Package cloudflare/zerotrust Release Notes

Added severity mapping based on risk score
Added event.kind = alert for zone-scoped-http-requests when severity is present
Added event.action mapping from Vendor.SecurityAction
Added array deduplication for event.category[] and event.type[]
Updated email field normalization to convert all email addresses to lowercase
Enhanced DNS event action mapping to use coalesce function for better field resolution
Updated parser version to 2.3.0 and CPS version to 1.1.0

Improved JSON parsing with support for message prefix removal
Enhanced event categorization with proper event.category and event.type arrays
Added comprehensive email attachment parsing for Area1 security logs
Improved HTTP response status code handling for better event outcome determination
Added support for bulk log processing with improved detection logic

Improves the case statement to only look for fields that are not possibly null
Reassigns as.number to client.as.number and interface.id to observer.egress.interface.id to comply with ECS standards

Improves the field extraction and performance.
Bumps the minimum LogScale version to 1.142 to support parser assertions in yaml files.
Adds support of Network Analytics, Magic IDS and Zone-scoped HTTP Requests logs.
Adds event.reason , message , interface.name , email.from.address , email.sender.address , email.to.address , file.name , file.size , file.sizefile.size , device.id fields and more.
Renames the parser to cloudflare-one .

Adds new event.module and Cps.version fields
Removes the Product , related.user and related.ip fields
Sets following tags: Cps.version , Vendor , ecs.version , event.dataset , event.kind , event.module , event.outcome , observer.type