Mappings: Cisco Meraki Security Filtering Disposition Change - Custom Parser

Input Requirements

Input	Value
Vendor	Cisco
Product	Meraki
Log Format	JSON
Event ID Regex Pattern	`security_filtering_disposition_change`

Cloud SIEM Schema Field	Original Record Key	Notes
action	action
device_hostname	syslog_device_name
file_basename	name
file_hash_sha256	sha256
threat_name	disposition
timestamp	syslog_timestamp	We expect the orginal record value of `syslog_timestamp` is in the format `epoch_float`