Enhanced IP and address normalization with proper CIDR validation

Improved network protocol handling with tcp/ip normalization to network.transport

Added support for l7_firewall events with proper categorization

Enhanced IDS alert processing with decision-based event outcomes

Improved field mapping for client.domain and host.hostname with lowercase normalization

Added destination.mac field mapping from vendor fields

Updated event.type arrays to remove redundant "info" entries for cleaner categorization

Fixed temporary variable naming conflicts by prefixing with underscore

Enhanced file scanning events with proper category and type assignments

Enhanced firewall flow parsing with improved regex pattern for better action extraction

Added support for pattern-based action determination (0/1 and allow/deny patterns)

Improved handling of firewall events with more robust field extraction

Removed timezone parameter from timestamp parsing functions to use system default timezone handling

Enhanced authentication event parsing with improved regex pattern for authentication messages

Added support for AnyConnect VPN connection success and failure events with detailed field extraction

Added authentication event categorization with proper event types

Fixed regex patterns to handle multiline syslog messages

Fixed event severity handling for unknown values

Added support for JSON formatted logs with timestamps in ts and occurredAt fields

Added support for IDS Alert events with pass-through detections

Added support for File Scanned events

Added support for BGP, DHCP, VPN, and wireless association events

Updated ECS version to 9.0.0

Added support for BSD syslog format with MMM dd HH:mm:ss timestamp format

Added support for ip_flow_start and ip_flow_end events

Added new field mappings for network flow events

Updated ECS version to 8.17.0

Added support for content filtering block events

Added new field mappings for content filtering events

Adds support for l7_firewall events

Utilizes array:append() function for array declarations

Adds event.kind field to comply with CPS requirements

Removed indicator type from configuration category to comply with ECS

Removes the references to the lookup file from the parser

Bumps the ecs.version to 8.16.0

Adds the event.outcome field

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files

Bug fix: updates the mapping for destination.port, source.port fields

Normalizing the mac addresses to keep the notation from RFC 7042

Adds new event.module, event.dataset and Cps.version fields

Removes the Product field

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type

Rename url.host to url.domain field

Bumps ECS version to 8.11.0

Adds support for ip_flow_end and ip_flow_start events

Syslog headers are now mapped to log.syslog.* fields