Updates ECS version to 8.17.0

Improves event categorization using array append

Standardizes event action field to lowercase

Enhances field normalization for network traffic

Bug fix: Updates the default event.kind field to event to ensure compliance with CPS standard.

Updates the interface.id field to have a valid prefix (observer.inbound or oberver.outbound) based on the direction of data flow, to comply with CPS.

Improves the field extraction and performance.

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds source.ip, event.action, destination.domain, event.type and rule.uuid fields and more.

Renames the fields under the Vendor namespace from the camelcase to snakecase. It's a breaking change so don't update to this version in case your queries rely on the Vendor specific fields

Adds support of Firewall logs, Data Loss Prevention (DLP) logs and Intrudion Prevention (IPS) logs.

Renames the parser to cisco-umbrella.

Adds new event.module and Cps.version fields

Removes the Product, related.user and related.ip fields

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type