Updated ECS version to 9.2.0

Updated parser version to 3.0.2

Enhanced timestamp parsing for RFC 3164 syslog format to handle single-digit day values with optional space padding

Added array-based field handling for host.mac[] field

Updated ECS version to 9.1.0

Updated parser version to 3.0.1

Fixed timezone handling for RFC 3164 syslog timestamps by removing explicit UTC timezone setting

Added support for CEF-formatted DCIP logs with new event.dataset "darktrace.dcip"

Enhanced MITRE ATT&CK technique and tactic mapping using objectArray functions

Improved field mappings for threat intelligence data

Updated parser to 3.0.0

Added support for email events

Updated parser to 2.3.0

Added severity mapping for AI Analyst events

Enhanced severity mapping for model breach events based on score or priority

Added severity mapping for system status events

Fixed code formatting for better readability

Updated parser to 2.2.1

Enhanced audit event parsing with improved categorization and field mapping

Added validation for source IP addresses using CIDR check

Updated ECS version to 9.0.0

Added support for syslog appname-based event classification

Updated parser to 2.2.0

Fixed timestamp parsing for Antigena events to use start time instead of end time

Added support for audit events with new event.dataset "detect.audit"

Fixed timezone handling for RFC 3164 syslog timestamps

Adds default of "event" of event.kind field.

Fixes regex to parse out alternative timestamp format.

Fixes gap error for Vendor.model.tags[] array.

Adds source.ip field.

Updates rule.author field to an array to comply with ECS.

Bumps ecs.version to 8.16.0.

The parser darktrace-detect is an aggregation of the three previous parsers: ai_analyst_alert-syslog, model_breach_alert-syslog, system_status_alert-syslog

Handles events with syslog headers in both the RFC 5424 and RFC 3164 formats

Deals with large JSON objects within the message

Handles the following log types and sets event.dataset accordingly: detect.aianalyst/detect.modelbreach/detect.modeltrigger/detect.systemstatus/detect.antigena

CPS normalization that was previously done in separate parsers is carried out based on event.dataset

CPS normalization carried out for additional data types - detect.modeltrigger and detect.antigena

Added santised examples of all variations of event.dataset and syslog header format

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds new event.module and Cps.version fields

Removes the Product, related.user and related.ip fields

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type