Has anyone configured firewall log feed for Qradar?
Take a look at this post - LSS user activity log stream content format for QRadar
Are you saying the LSS and the adv firewall logs from NSS are formatted the same? i don’t think they even have the same fields.
Please check out the format for FW logs recognized by the DSM
Search for Zscaler - its a long doc