Package zscaler/internet-access Release Notes

Package zscaler/internet-access Release Notes Version 1.2.0
  • Implements base64 decoding for the Vendor.url and url.path fields.

  • Corrects event categorization for event.category, which was incorrectly assigned as "admin" instead of "configuration" for zia.admin events.

  • Renames the dns.answers.name field to dns.answers[0].name to comply with CPS standard.

Package zscaler/internet-access Release Notes Version 1.1.0
  • Consolidates dedicated parsers for ZIA feeds into one parser. *This is a breaking change as it forced to rename source fields*. When you install the latest version your search queries which rely on the Vendor specific fields might stop working.

  • Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

  • Improves the field extraction and performance.

  • Extends parser to normalize Audit, Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) events.

  • Adds new fields: event.id, source.geo.name.

Package zscaler/internet-access Release Notes Version 1.0.1
  • Updates dashboards and saved queries to use event.dataset and event.action instead of type and Vendor.action fields respectively.

Package zscaler/internet-access Release Notes Version 1.0.0
  • Adds new event.module, event.dataset and Cps.version fields

  • Removes the Product, related.ip, related.user and related.host fields

  • Sets following tags: Cps.version, Vendor, ecs.version, event.dataset, event.kind, event.module, event.outcome, observer.type

  • Bumps parser version to 1.0.0

  • Bumps ecs.version to 8.11.0

Package zscaler/internet-access Release Notes Version 0.2.0
  • Changes the firewall, dns, tunnel, and web parsers to normalise event data to common schema.

  • Adds new dashboards and queries for working with web-logs.

  • Removes CASB parser, and old queries and dashboards from the package. To keep those, stay on the old version of the package.

  • Bumps minimum supported version of LogScale for the package to 1.102.