Consolidates dedicated parsers for ZIA feeds into one parser. *This is a breaking change as it forced to rename source fields*. When you install the latest version your search queries which rely on the Vendor specific fields might stop working.

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Improves the field extraction and performance.

Extends parser to normalize Audit, Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) events.

Adds new fields: event.id, source.geo.name.

Updates dashboards and saved queries to use event.dataset and event.action instead of type and Vendor.action fields respectively.

Adds new event.module, event.dataset and Cps.version fields

Removes the Product, related.ip, related.user and related.host fields

Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type

Bumps parser version to 1.0.0

Bumps ecs.version to 8.11.0

Changes the firewall, dns, tunnel, and web parsers to normalise event data to common schema.

Adds new dashboards and queries for working with web-logs.

Removes CASB parser, and old queries and dashboards from the package. To keep those, stay on the old version of the package.

Bumps minimum supported version of LogScale for the package to 1.102.