docs: update PR with test logs

Author: yahyaghani

packages/cisco_ftd/pr.md

@@ -7,6 +7,22 @@ Fixes #15204
 ## Problem
 The Cisco FTD integration was not parsing SGT/EGT-related fields from connection event messages. These fields were present in the `event.original` field but were not being extracted into structured, queryable fields, making it difficult to search and analyze security group information in Elastic.
 
+## Example Logs (Sanitized for Testing)
+
+Based on the logs provided in issue #15204, here are the sanitized test cases used in our pipeline tests:
+
+**Example 1 - Connection End Event (430003):**
+```
+2025-09-01T12:00:00Z firepower : %FTD-6-430003: EventPriority: Low, DeviceUUID: d697c8ca-9fe4-43e6-aeb5-33e277e5ffea, InstanceID: 11, FirstPacketSecond: 2025-09-01T12:35:00Z, ConnectionID: 39416, AccessControlRuleAction: Trust, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 56799, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, SourceSecurityGroup: SGT_TEST_GROUP, SourceSecurityGroupTag: 2003, SourceSecurityGroupType: Session Directory, DestinationIP_DynamicAttribute: APIC_EPG_TEST_GROUP, IngressVRF: Global, EgressVRF: Global, Endpoint Profile: Workstation:Microsoft-Workstation:Windows11-Workstation, ACPolicy: ACP-Access, AccessControlRuleName: Test-Rule-1, Prefilter Policy: Default Prefilter Policy, User: testuser, Client: DNS, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 31, ResponderBytes: 238, NAPPolicy: Balanced Security and Connectivity
+```
+
+**Example 2 - Connection Start Event (430002):**
+```
+2025-09-01T14:00:00Z firepower : %FTD-6-430002: EventPriority: Low, DeviceUUID: d697c8ca-9fe4-43e6-aeb5-33e277e5ffea, InstanceID: 4, FirstPacketSecond: 2025-09-01T14:00:03Z, ConnectionID: 36584, AccessControlRuleAction: Block, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 56799, DstPort: 22, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, SourceSecurityGroup: 2005, SourceSecurityGroupTag: 2005, DestinationSecurityGroup: 9, DestinationSecurityGroupTag: 9, SourceSecurityGroupType: Session Directory, DestinationSecurityGroupType: SXP, IngressVRF: Global, EgressVRF: Global, Endpoint Profile: Invalid ID, ACPolicy: ACP-Management, AccessControlRuleName: Default Deny, Prefilter Policy: Management Prefilter Policy, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 70, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity
+```
+
+These logs demonstrate the SGT/EPG fields that were previously not being parsed. Note: IPs and interface names have been sanitized for security.
+
 ## Solution
 Added parsing support for the following 6 fields: