Change log for ZSCALER_WEBPROXY
| Date | Changes |
|---|---|
| 2025-10-28 | - security_result.rule_name: Newly mapped `ssl_rulename` raw log field with `security_result.rule_name` UDM field
- additional.fields[client_tls_keyex_pqc_offers]: Newly mapped `client_tls_keyex_pqc_offers` raw log field with `additional.fields[client_tls_keyex_pqc_offers]` UDM field - additional.fields[client_tls_keyex_hybrid_offers]: Newly mapped `client_tls_keyex_hybrid_offers` raw log field with `additional.fields[client_tls_keyex_hybrid_offers]` UDM field - additional.fields[client_tls_keyex_unknown_offers]: Newly mapped `client_tls_keyex_unknown_offers` raw log field with `additional.fields[client_tls_keyex_unknown_offers]` UDM field - additional.fields[client_tls_sig_pqc_offers]: Newly mapped `client_tls_sig_pqc_offers` raw log field with `additional.fields[client_tls_sig_pqc_offers]` UDM field - additional.fields[client_tls_sig_non_pqc_offers]: Newly mapped `client_tls_sig_non_pqc_offers` raw log field with `additional.fields[client_tls_sig_non_pqc_offers]` UDM field - additional.fields[client_tls_sig_hybrid_offers]: Newly mapped `client_tls_sig_hybrid_offers` raw log field with `additional.fields[client_tls_sig_hybrid_offers]` UDM field - additional.fields[client_tls_sig_unknown_offers]: Newly mapped `client_tls_sig_unknown_offers` raw log field with `additional.fields[client_tls_sig_unknown_offers]` UDM field - additional.fields[client_tls_keyex_alg]: Newly mapped `client_tls_keyex_alg` raw log field with `additional.fields[client_tls_keyex_alg]` UDM field - additional.fields[client_tls_sig_alg]: Newly mapped `client_tls_sig_alg` raw log field with `additional.fields[client_tls_sig_alg]` UDM field - additional.fields[server_tls_keyex_alg]: Newly mapped `server_tls_keyex_alg` raw log field with `additional.fields[server_tls_keyex_alg]` UDM field - additional.fields[server_tls_sig_alg]: Newly mapped `server_tls_sig_alg` raw log field with `additional.fields[server_tls_sig_alg]` UDM field |
| 2025-10-14 | Added edge-case handling for raw log field `upload_filename_temp`. |
| 2025-09-15 | Improved error handling to cover various edge cases across multiple scenarios. |
| 2025-09-04 | - target.file.full_path: Newly mapped `upload_filename` raw log field with `target.file.full_path` UDM field if `filename` raw log field is equal to "None" and the `upload_filename` raw log field is not equal to "None".
- target.resource.attribute.labels[upload_filename]: Newly mapped `upload_filename` raw log field with `target.resource.attribute.labels[upload_filename]` UDM field if `filename` raw log field is not equal to "None" and the `upload_filename` raw log field is not equal to "None". |
| 2025-09-04 | - target.file.full_path: Newly mapped `upload_filename` raw log field with `target.file.full_path` UDM field if `filename` raw log field is equal to "None" and the `upload_filename` raw log field is not equal to "None".
- target.resource.attribute.labels[upload_filename]: Newly mapped `upload_filename` raw log field with `target.resource.attribute.labels[upload_filename]` UDM field if `filename` raw log field is not equal to "None" and the `upload_filename` raw log field is not equal to "None". |
| 2025-06-13 | - Fix the event timestamp format issue for the formats 'yyyy-MM-dd HH:mm:ss' and 'yyyy-MM-ddTHH:mm:ssZ'.
- Improved the parser performance to remove security_result.risk_score if pagerisk contains invalid values, as per the UDM documentation. |
| 2025-05-30 | - Added condition to handle timezone for `America/New York`.
|
| 2025-05-08 | - Promoted ZSCALER_WEBPROXY Premium parser to default. You can see full details in the parser configuration page - https://cloud.google.com/chronicle/docs/ingestion/default-parsers/ingest-zscaler-logs
|