Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Zscaler Private Access] Issue mapping event.created in audit logs #5346

Closed
srilumpa opened this issue Feb 21, 2023 · 3 comments · Fixed by #5409
Closed

[Zscaler Private Access] Issue mapping event.created in audit logs #5346

srilumpa opened this issue Feb 21, 2023 · 3 comments · Fixed by #5409
Assignees
@vinit-chauhan
Labels
Integration:ZscalerZPA

Comments

@srilumpa
Copy link
Contributor

Hello,

I have noticed a mapping issue for the event.created field set here and introduced in 71c5255. This change made the event.created field mapped to a keyword type instead of a date, either because the set processor copies it as a string or because the mapping of this specific field is not set for the data stream.

If needed, I can prepare a PR to try to fix this issue.
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@vinit-chauhan
Copy link
Contributor

Hey @srilumpa - Thanks for bringing it to our attention.
As you mentioned, it seems like there is some issue with the ECS mappings, and I really appreciate your willingness to raise a PR. However, we are already working on an enhancement in the package, where we are planning to leverage the newly introduced dynamic ECS, which would resolve this issue.
I will keep you posted on any updates. 😄

@ashaka-elastic ashaka-elastic mentioned this issue Feb 28, 2023
Merged
4 tasks
@elasticmachine
Copy link

Package zscaler_zpa - 1.5.1 containing this change is available at https://epr.elastic.co/search?package=zscaler_zpa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vinit-chauhan vinit-chauhan

Labels
Integration:ZscalerZPA
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Zscaler ZPA] Add dynamic mapping and resolve issue related to ECS field ashaka-elastic/integrations
4 participants
@srilumpa @elasticmachine @jamiehynds @vinit-chauhan