Zoom Operation Logs¶
About¶
One solution for chats and channels, phone, whiteboard, meetings, and more.
Zoom is for you. We're here to help you connect, communicate, and express your ideas so you can get more done together. We're proud to be trusted by millions of enterprises, small businesses, and individuals, just like you.
Product Details¶
Vendor URL: Zoom.us
Product Type: EDR
Product Tier: Tier III
Integration Method: Custom
Integration URL: Cyderes Documentation - Zoom
Log Guide: Zoom Developer - Operation Logs
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: ZOOM_OPERATION_LOGS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| catagory | security_result.summary |
| category_type | security_result.about.namespace |
| fname | target.user.first_name |
| emailaddress | target.user.email_addresses |
| email_domain | principal.administrative_domain |
| email_username | principal.user.userid |
| lname | target.user.last_name |
| operator | principal.user.email_addresses |
| operator | principal.user.userid |
| operation_detail | security_result.description |
| username | target.user.userid |
Product Event Types¶
| type,subtype | severity | UDM Event Classification | alerting enabled |
|---|---|---|---|
| Default | GENERIC_EVENT |
Log Sample¶
{"action":"SCIM API - Deactivate","category_type":"User","operation_detail":"Deactivate User john.doe@company.com ","operator":"general-mailbox@company.com","time":"2022-08-04T21:26:14Z"}
Sample Parsing¶
metadata.event_timestamp"2022-08-04T21:26:14Z"
metadata.event_type"GENERIC_EVENT"
metadata.vendor_name"Zoom"
metadata.product_name"Zoom"
metadata.product_event_type"User"
metadata.id"AAAAAOiT/TWWldGMVqY45Du7sxkFFEAAFAAAAAAAAAA="
principal.user.userid"general-mailbox"
principal.user.email_addresses[0]"general-mailbox@company.com"
principal.administrative_domain"company.com"
target.user.userid"john.doe"
target.user.email_addresses[0]"john.doe@company.com"
target.user.first_name"john"
target.user.last_name"doe"
security_result[0].summary"SCIM API - Deactivate"
security_result[0].description"Deactivate User john.doe@company.com"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon