Integration Name

Zoom [zoom]

Dataset Name

zoom.webhook

Integration Version

1.22.0

Agent Version

9.0.3

OS Version and Architecture

ECK

User Goal

Some events in the Zoom logs contain the field zoom.participant.public_ip which contains the source.ip of the connection. Sometimes these fields are empty, depending on the event. Please map the following fields to their ECS equivalents.

zoom.participant.public_ip -> source.ip
zoom.participant.email -> user.email
zoom.participant.user_name -> user.name

In addition to the field mappings please configure the integration to use the geoip enrichment processor to enrich the source.ip field with the additional source.geo.* fields.

Existing Features

The fields are currently not ECS format or enriched with geoIP information. We would like to create detection rules using this integration.

What did you see?

N/A

Anything else?

No response