Updated parser version to 3.0.2

Enhanced source.address field mapping to use external_client_ip as fallback when internal_client_ip is not available

Updated parser version to 3.0.1

Added strict=false parameter to regex function for improved parsing reliability

Updated parser to support Cisco Umbrella Log Schema Version 13

Updated parser version to 2.2.2

Removed timezone parameter from timestamp parsing functions to use system default timezone handling

Updates ECS version to 8.17.0

Improves event categorization using array append

Standardizes event action field to lowercase

Enhances field normalization for network traffic

Bug fix: Updates the default event.kind field to event to ensure compliance with CPS standard.

Updates the interface.id field to have a valid prefix (observer.inbound or oberver.outbound) based on the direction of data flow, to comply with CPS.

Improves the field extraction and performance.

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds source.ip, event.action, destination.domain, event.type and rule.uuid fields and more.

Renames the fields under the Vendor namespace from the camelcase to snakecase. It's a breaking change so don't update to this version in case your queries rely on the Vendor specific fields

Adds support of Firewall logs, Data Loss Prevention (DLP) logs and Intrusion Prevention (IPS) logs.

Renames the parser to cisco-umbrella.

Adds new event.module and Cps.version fields

Removes the Product, related.user and related.ip fields

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type