Zero Networks: Enhanced Audit Parser and CCF Connectors Expand Microsegmentation Visibility

What Changed

Zero Networks v3.0.3 introduces significant expansions to audit visibility and data ingestion capabilities, including an enhanced parser with 182 new audit event types and two new CCF-based data connectors.

Parser Enhancement

The audit parser (ZNSegmentAudit.yaml) now supports 323 audit types (expanded from 141), covering comprehensive microsegmentation operations including:

• Asset lifecycle management (quarantine, unquarantine, mirroring)
• Network and identity segmentation state changes
• OT/IoT device rule management (allow/block rules with create/edit/delete/expire events)
• Custom and environment group management
• License limit enforcement across network, identity, RPC, and connect modules
• Anti-tampering detection and response events
• External access portal authentication events

The parser consolidates data from both ZNSegmentAuditNativePoller_CL and ZNAudit_CL tables into a unified schema with consistent field mappings.

New CCF Data Connectors

Two CCF connectors provide complementary ingestion paths:

• Pull Connector: REST API polling of Zero Networks audit endpoint with configurable authentication
• Push Connector: Direct data collection via DCR across four specialized tables (ZNAudit, ZNIdentityActivity, ZNNetworkActivity, ZNRPCActivity)

Both connectors leverage DCR-based ingestion with the ZNSegmentAuditNativePoller_CL table as the primary destination.

Security Impact

This update significantly expands microsegmentation telemetry, particularly for:

• OT/IoT environment monitoring with granular rule enforcement tracking
• License compliance monitoring to identify potential security gaps due to capacity limits
• Enhanced user and asset lifecycle visibility across network, identity, and RPC protection modules
• Anti-tampering detection events that indicate potential security policy bypasses

Organizations using Zero Networks for microsegmentation gain substantially improved visibility into segmentation rule effectiveness and policy enforcement events.

Affected Files

Solutions/ZeroNetworks/Data Connectors/ZNSegmentAudit_CCP_Pull/ZNSegmentAudit_ConnectorDefinition.json
Solutions/ZeroNetworks/Data Connectors/ZNSegmentAudit_CCP_Pull/ZNSegmentAudit_DCR.json
Solutions/ZeroNetworks/Data Connectors/ZNSegmentAudit_CCP_Pull/ZNSegmentAudit_PollingConfig.json
Solutions/ZeroNetworks/Data Connectors/ZNSegmentAudit_CCP_Pull/ZNSegmentAudit_Table.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNAudit_Table.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNIdentityActivity_Table.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNNetworkActivity_Table.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNRPCActivity_Table.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNSegmentPush_DCR.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNSegmentPush_connectorDefinition.json
Solutions/ZeroNetworks/Data Connectors/ZNSegment_CCP_Push/ZNSegmentPush_dataConnector.json
Solutions/ZeroNetworks/Package/testParameters.json
Solutions/ZeroNetworks/Parsers/ZNSegmentAudit.yaml
(packaging artefacts: 3.0.3.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_ZeroNetworks.json, createUiDefinition.json, mainTemplate.json)