Enhanced IP address validation using CIDR function for source and destination fields

Improved handling of source.address and destination.address fields with proper IP validation

Updated parser version to 3.3.2

Fixed regex pattern for numerical action values to prevent backtracking issues

Updated parser version to 3.3.1

Enhanced observer name extraction from originsicname field using regex pattern

Improved source field handling for email addresses and IP addresses in 'from' field

Added service.id and service.name field mappings with protocol detection

Enhanced network protocol detection based on service identifiers

Updated parser version to 3.3.0 and CPS version to 1.1.0

Added support for additional log types including VPN-1 & FireWall-1, Application Control URL Filtering, and Log Update events

Enhanced event categorization for various product types

Fixed network direction handling to improve log classification

Added test cases for new log formats

Updated parser version to 3.2.0

Regex fix to stop backtracking errors for logs that use "=" as the key-value separator

Added event.kind field with default value "event"

Removed redundant case statement for event.kind assignment

Updated parser version to 3.1.2

Fixed CEF log parsing regex to properly handle logs without trailing newlines

Updated ECS version to 9.0.0

Updated parser version to 3.1.1

Added support for CEF formatted logs with and without headers

Enhanced timestamp handling for various formats

Added field mappings for additional Check Point fields

Improved event categorization and field normalization

Added support for additional network direction indicators

Updated ECS version to 8.17.0

Improved event categorization with array-based approach

Enhanced field mapping for better data normalization

Optimized email field handling

Fixed field duplication issues

Vendor.action

Vendor.additional_info

Vendor.administrator

Vendor.app_risk

Vendor.app_rule_id

Vendor.app_rule_name

Vendor.application

Vendor.bytes

Vendor.categories

Vendor.client_inbound_interface

Vendor.client_ip

Vendor.client_outbound_bytes

Vendor.client_outbound_packets

Vendor.conn_direction

Vendor.delivery_time

Vendor.description

Vendor.dlp_file_name

Vendor.dlp_rule_name

Vendor.dlp_rule_uid

Vendor.dns_message_type

Vendor.dns_type

Vendor.domain_name

Vendor.dst

Vendor.dst_user_name

Vendor.email_message_id

Vendor.email_queue_id

Vendor.email_subject

Vendor.endpoint_ip

Vendor.file_id

Vendor.file_name

Vendor.file_size

Vendor.file_type

Vendor.first_detection

Vendor.from

Vendor.ifdir

Vendor.ifname

Vendor.industry_reference

Vendor.information

Vendor.inzone

Vendor.last_detection

Vendor.lastupdatetime

Vendor.layer_name

Vendor.loguid

Vendor.mac_destination_address

Vendor.mac_source_address

Vendor.malware_action

Vendor.malware_rule_id

Vendor.malware_rule_name

Vendor.matched_category

Vendor.method

Vendor.objectname

Vendor.origin

Vendor.origin_ip

Vendor.os_name

Vendor.os_version

Vendor.outzone

Vendor.packet_capture

Vendor.packets

Vendor.parent_process_name

Vendor.policy

Vendor.process_name

Vendor.product

Vendor.proto

Vendor.received_bytes

Vendor.referrer

Vendor.resource

Vendor.rule_name

Vendor.rule_uid

Vendor.s_port

Vendor.security_outzone

Vendor.sent_bytes

Vendor.sequencenum

Vendor.server_outbound_bytes

Vendor.server_outbound_interface

Vendor.server_outbound_packets

Vendor.service

Vendor.service_id

Vendor.session_description

Vendor.session_uid

Vendor.severity

Vendor.smartdefence_profile

Vendor.sport_svc

Vendor.src

Vendor.src_user_group

Vendor.src_user_name

Vendor.start_time

Vendor.svc

Vendor.to

Vendor.type

Vendor.uid

Vendor.update_version

Vendor.url

Vendor.user

Vendor.user_agent

Vendor.user_group

Vendor.usercheck_incident_uid

Vendor.web_client_type

Vendor.xlatedport

Vendor.xlatedport_svc

Vendor.xlatedst

Vendor.xlatesport

Vendor.xlatesport_svc

Vendor.xlatesrc

Bug fix: resolved an issue with the regex used to extract fields from rawstring.

Bumps the ecs.version to 8.16.0.

Corrects a typo in the event.type field values to comply with ECS. Changed conection to connection and delection to deletion .

Removes the destination.service.name field as it was not valid ECS field.

Renames the network.app_name to network.application to comply with ECS.

Updates the event.dataset from content-awareness to ngfw.content-awareness to comply with CPS.

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds support for JSON format.

Fixes an issue where the timestamp wasn't working if it was +2:00.

Adds a couple of feilds, for example: host.ip , observer.egress.interface.name , observer.ingress.interface.name , destination.user.name and more.

Builds out the event.category and event.type fields.

Adds more options for Action and Rule Action mappings

Adds default category and type as network/info to ensure all events are parsed to CPS standard

Adds new event.module and Cps.version fields

Removes the Product , related.user , related.hash and related.ip fields

Sets following tags: Cps.version , Vendor , ecs.version , event.dataset , event.kind , event.module , event.outcome , observer.type