Change log for ZSCALER_ZPA
Date | Changes |
---|---|
2024-11-27 | Enhancement:
- Mapped "ConnectionStatus" to "security_result.action" and "additional.fields". |
2024-10-01 | Enhancement:
- Mapped "PosturesHit", "PosturesMiss", "TimestampConnectionStart", "TimestampConnectionEnd", "TimestampCATx", "TimestampCATRx", "TimestampAppLearnStart", "TimestampZENFirstRxClient", "TimestampZENFirstTxClient", "TimestampZENLastRxClient", "TimestampZENLastTxClient", "TimestampConnectorZENSetupComplete", "TimestampZENFirstRxConnector", "TimestampZENFirstTxConnector", "TimestampZENLastRxConnector", "TimestampZENLastTxConnector", "ZENBytesRxClient", "ZENBytesTxClient", "ZENTotalBytesRxConnector", "ZENBytesRxConnector", "ZENTotalBytesTxConnector", and "ZENBytesTxConnector" to "additional.fields". |
2024-07-09 | Enhancement:
- If "has_principal" and "has_target" are "true" and "metadata.event_type" is "GENERIC_EVENT", then set "metadata.event_type" to "NETWORK_CONNECTION". |
2024-05-20 | Enhancement:
- Mapped "Hostname" to "principal.hostname". - Mapped "TotalBytesRx" to "network.received_bytes". - Mapped "TotalBytesTx" to "network.sent_bytes". - Mapped "SessionStatus" to "InternalReason" to map event types based on "SessionStatus". - Mapped "Platform" to "principal.platform". - Mapped "Version" to "metadata.product_version". - Mapped "CertificateCN" to "additional.fields". - Mapped "Latitude" to "principal.location.region_latitude" and "principal.location.region_coordinates.latitude". - Mapped "Longitude" to "principal.location.region_longitude" and "principal.location.region_coordinates.longitude". |
2024-02-12 | Enhancement - Removed drop tag to parse unsupported log. |
2023-02-22 | Newly created parser. |