Change log for ZSCALER_DNS
| Date | Changes |
|---|---|
| 2025-04-17 | Enhancement:
- event.idm.read_only_udm.metadata.event_timestamp: Added support to map new patterns of timestamp for `datetime` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. |
| 2025-04-15 | Enhancement:
- event.idm.read_only_udm.metadata.description: Removed mapping of `resrulelabel` and `description` from `event.idm.read_only_udm.metadata.description` UDM field. |
| 2025-04-08 | Enhancement:
- event.idm.read_only_udm.target.url: Removed mapping of `dns_req` from `event.idm.read_only_udm.network.dns.target.url` UDM field. - event.idm.read_only_udm.network.dns.questions.name: Mapped `dns_req` raw log field with `event.idm.read_only_udm.network.dns.questions.name` UDM field - `NETWORK_DNS`: Added support for the event `NETWORK_DNS` when "question" is not equal to null. - Removed "metadata.event_type" of "NETWORK_CONNECTION" and "STATUS_UPDATE". |
| 2025-03-05 | Enhancement:
- Changed mapping for "location" field from "additional.fields" to "principal.location.name". - Changed mapping for "dns_req" field from "network.dns.questions.name" to "target.url". |
| 2025-03-03 | Enhancement:
- When "resrulelabel_details" is not "None" then mapped it to "metadata.description", else mapped "description" to "metadata.description". |
| 2025-02-22 | Enhancement:
- Mapped "event.category" and "category" to "sec_result.detection_fields". |
| 2025-01-24 | Enhancement:
- Added support for JSON logs having internal field as "event". |
| 2025-01-24 | Enhancement:
- Added support for JSON logs having internal field as "event". |
| 2024-10-23 | Enhancement:
- Added support to parse unparsed JSON logs. |
| 2024-05-28 | Enhancement:
- Mapped "dns_reqtype" to "additional.fields". |
| 2024-05-10 | Enhancement:
- Mapped "dns_resp" to "event.idm.read_only_udm.network.dns.answers.data". - Mapped "event1.durationms" to "network.session_duration.seconds". - Mapped "event1.location" to "additional.fields". - Mapped "event1.category" and "event1.respipcategory" to "sec_result.category_details". |
| 2023-10-17 | Enhancement -
- Written a Grok pattern to parse the log of CSV format. - Dropped the logs that do not match any Grok pattern. |
| 2022-09-30 | Enhancement -
- Parsed Json format logs. - Dropped Encoded logs. |