Cisco Umbrella: Enhanced Data Fidelity with Log Format v13-v14 Support

What Changed

Updated Cisco Umbrella connector to support log format versions 13 and 14, adding new fields across multiple log types:

Version 13 Additions (Proxy Logs):

• AI Model Name: Tracks AI model usage for content filtering decisions
• AI Supply Chain Categories: Categorizes AI-related traffic patterns

Version 14 Additions:

• Event Correlation ID: Links related events across different log sources
• Enhanced ZTNA log parsing with 27 additional fields including process details, device compliance, and network trust context

Security Impact (Visibility & Fidelity)

Organizations using Cisco Secure versions generating v13-v14 logs previously had incomplete data ingestion. Missing fields included:

• AI Context Loss: No visibility into which AI models were involved in security decisions, limiting ability to track AI-related threats or policy violations
• Event Correlation Gaps: Missing correlation IDs prevented linking related security events across different Cisco components
• ZTNA Blind Spots: Process-level details, device compliance status, and network trust evaluations were not captured, reducing Zero Trust visibility

This update restores full data fidelity for current Cisco Secure deployments.

Affected Files

Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/__init__.py
Solutions/CiscoUmbrella/Parsers/Cisco_Umbrella.yaml
(packaging artefacts: mainTemplate.json, CiscoUmbrellaConn.zip, 3.0.7.zip)