Skip to content

Cyolo ZTNA

Cyolo ZTNA

About

Cyolo securely connects onsite & remote users, to applications, servers, desktop & files. Remove the need to connect to users’ networks, NACs etc. Deploy in Minutes. Resilient. Agile. Boundless. Services: Controlled Access, Compliance Ready, Secure Remote Access.

Product Details

Vendor URL: Securely connect to any environment with Zero Trust | Cyolo

Product Type: VPN

Product Tier: Tier III

Integration Method: Syslog

Integration URL: Zero Trust - Cyolo

Log Guide: Zero Trust - Cyolo

Parser Details

Log Format: Syslog

Expected Normalization Rate: 90%

Data Label: CYOLO_ZTNA

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
ALLOW,BLOCK,FAIL security_result.action
authnmethodsreferences additional.fields
component/policy metadata.product_event_type
connect security_result.description
displayname principal.user.user_display_name
emailaddress principal.user.email_addresses
givenname principal.user.first_name
identityprovider additional.fields
mapping target.application
objectidentifier additional.fields
observer observer.hostname
policy security_result.rule_name
reason network.ip_protocol
reason target.hostname
reason target.ip
reason target.port
reason metadata.description
remoteAddr principal.hostname
remoteAddr principal.ip
remoteAddr principal.port
Statically Defined metadata.vendor_name
Statically Defined metadata.product_name
Statically Defined metadata.event_type
summary security_result.summary
surname principal.user.last_name
tenantid additional.fields
user/name principal.user.userid
user_groups principal.user.group_identifiers

Product Event Types

type,subtype severity UDM Event Classification alerting enabled
Default GENERIC_EVENT
logged in USER_LOGIN
Health Check STATUS_UPDATE
UPSTREAM_NOT_FOUND STATUS_UPDATE
saml response attributes STATUS_UPDATE

Log Sample

<28>2022-08-11T19:35:35Z ZTNA_device [idac][1]: 2022/08/11 19:35:35 I [idac] component: Health Check, failed to sample mapping: computername, reason: dial tcp 10.10.10.100:3389: i/o timeout

Sample Parsing

metadata.event_timestamp = "2022-08-11T19:35:35Z"
metadata.event_type = "STATUS_UPDATE"
metadata.vendor_name = "Cyolo"
metadata.product_name = "ZTNA"
metadata.product_event_type = "Health Check"
metadata.description = "dial tcp 10.10.10.100:3389: i/o timeout"
principal.hostname = "computername"
principal.asset.hostname = "computername"
target.ip = "10.10.10.100"
target.port = 3389
target.asset.ip = "10.10.10.100"
observer.hostname = "ZTNA_device"

Parser Alerting

This product currently does not have any Parser-based Alerting