Stay organized with collections
Save and categorize content based on your preferences.
Change log for ZSCALER_WEBPROXY
Date
Changes
2025-06-13
- Fix the event timestamp format issue for the formats 'yyyy-MM-dd HH:mm:ss' and 'yyyy-MM-ddTHH:mm:ssZ'.
- Improved the parser performance to remove security_result.risk_score if pagerisk contains invalid values, as per the UDM documentation.
2025-05-30
- Added condition to handle timezone for `America/New York`.
2025-05-08
- Promoted ZSCALER_WEBPROXY Premium parser to default. You can see full details in the parser configuration page - https://cloud.google.com/chronicle/docs/ingestion/default-parsers/ingest-zscaler-logs
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe ZSCALER_WEBPROXY change log details numerous enhancements and bug fixes, primarily focused on improving log parsing and mapping to various UDM (Unified Data Model) fields.\u003c/p\u003e\n"],["\u003cp\u003eEnhancements include support for new log formats like CSV, JSON, SYSLOG, and KV, along with updates to Grok patterns for parsing diverse log types, including HTTP and WEBSOCKET_SSL.\u003c/p\u003e\n"],["\u003cp\u003eField mappings have been extensively modified to map data points to appropriate categories, such as "security_result," "principal," "target," "network," and "metadata," to help streamline data analysis.\u003c/p\u003e\n"],["\u003cp\u003eBug fixes have been implemented to resolve issues with parsing errors, handling malformed logs, and ensuring correct time zone representation for timestamps.\u003c/p\u003e\n"],["\u003cp\u003eVarious fields are mapped to corresponding categories, for example, mapping 'threatclass' to 'security_result.associations.name' or 'respcode' to 'network.http.response_code'.\u003c/p\u003e\n"]]],[],null,["# Change log for ZSCALER_WEBPROXY\n==============================="]]
