Cyolo ZTNA¶
About¶
Cyolo securely connects onsite & remote users, to applications, servers, desktop & files. Remove the need to connect to users’ networks, NACs etc. Deploy in Minutes. Resilient. Agile. Boundless. Services: Controlled Access, Compliance Ready, Secure Remote Access.
Product Details¶
Vendor URL: Securely connect to any environment with Zero Trust | Cyolo
Product Type: VPN
Product Tier: Tier III
Integration Method: Syslog
Integration URL: Zero Trust - Cyolo
Log Guide: Zero Trust - Cyolo
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 90%
Data Label: CYOLO_ZTNA
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| ALLOW,BLOCK,FAIL | security_result.action |
| authnmethodsreferences | additional.fields |
| component/policy | metadata.product_event_type |
| connect | security_result.description |
| displayname | principal.user.user_display_name |
| emailaddress | principal.user.email_addresses |
| givenname | principal.user.first_name |
| identityprovider | additional.fields |
| mapping | target.application |
| objectidentifier | additional.fields |
| observer | observer.hostname |
| policy | security_result.rule_name |
| reason | network.ip_protocol |
| reason | target.hostname |
| reason | target.ip |
| reason | target.port |
| reason | metadata.description |
| remoteAddr | principal.hostname |
| remoteAddr | principal.ip |
| remoteAddr | principal.port |
| Statically Defined | metadata.vendor_name |
| Statically Defined | metadata.product_name |
| Statically Defined | metadata.event_type |
| summary | security_result.summary |
| surname | principal.user.last_name |
| tenantid | additional.fields |
| user/name | principal.user.userid |
| user_groups | principal.user.group_identifiers |
Product Event Types¶
| type,subtype | severity | UDM Event Classification | alerting enabled |
|---|---|---|---|
| Default | GENERIC_EVENT | ||
| logged in | USER_LOGIN | ||
| Health Check | STATUS_UPDATE | ||
| UPSTREAM_NOT_FOUND | STATUS_UPDATE | ||
| saml response attributes | STATUS_UPDATE |
Log Sample¶
<28>2022-08-11T19:35:35Z ZTNA_device [idac][1]: 2022/08/11 19:35:35 I [idac] component: Health Check, failed to sample mapping: computername, reason: dial tcp 10.10.10.100:3389: i/o timeout
Sample Parsing¶
metadata.event_timestamp = "2022-08-11T19:35:35Z"
metadata.event_type = "STATUS_UPDATE"
metadata.vendor_name = "Cyolo"
metadata.product_name = "ZTNA"
metadata.product_event_type = "Health Check"
metadata.description = "dial tcp 10.10.10.100:3389: i/o timeout"
principal.hostname = "computername"
principal.asset.hostname = "computername"
target.ip = "10.10.10.100"
target.port = 3389
target.asset.ip = "10.10.10.100"
observer.hostname = "ZTNA_device"
Parser Alerting¶
This product currently does not have any Parser-based Alerting