Package zscaler/deception Release Notes
Package zscaler/deception Release Notes Version 1.1.0
Uses timestamp from the syslog header as an alternative to parse timestamp
Improves extraction of threat.indicator.ip and threat.indicator.name fields
Normalizes data to CrowdStrike Parsing Standard (CPS) for:
Package zscaler/deception Release Notes Version 1.0.0
Adds new event.module and Cps.version fields
Removes the Product and related.ip fields
Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type
Package zscaler/deception Release Notes Version 0.2.0
Updates the parser to accept the logs coming from syslog
Renames the parser to deception.yaml