The parser darktrace-detect is an aggregation of the three previous parsers: ai_analyst_alert-syslog, model_breach_alert-syslog, system_status_alert-syslog

Handles events with syslog headers in both the RFC 5424 and RFC 3164 formats

Deals with large JSON objects within the message

Handles the following log types and sets event.dataset accordingly: detect.aianalyst/detect.modelbreach/detect.modeltrigger/detect.systemstatus/detect.antigena

CPS normalization that was previously done in separate parsers is carried out based on event.dataset

CPS normalization carried out for additional data types - detect.modeltrigger and detect.antigena

Added santised examples of all variations of event.dataset and syslog header format

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds new event.module and Cps.version fields

Removes the Product, related.user and related.ip fields

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type