Mappings: Zscaler Workload Segmentation Catch All - Parser
| Input | Value |
|---|---|
| Vendor | Zscaler |
| Product | Workload Segmentation |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Zscaler |
| Product | Workload Segmentation |
| Record Type | Network |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | storedTargetPolicy.action | |
| application | storedTargetApplicationName | |
| description | message | |
| dstDevice_hostname | storedTargetHostName | |
| dstDevice_ip | storedTargetHostAddr | |
| dstPort | storedTargetHostPort | |
| ipProtocol | l4Protocol | This is a lookup field. More info to come in the catalog later... |
| srcDevice_ip | storedSourceHostAddr | |
| srcPort | storedSourceHostPort | |
| success | storedTargetPolicy.action | This is a lookup field. More info to come in the catalog later... |