From c8df84d046ae676895b16ef4779e85372140a026 Mon Sep 17 00:00:00 2001 From: Krishna keshri Date: Wed, 6 May 2026 13:47:59 +0530 Subject: [PATCH 1/4] DINT-2043 : New format field added --- schema/event_schema.json | 839 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 808 insertions(+), 31 deletions(-) diff --git a/schema/event_schema.json b/schema/event_schema.json index a655bec..c0a0e1f 100644 --- a/schema/event_schema.json +++ b/schema/event_schema.json @@ -1195,7 +1195,7 @@ "example": [ "In December 2020, a threat actor shared what was is alleged to be a database leaked from gonitro.com--a provider of PDF software. The data was said to contain approximately 77M usernames and passwords.", "Unauthorized access", - "Renting Authority (rentingauthority[.]com) \u2013 a U.S.-based employment, rental verification, online rent payments service provider company \u2013 allegedly suffered a security incident, in which 290,569 email addresses were exposed and subsequently shared on several deep web forums. Of these, an assessed 266,189 records were successfully linked to plain-text passwords. The threat actor noted that the data dump from August 2022. Other notable data fields observed in this package include: full names, phone numbers, SSN, date of birth, driver license and user activity. The threat actor did not disclose the ultimate source of the data breach or how it was exploited." + "Renting Authority (rentingauthority[.]com) – a U.S.-based employment, rental verification, online rent payments service provider company – allegedly suffered a security incident, in which 290,569 email addresses were exposed and subsequently shared on several deep web forums. Of these, an assessed 266,189 records were successfully linked to plain-text passwords. The threat actor noted that the data dump from August 2022. Other notable data fields observed in this package include: full names, phone numbers, SSN, date of birth, driver license and user activity. The threat actor did not disclose the ultimate source of the data breach or how it was exploited." ], "event_types": [ "alert", @@ -2440,7 +2440,7 @@ { "parameter_name": "cs-username", "type": "String", - "description": "The client\u2019s username.", + "description": "The client’s username.", "example": [ "Bill@companyname.com", "test_user@companyname.com", @@ -2575,7 +2575,7 @@ { "parameter_name": "date", "type": "String", - "description": "Date of generation, YY-MM-DD format. NOTE: Human readable string for the \u201cx-cs-timestamp\u201d field.", + "description": "Date of generation, YY-MM-DD format. NOTE: Human readable string for the “x-cs-timestamp” field.", "example": [ "08/07/19", "05/07/23" @@ -2715,7 +2715,7 @@ { "parameter_name": "destination_instance_id", "type": "String", - "description": "The Saas/Iaas App\u2019s Instance configured as storage for forensics.", + "description": "The Saas/Iaas App’s Instance configured as storage for forensics.", "example": [ "recargapay.com", "emburse.com", @@ -3273,8 +3273,8 @@ "example": [ "r5kessan.data", "20240221091235.zip", - "PW14102\u3010\u6982\u8981\u66f8\u3000\u4ed6\u3011\u6c34\u9053\u753a_.pdf", - "\u3010\u6982\u8981\u66f8\u3011\u6c34\u9053\u753a.pdf", + "PW14102【概要書 他】水道町_.pdf", + "【概要書】水道町.pdf", "Test_Corporate Presentation_December", "0519-24-TEST_AU-CFF-26964_OP-3136_Dog_PO_Protocol_Part- 2" ], @@ -3563,7 +3563,7 @@ "TennCare Member ID and Drug Name", "PIS-PASEP", "Nome Brasileiro dummy proximo a Email", - "Endere\u00e7os test Brasileiros", + "Endereços test Brasileiros", "Titulo de Eleitor", "demo_Credit_CAM", "Test_Account_Challans fr Statutory Payment" @@ -3915,7 +3915,7 @@ "example": [ "Ikebukuro", "Nishikata", - "\u014ctemachi", + "Ōtemachi", "Ebara", "Chiyo", "Rosman", @@ -6072,7 +6072,7 @@ "example": [ "trical forage", "clearview farm", - "\u041a\u0438\u0440\u0438\u0447\u0435\u043d\u043a\u043e \u0412\u0438\u043a\u0442\u043e\u0440", + "Кириченко Виктор", "food to live", "very finnish problems", "natashas_baking", @@ -8886,7 +8886,7 @@ "DND - ChatGPT", "DND Default Categories", "DND - GitHub Copilot", - "GoogleCloud-SDK\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8 No110", + "GoogleCloud-SDKアップデート No110", "JetBrain No476" ], "event_types": [ @@ -9410,7 +9410,7 @@ { "parameter_name": "publisher_name", "type": "String", - "description": "The publisher name for the Network Events. It\u2019s a NPA component runs on customer\u2019s premise which connects the cloud and customer\u2019s private app.", + "description": "The publisher name for the Network Events. It’s a NPA component runs on customer’s premise which connects the cloud and customer’s private app.", "example": [ "PAPNPA02-ABT", "Nethub US - 782 - B", @@ -10311,7 +10311,7 @@ { "parameter_name": "s-ip", "type": "String", - "description": "The server IPv4 address. NOTE: During SSL bypass, the s-ip field displays as Unavailable when it\u2019s neither IPv4 or IPv6.", + "description": "The server IPv4 address. NOTE: During SSL bypass, the s-ip field displays as Unavailable when it’s neither IPv4 or IPv6.", "example": [ "70.42.029.126", "216.58.193.33", @@ -11650,7 +11650,7 @@ "Astana", "Moscow Oblast", "Iles du Vent", - "Constan\u021ba", + "Constanța", "Voronezh Oblast" ], "event_types": [ @@ -12081,7 +12081,7 @@ "type": "String", "description": "List of tags associated with the asset for which alert is raised. Each tag is a key/value pair.", "example": [ - "[{\u201cname\u201d: \u201cmajor environment\u201d, \u201cvalue\u201d: \u201ctest\u201d}, {\u201cname\u201d: \u201cowner\u201d, \u201cvalue\u201d: \u201cabc\u201d }]" + "[{“name”: “major environment”, “value”: “test”}, {“name”: “owner”, “value”: “abc” }]" ], "event_types": [ "alert", @@ -12267,7 +12267,7 @@ { "parameter_name": "time", "type": "String", - "description": "Time of generation in HH:MM-SEC format in GMT. NOTE: Human readable string for the \u201cx-cs-timestamp\u201d field.", + "description": "Time of generation in HH:MM-SEC format in GMT. NOTE: Human readable string for the “x-cs-timestamp” field.", "example": [ "01:02-39", "03:02-45" @@ -12403,7 +12403,7 @@ "lee-ann_wearing_dsb1_ca/Documents/UFLI - Law/SOUND WALL", "WEEKLY LEASING TASKS", "Message", - "20240221\u3000\u6771\u5b9dG\u58f2\u5374\u52d5\u753b\uff08\u753a\u7530\u30fb\u6e9d\u306e\u53e3\u30fb\u8abf\u5e03\uff09.xlsx" + "20240221 東宝G売却動画(町田・溝の口・調布).xlsx" ], "event_types": [ "alert", @@ -13331,7 +13331,7 @@ { "parameter_name": "user_confidence_index", "type": "Integer32", - "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user\u2019s behavior is. The lower UCI is, the more risky the user behavior is. The UCI starts from an initial value and is deducted an amount when the user\u2019s behavior is detected to be anomaly by UEBA engine. The user\u2019s UCI is daily-based, i.e. UEBA engine will create the new UCI with an initial score for users when an UTC day starts. Each user is supposed to start from 1000, but his/her previous day performance will rollover to current day and therefore impact the initial UCI", + "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user’s behavior is. The lower UCI is, the more risky the user behavior is. The UCI starts from an initial value and is deducted an amount when the user’s behavior is detected to be anomaly by UEBA engine. The user’s UCI is daily-based, i.e. UEBA engine will create the new UCI with an initial score for users when an UTC day starts. Each user is supposed to start from 1000, but his/her previous day performance will rollover to current day and therefore impact the initial UCI", "example": [ 100, 217, @@ -13359,7 +13359,7 @@ { "parameter_name": "user_confidence_level", "type": "String", - "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user\u2019s behavior is. User confidence level field holds risk level values.", + "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user’s behavior is. User confidence level field holds risk level values.", "example": [ "high", "medium", @@ -14121,7 +14121,7 @@ { "parameter_name": "x-c-browser", "type": "String", - "description": "Client\u2019s browser.", + "description": "Client’s browser.", "example": [ "Firefox", "Safari", @@ -14144,7 +14144,7 @@ { "parameter_name": "x-c-browser-version", "type": "Integer32", - "description": "Client\u2019s browser version.", + "description": "Client’s browser version.", "example": [ 50, 32, @@ -14190,7 +14190,7 @@ { "parameter_name": "x-c-device", "type": "String", - "description": "Client\u2019s device type.", + "description": "Client’s device type.", "example": [ "Windows device", "Macbook" @@ -15148,8 +15148,8 @@ "type": "String", "description": "Provides details of the SSL Engine action.", "example": [ - "SSL Error \u2013 Incomplete Certificate Trust Chain", - "SSL Error \u2013 Invalid Certificate Trust Chain" + "SSL Error – Incomplete Certificate Trust Chain", + "SSL Error – Invalid Certificate Trust Chain" ], "event_types": [ "transaction" @@ -15252,7 +15252,7 @@ { "parameter_name": "x-cs-timestamp", "type": "Integer64", - "description": "Date of the request as epoch time. NOTE: This field is the epoch version of the \u201cdate\u201d and \u201ctime\u201d fields.", + "description": "Date of the request as epoch time. NOTE: This field is the epoch version of the “date” and “time” fields.", "example": [ 1480330369, 1680330369, @@ -15275,7 +15275,7 @@ { "parameter_name": "x-cs-traffic-type", "type": "String", - "description": "Type of traffic could be \u201cWeb\u201d or \u201cCloudApp\u201d. NOTE: During SSL bypass, x-cs-traffic-type always displays as Unavailable.", + "description": "Type of traffic could be “Web” or “CloudApp”. NOTE: During SSL bypass, x-cs-traffic-type always displays as Unavailable.", "example": [ "Web", "CloudApp" @@ -15534,7 +15534,7 @@ { "parameter_name": "x-policy-justification-reason", "type": "String", - "description": "The justification provided by the end user in case of \u201cuseralert\u201d action.", + "description": "The justification provided by the end user in case of “useralert” action.", "example": [ "sharing with a trusted partner", "needed for a demo" @@ -15554,7 +15554,7 @@ { "parameter_name": "x-policy-justification-type", "type": "String", - "description": "The justification type selected by the end user in case of \u201cuseralert\u201d action.", + "description": "The justification type selected by the end user in case of “useralert” action.", "example": [ "justification" ], @@ -15846,7 +15846,7 @@ { "parameter_name": "x-r-cert-valid", "type": "String", - "description": "Overall result of the evaluation of the validity of the server certificate received from destination server. This field doesn\u2019t reflect the action of the SSL Engine.", + "description": "Overall result of the evaluation of the validity of the server certificate received from destination server. This field doesn’t reflect the action of the SSL Engine.", "example": [ "yes", "no" @@ -16187,7 +16187,7 @@ { "parameter_name": "x-sc-notification-name", "type": "String", - "description": "The name of the user notification displayed to the end user in case of action \u201cblock\u201d or \u201cuseralert\u201d.", + "description": "The name of the user notification displayed to the end user in case of action “block” or “useralert”.", "example": [ "block_page.html", "allow_page.html" @@ -16543,7 +16543,7 @@ "type": "String", "description": "Indicates if the request was SSL bypassed, this field provides the reason.", "example": [ - "SSL Error \u2013 SSL Handshake Error" + "SSL Error – SSL Handshake Error" ], "event_types": [ "transaction" @@ -16731,7 +16731,7 @@ { "parameter_name": "x-type", "type": "String", - "description": "The type of log message, which can be \u201chttp_transaction\u201d or \u201cWebSocket\u201d. NOTE: When parsing an HTTP Upgrade response, Netskope uses the Upgrade header to determine if the traffic is WebSocket.", + "description": "The type of log message, which can be “http_transaction” or “WebSocket”. NOTE: When parsing an HTTP Upgrade response, Netskope uses the Upgrade header to determine if the traffic is WebSocket.", "example": [ "http_transaction", "WebSocket" @@ -16878,5 +16878,782 @@ "event_types": [ "incident" ] + }, + { + "parameter_name": "sr-bytes", + "type": "Integer64", + "description": "Bytes sent from the POP to Remote Server.", + "example": [ + 1024, + 2048, + 512 + ], + "event_types": [ + "transaction" + ], + "position": 147, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "rs-bytes", + "type": "Integer64", + "description": "Bytes received from the Remote Server to the POP.", + "example": [ + 2048, + 4096, + 1024 + ], + "event_types": [ + "transaction" + ], + "position": 148, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-action", + "type": "String", + "description": "Final action applied at the POP (allow, block or redirect): block — the Client didn't have access to the content of the Remote Server (user not allowed or processing exception); allow — the Client received the data from the Remote Server; redirect — the Client received a redirect instead of the Remote Server content. Check x-action-reason for more details.", + "example": [ + "Unknown(this is should not happen)", + "Allow", + "Block", + "Redirect" + ], + "event_types": [ + "transaction" + ], + "position": 149, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-action-reason", + "type": "String", + "description": "Provides insights on the cause of the x-action value.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 150, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authn-user", + "type": "String", + "description": "Username after authentication. Special values: Unauthenticated, Pending, Exception.", + "example": [ + "bobbuilder@netskope.com" + ], + "event_types": [ + "transaction" + ], + "position": 151, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authn-source", + "type": "String", + "description": "Source of the authentication.", + "example": [ + "NSClient-Tunnel" + ], + "event_types": [ + "transaction" + ], + "position": 152, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authn-surrogate", + "type": "String", + "description": "Type of surrogate used to track the authentication.", + "example": [ + "Tunnel" + ], + "event_types": [ + "transaction" + ], + "position": 153, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authn-surrogate-status", + "type": "String", + "description": "Status of the surrogate. Mostly used to troubleshoot authentication issues.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 154, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authz-groups", + "type": "List", + "description": "List of groups of the User after authentication. Includes all groups referenced in the policies, even if the policies are not matching this request.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 155, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authz-ou", + "type": "String", + "description": "Organization Unit of the User after authentication.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 156, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-xau", + "type": "String", + "description": "X-Authenticated-User header value received in the Client to POP HTTP GET request. Empty if there is no header or if GET is not decrypted.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 157, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-connect-xau", + "type": "String", + "description": "X-Authenticated-User header value received in the Client to POP HTTP CONNECT request. Empty if there is no CONNECT or field is missing.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 158, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-user-confidence-index", + "type": "Integer32", + "description": "User Confidence Index. Requires at least one policy based on user score.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 159, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-hostname", + "type": "String", + "description": "Hostname of the Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [], + "event_types": [ + "transaction" + ], + "position": 160, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-device-uid", + "type": "String", + "description": "Device unique identifier computed by NS Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [], + "event_types": [ + "transaction" + ], + "position": 161, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-os-family", + "type": "String", + "description": "OS Family of the Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [], + "event_types": [ + "transaction" + ], + "position": 162, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-os-version", + "type": "String", + "description": "OS Version of the Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [ + "WINDOWS NT10" + ], + "event_types": [ + "transaction" + ], + "position": 163, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-nsclient-version", + "type": "String", + "description": "NS Client version of the Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [], + "event_types": [ + "transaction" + ], + "position": 164, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-nsclient-client-profile", + "type": "String", + "description": "Client Profile of NS Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [], + "event_types": [ + "transaction" + ], + "position": 165, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-nsclient-steering-profile", + "type": "String", + "description": "Steering Profile of NS Client. Requires NS Client in active steering mode.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 166, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-device-classification", + "type": "String", + "description": "Classification profile of NS Client. Requires NS Client to be installed (both steering active and disabled supported).", + "example": [], + "event_types": [ + "transaction" + ], + "position": 167, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-nsclient-tunnel-type", + "type": "String", + "description": "NS Client tunnel mode (TLS or DTLS). Requires NS Client in active steering mode.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 168, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-process", + "type": "String", + "description": "Process Name on the Client. Requires NS Client in active steering mode.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 169, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-pid", + "type": "Integer32", + "description": "Process ID on the Client. Requires NS Client in active steering mode.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 170, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-parent-process", + "type": "String", + "description": "Parent Process Name on the Client. Requires NS Client in active steering mode.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 171, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-ppid", + "type": "Integer32", + "description": "Parent Process ID on the Client. Requires NS Client in active steering mode.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 172, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-tp-result", + "type": "List", + "description": "Threat Protection evaluation result.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 173, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-tp-engine", + "type": "List", + "description": "Threat Protection engine name in case of malware detection.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 174, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-tp-malware-name", + "type": "List", + "description": "Malware name in case of malware detection.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 175, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-tp-severity", + "type": "List", + "description": "Malware severity in case of malware detection.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 176, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-sr-forward-dest", + "type": "String", + "description": "Destination Proxy name when forward to proxy is applied on the POP to Remote Server request.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 177, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-ssl-policy-issuer", + "type": "String", + "description": "Certificate Authority name used to perform SSL Interception.", + "example": [ + "Netskope CA", + "Netskope CA (Expiring) -> Netskope CA (Old)", + "Netskope CA (New)", + "Netskope ECA", + "Netskope ECA (Expiring) -> Netskope ECA (Old)", + "Netskope ECA (New)", + "BYOK", + "OnPremHSM" + ], + "event_types": [ + "transaction" + ], + "position": 178, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-eip-policy-name", + "type": "String", + "description": "Egress IP policy name matching the POP to Remote Server request.", + "example": [ + "Subsibiary ABC rule" + ], + "event_types": [ + "transaction" + ], + "position": 179, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-eip-policy-footprint", + "type": "String", + "description": "Egress Footprint name matching the POP to Remote Server request.", + "example": [ + "ABC", + "LZ-BE (for belgium)" + ], + "event_types": [ + "transaction" + ], + "position": 180, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-policy-categories", + "type": "List", + "description": "All custom and predefined categories applicable for the URL in this transaction. Separator between values is ';'.", + "example": [ + [ + "Games", + "News & Media" + ] + ], + "event_types": [ + "transaction" + ], + "position": 181, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-timezone", + "type": "String", + "description": "Local timezone of the Client computed from geolocation of the device IP.", + "example": [ + "-01:00", + "+08:00" + ], + "event_types": [ + "transaction" + ], + "position": 182, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-support", + "type": "String", + "description": "[Not in public Transaction Events Fields Reference — please verify with internal docs or Netskope Support.]", + "example": [ + "1-2:3:4;" + ], + "event_types": [ + "transaction" + ], + "position": 183, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-country", + "type": "String", + "description": "Country of the Remote Server.", + "example": [ + "US" + ], + "event_types": [ + "transaction" + ], + "position": 184, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-latitude", + "type": "Float", + "description": "Latitude of the Remote Server.", + "example": [ + 37.4192008972167 + ], + "event_types": [ + "transaction" + ], + "position": 185, + "default_value": 0.0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-longitude", + "type": "Float", + "description": "Longitude of the Remote Server.", + "example": [ + -122.057403564453 + ], + "event_types": [ + "transaction" + ], + "position": 186, + "default_value": 0.0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-location", + "type": "String", + "description": "Location (e.g. city) of the Remote Server.", + "example": [ + "Mountain View" + ], + "event_types": [ + "transaction" + ], + "position": 187, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-region", + "type": "String", + "description": "Region (e.g. state) of the Remote Server.", + "example": [ + "California" + ], + "event_types": [ + "transaction" + ], + "position": 188, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-zipcode", + "type": "String", + "description": "Zip code of the Remote Server.", + "example": [ + "94043" + ], + "event_types": [ + "transaction" + ], + "position": 189, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-authz-source", + "type": "String", + "description": "Source of the User identity.", + "example": [ + "Internal" + ], + "event_types": [ + "transaction" + ], + "position": 190, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-app-instance-tags", + "type": "List", + "description": "List of Cloud Application Instance tags.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 191, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-ssl-malformed-ssl", + "type": "String", + "description": "Indicates if the SSL Engine encounters malformed SSL packet during SSL/TLS negotiation between the Client and the POP.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 192, + "default_value": "", + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-cs-access-proxy", + "type": "List", + "description": "List of Access Proxy configuration matching the request from the Client to the POP.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 193, + "default_value": [], + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-c-local-timestamp", + "type": "Integer64", + "description": "Local time of the Client computed from geolocation of the device IP. Epoch format in seconds.", + "example": [ + 1748934646 + ], + "event_types": [ + "transaction" + ], + "position": 194, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-cert-start", + "type": "Integer64", + "description": "Start date/time of the Remote Server certificate. Epoch format in seconds.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 195, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-r-cert-end", + "type": "Integer64", + "description": "End date/time of the Remote Server certificate. Epoch format in seconds.", + "example": [], + "event_types": [ + "transaction" + ], + "position": 196, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] + }, + { + "parameter_name": "x-tenant-id", + "type": "Integer32", + "description": "ID of the Netskope Tenant. Useful when exporting events of multiple tenants in the same SIEM.", + "example": [ + 324123 + ], + "event_types": [ + "transaction" + ], + "position": 197, + "default_value": 0, + "applicable_for": [ + "log_streaming" + ] } ] \ No newline at end of file From 360d0a58889e4ac4cd466ab077b1548ecf7b96af Mon Sep 17 00:00:00 2001 From: Krishna keshri Date: Fri, 8 May 2026 15:48:07 +0530 Subject: [PATCH 2/4] DINT-2043 : updated version field in newly added field --- schema/event_schema.json | 257 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 256 insertions(+), 1 deletion(-) diff --git a/schema/event_schema.json b/schema/event_schema.json index c0a0e1f..d333b71 100644 --- a/schema/event_schema.json +++ b/schema/event_schema.json @@ -16895,6 +16895,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -16913,6 +16918,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -16932,6 +16942,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -16946,6 +16961,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -16962,6 +16982,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -16978,6 +17003,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -16994,6 +17024,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17008,6 +17043,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17022,6 +17062,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17036,6 +17081,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17050,6 +17100,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17064,6 +17119,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17078,6 +17138,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17092,6 +17157,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17106,6 +17176,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17120,6 +17195,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17136,6 +17216,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17150,6 +17235,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17164,6 +17254,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17178,6 +17273,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17192,6 +17292,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17206,6 +17311,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17220,6 +17330,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17234,6 +17349,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17248,6 +17368,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17262,6 +17387,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17276,6 +17406,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17290,6 +17425,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17304,6 +17444,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17318,6 +17463,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17332,6 +17482,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17355,6 +17510,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17371,6 +17531,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17388,6 +17553,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17407,6 +17577,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17424,6 +17599,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17440,6 +17620,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17456,6 +17641,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17472,6 +17662,11 @@ "default_value": 0.0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17488,6 +17683,11 @@ "default_value": 0.0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17504,6 +17704,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17520,6 +17725,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17536,6 +17746,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17552,6 +17767,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17566,6 +17786,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17580,6 +17805,11 @@ "default_value": "", "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17594,6 +17824,11 @@ "default_value": [], "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17610,6 +17845,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17624,6 +17864,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17638,6 +17883,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] }, { @@ -17654,6 +17904,11 @@ "default_value": 0, "applicable_for": [ "log_streaming" + ], + "version": [ + "v1", + "v2", + "v3" ] } -] \ No newline at end of file +] From 4fd2d092a72ac83dc1a8f6317e89363d22774e6c Mon Sep 17 00:00:00 2001 From: Krishna keshri Date: Fri, 8 May 2026 16:31:51 +0530 Subject: [PATCH 3/4] DINT-2043 : updated version field in newly added field 2 --- schema/event_schema.json | 68 ++++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/schema/event_schema.json b/schema/event_schema.json index d333b71..0d45edf 100644 --- a/schema/event_schema.json +++ b/schema/event_schema.json @@ -1195,7 +1195,7 @@ "example": [ "In December 2020, a threat actor shared what was is alleged to be a database leaked from gonitro.com--a provider of PDF software. The data was said to contain approximately 77M usernames and passwords.", "Unauthorized access", - "Renting Authority (rentingauthority[.]com) – a U.S.-based employment, rental verification, online rent payments service provider company – allegedly suffered a security incident, in which 290,569 email addresses were exposed and subsequently shared on several deep web forums. Of these, an assessed 266,189 records were successfully linked to plain-text passwords. The threat actor noted that the data dump from August 2022. Other notable data fields observed in this package include: full names, phone numbers, SSN, date of birth, driver license and user activity. The threat actor did not disclose the ultimate source of the data breach or how it was exploited." + "Renting Authority (rentingauthority[.]com) \u2013 a U.S.-based employment, rental verification, online rent payments service provider company \u2013 allegedly suffered a security incident, in which 290,569 email addresses were exposed and subsequently shared on several deep web forums. Of these, an assessed 266,189 records were successfully linked to plain-text passwords. The threat actor noted that the data dump from August 2022. Other notable data fields observed in this package include: full names, phone numbers, SSN, date of birth, driver license and user activity. The threat actor did not disclose the ultimate source of the data breach or how it was exploited." ], "event_types": [ "alert", @@ -2440,7 +2440,7 @@ { "parameter_name": "cs-username", "type": "String", - "description": "The client’s username.", + "description": "The client\u2019s username.", "example": [ "Bill@companyname.com", "test_user@companyname.com", @@ -2575,7 +2575,7 @@ { "parameter_name": "date", "type": "String", - "description": "Date of generation, YY-MM-DD format. NOTE: Human readable string for the “x-cs-timestamp” field.", + "description": "Date of generation, YY-MM-DD format. NOTE: Human readable string for the \u201cx-cs-timestamp\u201d field.", "example": [ "08/07/19", "05/07/23" @@ -2715,7 +2715,7 @@ { "parameter_name": "destination_instance_id", "type": "String", - "description": "The Saas/Iaas App’s Instance configured as storage for forensics.", + "description": "The Saas/Iaas App\u2019s Instance configured as storage for forensics.", "example": [ "recargapay.com", "emburse.com", @@ -3273,8 +3273,8 @@ "example": [ "r5kessan.data", "20240221091235.zip", - "PW14102【概要書 他】水道町_.pdf", - "【概要書】水道町.pdf", + "PW14102\u3010\u6982\u8981\u66f8\u3000\u4ed6\u3011\u6c34\u9053\u753a_.pdf", + "\u3010\u6982\u8981\u66f8\u3011\u6c34\u9053\u753a.pdf", "Test_Corporate Presentation_December", "0519-24-TEST_AU-CFF-26964_OP-3136_Dog_PO_Protocol_Part- 2" ], @@ -3563,7 +3563,7 @@ "TennCare Member ID and Drug Name", "PIS-PASEP", "Nome Brasileiro dummy proximo a Email", - "Endereços test Brasileiros", + "Endere\u00e7os test Brasileiros", "Titulo de Eleitor", "demo_Credit_CAM", "Test_Account_Challans fr Statutory Payment" @@ -3915,7 +3915,7 @@ "example": [ "Ikebukuro", "Nishikata", - "Ōtemachi", + "\u014ctemachi", "Ebara", "Chiyo", "Rosman", @@ -6072,7 +6072,7 @@ "example": [ "trical forage", "clearview farm", - "Кириченко Виктор", + "\u041a\u0438\u0440\u0438\u0447\u0435\u043d\u043a\u043e \u0412\u0438\u043a\u0442\u043e\u0440", "food to live", "very finnish problems", "natashas_baking", @@ -6681,7 +6681,7 @@ { "parameter_name": "lh_custodian_email", "type": "String", - "description": "Email address of the custodian associated with the Legal Hold profile. This value is derived from the customer’s Legal Hold configuration.", + "description": "Email address of the custodian associated with the Legal Hold profile. This value is derived from the customer\u2019s Legal Hold configuration.", "example": [ "apic_auto_custodian@autoskope.com", "john@democompany.com" @@ -8886,7 +8886,7 @@ "DND - ChatGPT", "DND Default Categories", "DND - GitHub Copilot", - "GoogleCloud-SDKアップデート No110", + "GoogleCloud-SDK\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8 No110", "JetBrain No476" ], "event_types": [ @@ -9410,7 +9410,7 @@ { "parameter_name": "publisher_name", "type": "String", - "description": "The publisher name for the Network Events. It’s a NPA component runs on customer’s premise which connects the cloud and customer’s private app.", + "description": "The publisher name for the Network Events. It\u2019s a NPA component runs on customer\u2019s premise which connects the cloud and customer\u2019s private app.", "example": [ "PAPNPA02-ABT", "Nethub US - 782 - B", @@ -10311,7 +10311,7 @@ { "parameter_name": "s-ip", "type": "String", - "description": "The server IPv4 address. NOTE: During SSL bypass, the s-ip field displays as Unavailable when it’s neither IPv4 or IPv6.", + "description": "The server IPv4 address. NOTE: During SSL bypass, the s-ip field displays as Unavailable when it\u2019s neither IPv4 or IPv6.", "example": [ "70.42.029.126", "216.58.193.33", @@ -11650,7 +11650,7 @@ "Astana", "Moscow Oblast", "Iles du Vent", - "Constanța", + "Constan\u021ba", "Voronezh Oblast" ], "event_types": [ @@ -12081,7 +12081,7 @@ "type": "String", "description": "List of tags associated with the asset for which alert is raised. Each tag is a key/value pair.", "example": [ - "[{“name”: “major environment”, “value”: “test”}, {“name”: “owner”, “value”: “abc” }]" + "[{\u201cname\u201d: \u201cmajor environment\u201d, \u201cvalue\u201d: \u201ctest\u201d}, {\u201cname\u201d: \u201cowner\u201d, \u201cvalue\u201d: \u201cabc\u201d }]" ], "event_types": [ "alert", @@ -12267,7 +12267,7 @@ { "parameter_name": "time", "type": "String", - "description": "Time of generation in HH:MM-SEC format in GMT. NOTE: Human readable string for the “x-cs-timestamp” field.", + "description": "Time of generation in HH:MM-SEC format in GMT. NOTE: Human readable string for the \u201cx-cs-timestamp\u201d field.", "example": [ "01:02-39", "03:02-45" @@ -12403,7 +12403,7 @@ "lee-ann_wearing_dsb1_ca/Documents/UFLI - Law/SOUND WALL", "WEEKLY LEASING TASKS", "Message", - "20240221 東宝G売却動画(町田・溝の口・調布).xlsx" + "20240221\u3000\u6771\u5b9dG\u58f2\u5374\u52d5\u753b\uff08\u753a\u7530\u30fb\u6e9d\u306e\u53e3\u30fb\u8abf\u5e03\uff09.xlsx" ], "event_types": [ "alert", @@ -13331,7 +13331,7 @@ { "parameter_name": "user_confidence_index", "type": "Integer32", - "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user’s behavior is. The lower UCI is, the more risky the user behavior is. The UCI starts from an initial value and is deducted an amount when the user’s behavior is detected to be anomaly by UEBA engine. The user’s UCI is daily-based, i.e. UEBA engine will create the new UCI with an initial score for users when an UTC day starts. Each user is supposed to start from 1000, but his/her previous day performance will rollover to current day and therefore impact the initial UCI", + "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user\u2019s behavior is. The lower UCI is, the more risky the user behavior is. The UCI starts from an initial value and is deducted an amount when the user\u2019s behavior is detected to be anomaly by UEBA engine. The user\u2019s UCI is daily-based, i.e. UEBA engine will create the new UCI with an initial score for users when an UTC day starts. Each user is supposed to start from 1000, but his/her previous day performance will rollover to current day and therefore impact the initial UCI", "example": [ 100, 217, @@ -13359,7 +13359,7 @@ { "parameter_name": "user_confidence_level", "type": "String", - "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user’s behavior is. User confidence level field holds risk level values.", + "description": "UCI (User Confidence Index) is one of the ways that UEBA describes how risky the user\u2019s behavior is. User confidence level field holds risk level values.", "example": [ "high", "medium", @@ -14121,7 +14121,7 @@ { "parameter_name": "x-c-browser", "type": "String", - "description": "Client’s browser.", + "description": "Client\u2019s browser.", "example": [ "Firefox", "Safari", @@ -14144,7 +14144,7 @@ { "parameter_name": "x-c-browser-version", "type": "Integer32", - "description": "Client’s browser version.", + "description": "Client\u2019s browser version.", "example": [ 50, 32, @@ -14190,7 +14190,7 @@ { "parameter_name": "x-c-device", "type": "String", - "description": "Client’s device type.", + "description": "Client\u2019s device type.", "example": [ "Windows device", "Macbook" @@ -15148,8 +15148,8 @@ "type": "String", "description": "Provides details of the SSL Engine action.", "example": [ - "SSL Error – Incomplete Certificate Trust Chain", - "SSL Error – Invalid Certificate Trust Chain" + "SSL Error \u2013 Incomplete Certificate Trust Chain", + "SSL Error \u2013 Invalid Certificate Trust Chain" ], "event_types": [ "transaction" @@ -15252,7 +15252,7 @@ { "parameter_name": "x-cs-timestamp", "type": "Integer64", - "description": "Date of the request as epoch time. NOTE: This field is the epoch version of the “date” and “time” fields.", + "description": "Date of the request as epoch time. NOTE: This field is the epoch version of the \u201cdate\u201d and \u201ctime\u201d fields.", "example": [ 1480330369, 1680330369, @@ -15275,7 +15275,7 @@ { "parameter_name": "x-cs-traffic-type", "type": "String", - "description": "Type of traffic could be “Web” or “CloudApp”. NOTE: During SSL bypass, x-cs-traffic-type always displays as Unavailable.", + "description": "Type of traffic could be \u201cWeb\u201d or \u201cCloudApp\u201d. NOTE: During SSL bypass, x-cs-traffic-type always displays as Unavailable.", "example": [ "Web", "CloudApp" @@ -15534,7 +15534,7 @@ { "parameter_name": "x-policy-justification-reason", "type": "String", - "description": "The justification provided by the end user in case of “useralert” action.", + "description": "The justification provided by the end user in case of \u201cuseralert\u201d action.", "example": [ "sharing with a trusted partner", "needed for a demo" @@ -15554,7 +15554,7 @@ { "parameter_name": "x-policy-justification-type", "type": "String", - "description": "The justification type selected by the end user in case of “useralert” action.", + "description": "The justification type selected by the end user in case of \u201cuseralert\u201d action.", "example": [ "justification" ], @@ -15846,7 +15846,7 @@ { "parameter_name": "x-r-cert-valid", "type": "String", - "description": "Overall result of the evaluation of the validity of the server certificate received from destination server. This field doesn’t reflect the action of the SSL Engine.", + "description": "Overall result of the evaluation of the validity of the server certificate received from destination server. This field doesn\u2019t reflect the action of the SSL Engine.", "example": [ "yes", "no" @@ -16187,7 +16187,7 @@ { "parameter_name": "x-sc-notification-name", "type": "String", - "description": "The name of the user notification displayed to the end user in case of action “block” or “useralert”.", + "description": "The name of the user notification displayed to the end user in case of action \u201cblock\u201d or \u201cuseralert\u201d.", "example": [ "block_page.html", "allow_page.html" @@ -16543,7 +16543,7 @@ "type": "String", "description": "Indicates if the request was SSL bypassed, this field provides the reason.", "example": [ - "SSL Error – SSL Handshake Error" + "SSL Error \u2013 SSL Handshake Error" ], "event_types": [ "transaction" @@ -16731,7 +16731,7 @@ { "parameter_name": "x-type", "type": "String", - "description": "The type of log message, which can be “http_transaction” or “WebSocket”. NOTE: When parsing an HTTP Upgrade response, Netskope uses the Upgrade header to determine if the traffic is WebSocket.", + "description": "The type of log message, which can be \u201chttp_transaction\u201d or \u201cWebSocket\u201d. NOTE: When parsing an HTTP Upgrade response, Netskope uses the Upgrade header to determine if the traffic is WebSocket.", "example": [ "http_transaction", "WebSocket" @@ -16928,7 +16928,7 @@ { "parameter_name": "x-action", "type": "String", - "description": "Final action applied at the POP (allow, block or redirect): block — the Client didn't have access to the content of the Remote Server (user not allowed or processing exception); allow — the Client received the data from the Remote Server; redirect — the Client received a redirect instead of the Remote Server content. Check x-action-reason for more details.", + "description": "Final action applied at the POP (allow, block or redirect): block \u2014 the Client didn't have access to the content of the Remote Server (user not allowed or processing exception); allow \u2014 the Client received the data from the Remote Server; redirect \u2014 the Client received a redirect instead of the Remote Server content. Check x-action-reason for more details.", "example": [ "Unknown(this is should not happen)", "Allow", @@ -17609,7 +17609,7 @@ { "parameter_name": "x-support", "type": "String", - "description": "[Not in public Transaction Events Fields Reference — please verify with internal docs or Netskope Support.]", + "description": "[Not in public Transaction Events Fields Reference \u2014 please verify with internal docs or Netskope Support.]", "example": [ "1-2:3:4;" ], From dda5b9d3899aa3c0af9f2db93c35aeadeb5f3901 Mon Sep 17 00:00:00 2001 From: Krishna keshri Date: Mon, 11 May 2026 14:16:13 +0530 Subject: [PATCH 4/4] DINT-2043 : review commnet incorported --- schema/event_schema.json | 642 +++++++++++++++++++++------------------ 1 file changed, 343 insertions(+), 299 deletions(-) diff --git a/schema/event_schema.json b/schema/event_schema.json index 0d45edf..0473229 100644 --- a/schema/event_schema.json +++ b/schema/event_schema.json @@ -1432,7 +1432,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -1456,7 +1457,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2214,7 +2216,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2236,7 +2239,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2258,7 +2262,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2280,7 +2285,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2302,7 +2308,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2325,7 +2332,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2347,7 +2355,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2369,7 +2378,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2391,7 +2401,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2413,7 +2424,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2434,7 +2446,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2457,7 +2470,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -2591,7 +2605,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -10305,7 +10320,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -10329,7 +10345,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -10573,7 +10590,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -10596,7 +10614,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -10620,7 +10639,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -12283,7 +12303,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -12308,7 +12329,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14138,7 +14160,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14161,7 +14184,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14184,7 +14208,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14206,7 +14231,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14230,7 +14256,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14250,7 +14277,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14273,7 +14301,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14297,7 +14326,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14320,7 +14350,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14343,7 +14374,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14367,7 +14399,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14390,7 +14423,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14413,7 +14447,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14434,7 +14469,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14459,7 +14495,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14482,7 +14519,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14502,7 +14540,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14522,7 +14561,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14543,7 +14583,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14564,7 +14605,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14584,7 +14626,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14604,7 +14647,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14623,7 +14667,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14642,7 +14687,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14663,7 +14709,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14683,7 +14730,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14703,7 +14751,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14723,7 +14772,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14743,7 +14793,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14764,7 +14815,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14784,7 +14836,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14804,7 +14857,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14824,7 +14878,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14846,7 +14901,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14866,7 +14922,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14886,7 +14943,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14906,7 +14964,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14926,7 +14985,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14946,7 +15006,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -14969,7 +15030,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -14992,7 +15054,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15014,7 +15077,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15036,7 +15100,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15056,7 +15121,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15077,7 +15143,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15097,7 +15164,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15118,7 +15186,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15140,7 +15209,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15161,7 +15231,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15182,7 +15253,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15203,7 +15275,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15225,7 +15298,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15246,7 +15320,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15269,7 +15344,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15291,7 +15367,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15314,7 +15391,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15334,7 +15412,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15354,7 +15433,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15377,7 +15457,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15397,7 +15478,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15420,7 +15502,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15443,7 +15526,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15466,7 +15550,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15486,7 +15571,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15508,7 +15594,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15528,7 +15615,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15548,7 +15636,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15567,7 +15656,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15587,7 +15677,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15607,7 +15698,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15628,7 +15720,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15649,7 +15742,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15670,7 +15764,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15691,7 +15786,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15712,7 +15808,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15735,7 +15832,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15756,7 +15854,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15777,7 +15876,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15798,7 +15898,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15819,7 +15920,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15840,7 +15942,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15861,7 +15964,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -15884,7 +15988,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -15904,7 +16009,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15923,7 +16029,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15944,7 +16051,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15963,7 +16071,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -15982,7 +16091,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16002,7 +16112,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16025,7 +16136,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16046,7 +16158,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16066,7 +16179,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16089,7 +16203,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16112,7 +16227,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16135,7 +16251,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16158,7 +16275,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16181,7 +16299,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16201,7 +16320,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16222,7 +16342,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16242,7 +16363,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16262,7 +16384,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16283,7 +16406,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16304,7 +16428,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16324,7 +16449,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16344,7 +16470,8 @@ "log_streaming" ], "version": [ - "v3" + "v3", + "v4" ] }, { @@ -16365,7 +16492,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16386,7 +16514,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16408,7 +16537,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16429,7 +16559,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16450,7 +16581,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16472,7 +16604,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16493,7 +16626,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16514,7 +16648,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16535,7 +16670,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16555,7 +16691,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16576,7 +16713,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16597,7 +16735,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16618,7 +16757,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16639,7 +16779,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16660,7 +16801,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16681,7 +16823,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16702,7 +16845,8 @@ ], "version": [ "v2", - "v3" + "v3", + "v4" ] }, { @@ -16725,7 +16869,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16747,7 +16892,8 @@ "version": [ "v1", "v2", - "v3" + "v3", + "v4" ] }, { @@ -16897,9 +17043,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -16920,9 +17064,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -16944,9 +17086,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -16963,9 +17103,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -16984,9 +17122,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17005,9 +17141,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17026,9 +17160,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17045,9 +17177,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17064,9 +17194,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17083,9 +17211,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17102,9 +17228,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17121,9 +17245,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17140,9 +17262,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17159,9 +17279,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17178,9 +17296,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17197,9 +17313,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17218,9 +17332,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17237,9 +17349,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17256,9 +17366,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17275,9 +17383,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17294,9 +17400,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17313,9 +17417,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17332,9 +17434,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17351,9 +17451,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17370,9 +17468,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17389,9 +17485,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17408,9 +17502,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17427,9 +17519,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17446,9 +17536,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17465,9 +17553,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17484,9 +17570,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17512,9 +17596,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17533,9 +17615,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17555,9 +17635,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17579,9 +17657,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17601,9 +17677,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17622,9 +17696,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17643,9 +17715,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17664,9 +17734,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17685,9 +17753,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17706,9 +17772,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17727,9 +17791,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17748,9 +17810,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17769,9 +17829,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17788,9 +17846,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17807,9 +17863,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17826,9 +17880,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17847,9 +17899,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17866,9 +17916,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17885,9 +17933,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] }, { @@ -17906,9 +17952,7 @@ "log_streaming" ], "version": [ - "v1", - "v2", - "v3" + "v4" ] } ]