changes.mady.by.user Juan Tomás Alonso Nieto
Saved on Jun 11, 2024
Saved on Jun 20, 2024
...
proxy.zscaler.access
proxy.zscaler.nss
proxy.zscaler.nss_firewall
proxy.zscaler.nss_web
Field
Type
Field Transformationtransformation
Source field name
Extra fields
eventdate
timestamp
ifthenelse(length(timestamp_str) = 19, parse("yyyy/MM/dd hh:mm:ss", timestamp_str), ifthenelse(timestamp_str -> " ", parsedate(timestamp_str, dateformat("MMM D HH:mm:ss YYYY", "UTC")), parsedate(timestamp_str, dateformat("MMM DD HH:mm:ss YYYY", "UTC"))))
timestamp_str
reason
str
event_id
protocol
action
rulelabel
ruletype
transactionsize
int8
responsesize
requestsize
urlcategory
serverip
ip4
clienttranstime
requestmethod
refererurl
useragent
product
productVersion
location
clientIP
deviceName
deviceOSType
status
user
url
vendor
hostname
clientpublicIP
threatcategory
threatname
threatmd5
filename
filetype
fileSubtype
contenttype
appname
pagerisk
department
urlsupercategory
appclass
dlpengine
urlclass
threatclass
dlpdictionaries
fileclass
fileScannable
bwthrottle
servertranstime
trafficredirectmethod
ztunnelVersion
sslinspected
ssldecrypted
externalspr
deviceowner
refererURL
datetime
unscannabletype
devicehostname
clienttranstime_str
transactionsize_str
servertranstime_str
responsesize_str
requestsize_str
upload_filename
upload_filetype
upload_fileclass
upload_filesubtype
upload_doctypename
hostchain
✓
tag
rawMessage
time
login
proto
eurl
reqsize
respsize
stime
ctime
urlsupercat
urlcat
malwarecat
riskscore
dlpeng
dlpdict
dept
cip
sip
reqmethod
respcode
ua
ereferer
cefVersion
embDeviceVendor
embDeviceProduct
deviceVersion
signatureID
name
severity
cdport
csport
sdport
ssport
csip
cdip
ssip
sdip
tsip
tsport
ttype
dnat
nwsvc
nwapp
ipproto
ipcat
destcountry
avgduration
int4
inbytes
outbytes
duration
durationms
numsessions
ipsrulelabel
threatcat
recordid
eedone
devicemodel
devicename
deviceostype
deviceosversion
deviceappversion
ztunnelversion
unscannable
ologin
throttlereqsize
throttlerespsize
bwclassname
bwrulename
module
bamd5
dlpdicthitcount
dlpidentifier
dlpmd5
filesubtype
reqdatasize
reqhdrsize
respdatasize
resphdrsize
totalsize
reqversion
respversion
referer
uaclass
ua_token
host
ehost
refererhost
erefererpath
eurlpath
erefererhost
df_hostname
mobappname
mobappcat
mobdevtype
cintip
clientsslcipher
clienttlsversion
clientsslsessreuse
srvsslcipher
srvtlsversion
srvocspresult
srvcertchainvalpass
srvwildcardcert
serversslsessreuse
srvcertvalidationtype
srvcertvalidityperiod
malwareclass
productversion
nsssvcip
proxy.zscaler.zia.alert
proxy.zscaler.zia.dns
proxy.zscaler.zia.firewall
proxy.zscaler.zia.saas_collaboration
facility
level
message
sourcetype
ss
mm
hh
dd
mth
yyyy
reqrulelabel
reqaction
resrulelabel
resaction
req
resp
domcat
reqtype
sport
category
event
json
tz
Field transformation
parsedate(replace(time_str, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC"))
time_str
cdip_string
cdip_ipv6
ip6
tunsport
locationname
tuntype
sdip_string
sdip_ipv6
ssip_string
ssip_ipv6
stateful
aggregate
tenant
applicationname
epochtime
filetypename
filesize
filemd5
collabscope
policy
malware
dlpdictnames
dlpenginenames
dlpdictcount
filetypecategory
component
sha
internal_recptnames
external_recptnames
ointernal_recptnames
oexternal_recptnames
sharedchannel_hostname
sender
osender
esender
channel_name
ochannel_name
datacenter
datacentercity
datacentercountry
proxy.zscaler.zia.saas_crm
proxy.zscaler.zia.saas_email
proxy.zscaler.zia.saas_file
proxy.zscaler.zia.saas_itsm
fullurl
suburl
num_internal_collab
num_external_collab
objectname
objecttype
file_msg_id
hostname2
ohostname
ofullurl
internal_collabnames
external_collabnames
ointernal_collabnames
oexternal_collabnames
file_msg_mod_time
filepath
filedownloadtimems
filescantimems
epochlastmodtime
filesource
lastmodtime
proxy.zscaler.zia.saas_repository
proxy.zscaler.zia.tunnel
proxy.zscaler.zia.web
parsedate(replace(datetime_tmp, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC", "en-US"))
datetime_tmp
tunnelactionname
vpncredentialname
destvip
sourceip
tunneltype
eventreason
srcport
txbytes
rxbytes
txpackets
rxpackets
dpdrec
lifetime
spi_in
spi_out
dstport
algo
authentication
authtype
vendorname
ikeversion
spi
destipstart
destipend
srcipstart
srcipend
srcportstart
destportstart
lifebytes
tunnelprotocol
ifthenelse(isnull(datetime_), parsedate(replace(datetime_str, " ", " "), dateformat("ddd MMM DD HH:mm:ss YYYY", "UTC")), datetime_)
datetime_
datetime_str
mon
day
str(reqsize)
str(respsize)
str(totalsize)
b64referer
b64url
b64ua
referer_url
event__hostname
client_ipv4
client_ipv6
client_public_ipv4
client_public_ipv6
server_ipv4
server_ipv6
str(riskscore)
str(recordid)
keyprotectiontype