Uses timestamp from the syslog header as an alternative to parse timestamp

Improves extraction of threat.indicator.ip and threat.indicator.name fields

Normalizes data to CrowdStrike Parsing Standard (CPS) for:

Adds new event.module and Cps.version fields

Removes the Product and related.ip fields

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type

Updates the parser to accept the logs coming from syslog

Renames the parser to deception.yaml