Change log for ZSCALER_FIREWALL
| Date | Changes |
|---|---|
| 2025-03-03 | Enhancement:
- Removed "None" from the conditional checks. - Changed mapping of "ssip" from "principal.ip" to "additional.fields". - Changed mapping of "event.rulelabel" from "intermediary.security_result.rule_name" to "security_result.rule_name". - Mapped "event.threat_severity" to "security_result.severity". |
| 2025-02-12 | Enhancement:
- Mapped "csip" to "principal.ip" - Mapped "csport to "principal.port" - Mapped "rulelabel" to "intermediary.security_result.rule_name" - Mapped "threatname" to "security_result.threat_name" |
| 2024-11-12 | Enhancement:
- Added support for new pattern of KV logs. |
| 2024-04-08 | Enhancement:
- Added a "gsub" function to remove extra brackets to parse JSON logs. - Mapped "column2" to "principal.user.email_addresses". - Mapped "column35" to "principal.user.userid". - Mapped "column36" to "principal.asset_id". - Mapped "column4" to "additional.fields". |
| 2023-09-12 | Enhancement:
- Handled unparsed JSON format logs. |
| 2023-03-28 | Enhancement - Added some null checks and on_error statements to handle parsing errors.
- Added/Modified Grok patterns to parse the logs with CEF format. - Handled the cases when "port", "received_bytes" or "ip" were not in their correct form. |
| 2022-04-29 | - Migrated to default parser.
- Converted from SDM to UDM. |
| 2022-04-29 | - Migrated to default parser.
- Converted from SDM to UDM. |
| 2022-04-14 | - Added new data element for secure result
- Modified mapping for target application, network duration |