Change log for ZSCALER_DECEPTION

Date	Changes
2025-06-20	Enhancement: - `event.idm.read_only_udm.security_result.about.ip`: Newly mapped `abuseip.ipAddress` raw log field with `event.idm.read_only_udm.security_result.about.ip` UDM field. - `event.idm.read_only_udm.target.location.country_or_region`: Newly mapped `abuseip.countryCode` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `abuseip.ipVersion`, `abuseip.isPublic`, `abuseip.isWhitelisted`, `abuseip.lastReportedAt`, `abuseip.totalReports`, and `decoy.appliance.id` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.principal.location.country_or_region`: Newly mapped `attacker.country` raw log field with `event.idm.read_only_udm.principal.location.country_or_region` UDM field. - `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - `event.idm.read_only_udm.principal.ip`: Newly mapped `attacker.ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `attacker.ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - `event.idm.read_only_udm.principal.port`: Newly mapped `attacker.port` raw log field with `event.idm.read_only_udm.principal.port` UDM field. - `event.idm.read_only_udm.target.application`: Newly mapped `decoy.appliance.name` raw log field with `event.idm.read_only_udm.target.application` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `decoy.client.id`, `decoy.client.name`, `decoy.network_name`, `decoy.recon.dataset`, `decoy.recon.dataset_type` and `decoy.type` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.target.group.group_display_name`: Newly mapped `decoy.group` raw log field with `event.idm.read_only_udm.target.group.group_display_name` UDM field. - `event.idm.read_only_udm.target.asset.asset_id`: Newly mapped `decoy.id` raw log field with `event.idm.read_only_udm.target.asset.asset_id` UDM field. - `event.idm.read_only_udm.target.ip`: Newly mapped `decoy.ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - `event.idm.read_only_udm.target.asset.ip`: Newly mapped `decoy.ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - `event.idm.read_only_udm.target.hostname`: Newly mapped `decoy.name` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `decoy.name` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field. - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `recon.user_agent.string` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `attacker.threat_parse_ids` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.network.sent_bytes`: Newly mapped `recon.bytes_sent` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM field. - `event.idm.read_only_udm.network.http.method`: Newly mapped `recon.method` raw log field with `event.idm.read_only_udm.network.http.method` UDM field. - `event.idm.read_only_udm.network.application_protocol`: Newly mapped `recon.scheme` raw log field with `event.idm.read_only_udm.network.application_protocol` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.network.http.response_code`: Newly mapped `recon.status` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field. - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `recon.user_agent.string` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - `event.idm.read_only_udm.metadata.event_type`: Newly mapped `NETWORK_HTTP` to `event.idm.read_only_udm.metadata.event_type` UDM field, if `recon.scheme` raw log field is `HTTP` or `HTTPS`.
2024-07-01	- Newly created parser.

Date

Changes

2025-06-20

Enhancement:
- `event.idm.read_only_udm.security_result.about.ip`: Newly mapped `abuseip.ipAddress` raw log field with `event.idm.read_only_udm.security_result.about.ip` UDM field.
- `event.idm.read_only_udm.target.location.country_or_region`: Newly mapped `abuseip.countryCode` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM field.
- `event.idm.read_only_udm.additional.fields`: Newly mapped `abuseip.ipVersion`, `abuseip.isPublic`, `abuseip.isWhitelisted`, `abuseip.lastReportedAt`, `abuseip.totalReports`, and `decoy.appliance.id` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field.
- `event.idm.read_only_udm.principal.location.country_or_region`: Newly mapped `attacker.country` raw log field with `event.idm.read_only_udm.principal.location.country_or_region` UDM field.
- `event.idm.read_only_udm.metadata.product_log_id`: Newly mapped `id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field.
- `event.idm.read_only_udm.principal.ip`: Newly mapped `attacker.ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `attacker.ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- `event.idm.read_only_udm.principal.port`: Newly mapped `attacker.port` raw log field with `event.idm.read_only_udm.principal.port` UDM field.
- `event.idm.read_only_udm.target.application`: Newly mapped `decoy.appliance.name` raw log field with `event.idm.read_only_udm.target.application` UDM field.
- `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `decoy.client.id`, `decoy.client.name`, `decoy.network_name`, `decoy.recon.dataset`, `decoy.recon.dataset_type` and `decoy.type` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field.
- `event.idm.read_only_udm.target.group.group_display_name`: Newly mapped `decoy.group` raw log field with `event.idm.read_only_udm.target.group.group_display_name` UDM field.
- `event.idm.read_only_udm.target.asset.asset_id`: Newly mapped `decoy.id` raw log field with `event.idm.read_only_udm.target.asset.asset_id` UDM field.
- `event.idm.read_only_udm.target.ip`: Newly mapped `decoy.ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field.
- `event.idm.read_only_udm.target.asset.ip`: Newly mapped `decoy.ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field.
- `event.idm.read_only_udm.target.hostname`: Newly mapped `decoy.name` raw log field with `event.idm.read_only_udm.target.hostname` UDM field.
- `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `decoy.name` raw log field with `event.idm.read_only_udm.target.asset.hostname` UDM field.
- `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `recon.user_agent.string` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field.
- `event.idm.read_only_udm.additional.fields`: Newly mapped `attacker.threat_parse_ids` raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- `event.idm.read_only_udm.network.sent_bytes`: Newly mapped `recon.bytes_sent` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM field.
- `event.idm.read_only_udm.network.http.method`: Newly mapped `recon.method` raw log field with `event.idm.read_only_udm.network.http.method` UDM field.
- `event.idm.read_only_udm.network.application_protocol`: Newly mapped `recon.scheme` raw log field with `event.idm.read_only_udm.network.application_protocol` UDM field.
- `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field.
- `event.idm.read_only_udm.network.http.response_code`: Newly mapped `recon.status` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field.
- `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `recon.user_agent.string` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field.
- `event.idm.read_only_udm.metadata.event_type`: Newly mapped `NETWORK_HTTP` to `event.idm.read_only_udm.metadata.event_type` UDM field, if `recon.scheme` raw log field is `HTTP` or `HTTPS`.

2024-07-01

- Newly created parser.