Change log for ZERO_NETWORKS

Date	Changes
2025-03-13	- Mapped "rule.approvedAt" to "additional.fields". - Mapped "rule.createdAt" to "additional.fields". - Mapped "rule.created_by.id" to "target.user.userid" and set event_type to "USER_UNCATEGORIZED". - Mapped "rule.created_by.name" to "target.user.user_display_name" and set event_type to "USER_UNCATEGORIZED". - Mapped "rule.description" to "metadata.description". - Mapped "rule.expiration" to "additional.fields". - Mapped "rule.ipSecOpt" to "additional.fields". - Mapped "rule.isOccasionalMfa" to "additional.fields". - Mapped "rule.localEntityNames.id" to "additional.fields". - Mapped "rule.localEntityNames.name" to "additional.fields". - Mapped "rule.parent_switch_rule_id" to "additional.fields". - Mapped "rule.parent_switch_rule_type" to "additional.fields". - Mapped "rule.ruleClass" to "additional.fields". - Mapped "rule.state" to "additional.fields". - Mapped "rule.updatedAt" to "additional.fields". - Mapped "learningDuration" to "additional.fields". - Mapped "protectionDate" to "additional.fields". - Mapped "parentObjectId" to "additional.fields". - Mapped "reportedObjectId" to "additional.fields". - Mapped "reportedObjectGeneration" to "additional.fields". - Mapped "isoTimestamp" to "metadata.event_timestamp". - Mapped "auditType" to "metadata.product_event_type". - Mapped "enforcementSource" to "principal.application". - Mapped "userRole" to "target.user.role_name". - Mapped "destinationEntitiesList" to "additional.fields". - Mapped "rule.action" to "security_result.action_details". - Mapped "performedBy.id" to "target.user.userid" and set event_type to "USER_UNCATEGORIZED" if "rule.created_by.id" is not present. - Mapped "performedBy.name" to "target.user.user_display_name" and set event_type to "USER_UNCATEGORIZED" if "rule.created_by.name" is not present. - Mapped "connectServer" to "additional.fields". - Mapped "connectedSince" to "additional.fields". - Mapped "expiresAt" to "additional.fields". - Mapped "externalIP" to "target.ip". - Mapped "idp" to "additional.fields". - Mapped "sourceAsset" to "additional.fields". - Mapped "uacId" to "additional.fields". - Mapped "uacName" to "additional.fields". - Mapped "user" to "target.user.user_display_name" and set event_type to "USER_UNCATEGORIZED". - Mapped "prevInactiveReason" to "additional.fields". - Mapped "currInactiveReason" to "additional.fields". - Mapped "lastActiveDurationInMonths" to "additional.fields". - Mapped "lastActiveTime" to "additional.fields". - Mapped "security_result" to "security_result".

Date

Changes

2025-03-13

- Mapped "rule.approvedAt" to "additional.fields".
- Mapped "rule.createdAt" to "additional.fields".
- Mapped "rule.created_by.id" to "target.user.userid" and set event_type to "USER_UNCATEGORIZED".
- Mapped "rule.created_by.name" to "target.user.user_display_name" and set event_type to "USER_UNCATEGORIZED".
- Mapped "rule.description" to "metadata.description".
- Mapped "rule.expiration" to "additional.fields".
- Mapped "rule.ipSecOpt" to "additional.fields".
- Mapped "rule.isOccasionalMfa" to "additional.fields".
- Mapped "rule.localEntityNames.id" to "additional.fields".
- Mapped "rule.localEntityNames.name" to "additional.fields".
- Mapped "rule.parent_switch_rule_id" to "additional.fields".
- Mapped "rule.parent_switch_rule_type" to "additional.fields".
- Mapped "rule.ruleClass" to "additional.fields".
- Mapped "rule.state" to "additional.fields".
- Mapped "rule.updatedAt" to "additional.fields".
- Mapped "learningDuration" to "additional.fields".
- Mapped "protectionDate" to "additional.fields".
- Mapped "parentObjectId" to "additional.fields".
- Mapped "reportedObjectId" to "additional.fields".
- Mapped "reportedObjectGeneration" to "additional.fields".
- Mapped "isoTimestamp" to "metadata.event_timestamp".
- Mapped "auditType" to "metadata.product_event_type".
- Mapped "enforcementSource" to "principal.application".
- Mapped "userRole" to "target.user.role_name".
- Mapped "destinationEntitiesList" to "additional.fields".
- Mapped "rule.action" to "security_result.action_details".
- Mapped "performedBy.id" to "target.user.userid" and set event_type to "USER_UNCATEGORIZED" if "rule.created_by.id" is not present.
- Mapped "performedBy.name" to "target.user.user_display_name" and set event_type to "USER_UNCATEGORIZED" if "rule.created_by.name" is not present.
- Mapped "connectServer" to "additional.fields".
- Mapped "connectedSince" to "additional.fields".
- Mapped "expiresAt" to "additional.fields".
- Mapped "externalIP" to "target.ip".
- Mapped "idp" to "additional.fields".
- Mapped "sourceAsset" to "additional.fields".
- Mapped "uacId" to "additional.fields".
- Mapped "uacName" to "additional.fields".
- Mapped "user" to "target.user.user_display_name" and set event_type to "USER_UNCATEGORIZED".
- Mapped "prevInactiveReason" to "additional.fields".
- Mapped "currInactiveReason" to "additional.fields".
- Mapped "lastActiveDurationInMonths" to "additional.fields".
- Mapped "lastActiveTime" to "additional.fields".
- Mapped "security_result" to "security_result".