Change log for NETSKOPE_CASB
| Date | Changes |
|---|---|
| 2025-09-29 | Enhancement:
- Enhanced log processing by using `gsub` to replace d"Azur with d'Azur. This corrects log entries with this pattern, allowing them to be parsed as valid JSON instead of being dropped as malformed. - event.idm.read_only_udm.security_result.description: Newly mapped `device` raw log field to event.idm.read_only_udm.security_result.description. - event.idm.read_only_udm.principal.asset.platform_software.platform: Newly mapped `os_name` raw log field to event.idm.read_only_udm.principal.asset.platform_software.platform. - event.idm.read_only_udm.principal.asset.platform_software.platform_version: Newly mapped `os_version` raw log field to event.idm.read_only_udm.principal.asset.platform_software.platform_version. - event.idm.read_only_udm.additional.fields: Newly mapped `_appsession_start`, `__buf_len`, `supporting_data.data_values`, `ja3`, `ja3s` , `app_tags`, `src_zipcode`, `dst_zipcode`, `tunnel_id`, `browser_session_id`, `incident_id`, `_content_version`, `_creation_timestamp`, `_ef_received_at`, `_enriched_all`, `_session_begin`, `_skip_geoip_lookup`, `_src_gmt_offset`, `acked`, `connection_id`, `sanctioned_instance`, `src_time`, `telemetry_app`, `_original_destport`, `_raw_event_inserted_at`, `site`, `_partial_file` and `request_id` raw log field to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.network.http.referral_url: Newly mapped `referer` raw log field to event.idm.read_only_udm.network.http.referral_url. - event.idm.read_only_udm.principal.location.region_latitude: Newly mapped `src_latitude` raw log field to event.idm.read_only_udm.principal.location.region_latitude. - event.idm.read_only_udm.principal.location.region_longitude: Newly mapped `src_longitude` raw log field to event.idm.read_only_udm.principal.location.region_longitude. - event.idm.read_only_udm.principal.location.region_coordinates.latitude: Newly mapped `dst_latitude` raw log field to event.idm.read_only_udm.principal.location.region_coordinates.latitude. - event.idm.read_only_udm.principal.location.region_coordinates.longitude: Newly mapped `dst_longitude` raw log field to event.idm.read_only_udm.principal.location.region_coordinates.longitude. - event.idm.read_only_udm.principal.ip: Newly mapped `userip` raw log field to event.idm.read_only_udm.principal.ip. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `userip` raw log field to event.idm.read_only_udm.principal.asset.ip. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `src_timezone`, `transaction_id`, `_event_id`, `from_user` and `organization_unit` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `dst_timezone`, `_instance_name`, `_service_identifier` and `os_family` raw log field to event.idm.read_only_udm.target.resource.attribute.labels. - event.idm.read_only_udm.intermediary.location.name: Newly mapped `netskope_pop` raw log field to event.idm.read_only_udm.intermediary.location.name. - event.idm.read_only_udm.target.hostname: Newly mapped `page_site` raw log field to event.idm.read_only_udm.target.hostname. - event.idm.read_only_udm.target.asset.hostname: Newly mapped `page_site` raw log field to event.idm.read_only_udm.target.asset.hostname. - event.idm.read_only_udm.target.domain.name: Newly mapped `domain` raw log field to event.idm.read_only_udm.target.domain.name. - event.idm.read_only_udm.target.ip: Newly mapped `_original_destip` raw log field to event.idm.read_only_udm.target.ip. - event.idm.read_only_udm.target.asset.ip: Newly mapped `_original_destip` raw log field to event.idm.read_only_udm.target.asset.ip. |
| 2024-02-12 | Newly created parser.
|