Package paloalto/firewall Release Notes

Adds logic to only create passthrough detections from Critical and High severity events.
Adds backwards compatible Subtype field for NGSIEM customers.
Fixes regex bugs

Adds additional mappings to ECS for: source.geo.country_name, destination.geo.country_name, rule.category, process.command_line, source.ip (for Config logs), network.packets fields.
Adds url.* ECS fields for subtype url
Adds the field observer.type
Adds additional options to Config logs to determine event.outcome
Enhancement to parsing for system auth logs
Decodes network.transport to include network.iana_numbers
Aliases client.ip/port to source.ip/port and server.ip/port to destination.ip/port

Adds support for PAN-OS v11.0
Improves the field extraction and performance.
Renames the fields under the Vendor namespace to pascal case notation. It's a breaking change so don't update to this version in case your queries rely on the Vendor specific fields.
Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.
Adds threat.*, event.severity fields and more.
Sets the event.action for Authentication events.
Sets the event.category to intrusion_detection and malware for Colleration events.
Classifies events according to a threat taxonomy as the MITRE ATT&CK framework.
Renames the parser to paloalto-ngfw.

Adds new event.module and Cps.version fields
Removes the Product, related.hash, related.user, related.hosts, related.ip and message fields
Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type

Updates the parser to normalise event data to common schema. It currently supports messages of Traffic, Threat, HIP Match, GlobalProtect, IP-Tag, User-ID, Decryption, Tunnel Inspection, SCTP, Config, Authentication, System, Correlated Events and GTP types.
Removes old queries and dashboards from the package. To keep those, stay on the old version of the package.
Bumps the minimum supported version of LogScale from 1.20 to 1.82