Stay organized with collections
Save and categorize content based on your preferences.
Change log for ZSCALER_FIREWALL
Date
Changes
2025-02-12
Enhancement:
- Mapped "csip" to "principal.ip"
- Mapped "csport to "principal.port"
- Mapped "rulelabel" to "intermediary.security_result.rule_name"
- Mapped "threatname" to "security_result.threat_name"
2024-11-12
Enhancement:
- Added support for new pattern of KV logs.
2024-04-08
Enhancement:
- Added a "gsub" function to remove extra brackets to parse JSON logs.
- Mapped "column2" to "principal.user.email_addresses".
- Mapped "column35" to "principal.user.userid".
- Mapped "column36" to "principal.asset_id".
- Mapped "column4" to "additional.fields".
2023-09-12
Enhancement:
- Handled unparsed JSON format logs.
2023-03-28
Enhancement - Added some null checks and on_error statements to handle parsing errors.
- Added/Modified Grok patterns to parse the logs with CEF format.
- Handled the cases when "port", "received_bytes" or "ip" were not in their correct form.
2022-04-29
- Migrated to default parser.
- Converted from SDM to UDM.
2022-04-29
- Migrated to default parser.
- Converted from SDM to UDM.
2022-04-14
- Added new data element for secure result
- Modified mapping for target application, network duration
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-02 UTC."],[[["The ZSCALER_FIREWALL change log highlights ongoing enhancements to log parsing and data mapping, improving data quality and integration."],["Recent updates have focused on mapping various fields to standardized formats, including IP addresses, ports, rule names, and threat names."],["Enhancements have been made to handle different log formats, such as JSON and CEF, and to improve error handling during the parsing process."],["The parser was migrated to a default parser and transitioned from SDM to UDM, improving the system's capabilities."],["There was mapping added for emails, user id, asset id, and additional fields."]]],[]]
