`, `Qid0`, `ipsec`, `security`, `sslvpn0`, `sslvpn1`, `system`, `tz`, `startime`, `ipv`, `method`, `error`, `ikev`, `phase`, `side`, `cookie_i`, `cookie_r`, `spi_in`, `spi_out`, `solution`, `remote`, `targetclient`, `targetserver`, `discovery` raw log fields to `event.idm.read_only_udm.additional.fields`. - `event.idm.read_only_udm.principal.process.command_line`: Newly mapped `product` raw log field to `event.idm.read_only_udm.principal.process.command_line`. - Added support for the event `logtype` values: `web`, `ssl`, `monitor`, `auth`, `vpn`, `xvpn`, and `pvm`. - Corrected mapping for `event.idm.read_only_udm.security_result.rule_id` to use the value of the `ruleid` variable instead of the literal string "ruleid". - Enhanced IP address validation and extraction for fields: `ipaddr`, `ipaddr1`, `remotenet`, and `localnet`. - Refactored `metadata.event_type` assignment logic to be more conditional based on the presence of principal, target, user, and hostname information. - Implemented dynamic mapping for various raw fields to UDM `additional.fields`, `security_result.detection_fields`, or `target.resource.attribute.labels` based on their keys. - Raw field `target` is now renamed to `tgt` before key-value parsing.
2023-06-29	Enhancement: - Added a Grok pattern to support a new syslog header format.
2022-08-08	Newly created parser.