Fixed timestamp parsing for Antigena events to use start time instead of end time

Added support for audit events with new event.dataset "detect.audit"

Fixed timezone handling for RFC 3164 syslog timestamps

Adds default of "event" of event.kind field.

Fixes regex to parse out alternative timestamp format.

Fixes gap error for Vendor.model.tags[] array.

Adds source.ip field.

Updates rule.author field to an array to comply with ECS.

Bumps ecs.version to 8.16.0.

The parser darktrace-detect is an aggregation of the three previous parsers: ai_analyst_alert-syslog , model_breach_alert-syslog , system_status_alert-syslog

Handles events with syslog headers in both the RFC 5424 and RFC 3164 formats

Deals with large JSON objects within the message

Handles the following log types and sets event.dataset accordingly: detect.aianalyst / detect.modelbreach / detect.modeltrigger / detect.systemstatus / detect.antigena

CPS normalization that was previously done in separate parsers is carried out based on event.dataset

CPS normalization carried out for additional data types - detect.modeltrigger and detect.antigena

Added santised examples of all variations of event.dataset and syslog header format

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds new event.module and Cps.version fields

Removes the Product , related.user and related.ip fields

Sets following tags: Cps.version , Vendor , ecs.version , event.dataset , event.kind , event.module , event.outcome , observer.type