NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit2693f41

authored

Merge pull request#42 from UncoderIO/graylog_platform

Added graylog platform

2 parents17ec2c8 +858cbde commit2693f41Copy full SHA for 2693f41

File tree

51 files changed

+808

-2

lines changed

translator/app/translator
- mappings/platforms/graylog
- platforms
  - __init__.py
  - base/lucene
    - mapping.py
  - graylog
    - const.py
    - mapping.py
    - parsers
      - __init__.py
      - graylog.py
    - renders
      - graylog.py

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+808

-2

lines changed

`‎translator/app/translator/mappings/platforms/graylog/aws_cloudtrail.yml‎`

Lines changed: 29 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,29 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:aws_cloudtrail`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+eventSource:event.provider`
	`7`	`+eventName:event.action`
	`8`	`+AdditionalEventData:AdditionalEventData`
	`9`	`+additionalEventData.MFAUsed:additionalEventData.MFAUsed`
	`10`	`+errorCode:errorCode`
	`11`	`+errorMessage:errorMessage`
	`12`	`+eventType:eventType`
	`13`	`+requestParameters:requestParameters`
	`14`	`+requestParameters.attribute:requestParameters.attribute`
	`15`	`+requestParameters.ipPermissions.items.ipRanges.items.cidrIP:requestParameters.ipPermissions.items.ipRanges.items.cidrIP`
	`16`	`+requestParameters.ipPermissions.items.ipRanges.items.fromPort:requestParameters.ipPermissions.items.ipRanges.items.fromPort`
	`17`	`+requestParameters.userData:requestParameters.userData`
	`18`	`+responseElements:responseElements`
	`19`	`+responseElements.ConsoleLogin:responseElements.ConsoleLogin`
	`20`	`+responseElements.pendingModifiedValues.masterUserPassword:responseElements.pendingModifiedValues.masterUserPassword`
	`21`	`+responseElements.publiclyAccessible:responseElements.publiclyAccessible`
	`22`	`+status:status`
	`23`	`+terminatingRuleId:terminatingRuleId`
	`24`	`+userAgent:userAgent`
	`25`	`+userIdentity.arn:userIdentity.arn`
	`26`	`+userIdentity.principalId:userIdentity.principalId`
	`27`	`+userIdentity.sessionContext.sessionIssuer.type:userIdentity.sessionContext.sessionIssuer.type`
	`28`	`+userIdentity.type:userIdentity.type`
	`29`	`+userIdentity.userName:userIdentity.userName`

`‎translator/app/translator/mappings/platforms/graylog/aws_eks.yml‎`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,19 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:aws_eks`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+annotations.authorization.k8s.io\/decision:annotations.authorization.k8s.io\/decision`
	`7`	`+annotations.podsecuritypolicy.policy.k8s.io\/admit-policy:annotations.podsecuritypolicy.policy.k8s.io\/admit-policy`
	`8`	`+aws_node_type:aws_node_type`
	`9`	`+objectRef.namespace:objectRef.namespace`
	`10`	`+objectRef.resource:objectRef.resource`
	`11`	`+objectRef.subresource:objectRef.subresource`
	`12`	`+requestObject.rules.resources:requestObject.rules.resources`
	`13`	`+requestObject.rules.verbs:requestObject.rules.verbs`
	`14`	`+requestObject.spec.containers.image:requestObject.spec.containers.image`
	`15`	`+requestURI:requestURI`
	`16`	`+stage:stage`
	`17`	`+user.groups:user.groups`
	`18`	`+user.username:user.username`
	`19`	`+verb:verb`

`‎translator/app/translator/mappings/platforms/graylog/azure_AzureDiagnostics.yml‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,7 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_AzureDiagnostics`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+ResultDescription:ResultDescription`
	`7`	`+Category:Category`

`‎translator/app/translator/mappings/platforms/graylog/azure_BehaviorAnalytics.yml‎`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,14 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_BehaviorAnalytics`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+ActionType:ActionType`
	`7`	`+ActivityInsights:ActivityInsights`
	`8`	`+ActivityType:ActivityType`
	`9`	`+EventSource:EventSource`
	`10`	`+DevicesInsights:DevicesInsights`
	`11`	`+RiskDetail:RiskDetail`
	`12`	`+UsersInsights:UsersInsights`
	`13`	`+UsersInsights.IsDormantAccount:UsersInsights.IsDormantAccount`
	`14`	`+UsersInsights.IsNewAccount:UsersInsights.IsNewAccount`

`‎translator/app/translator/mappings/platforms/graylog/azure_aadnoninteractiveusersigninlogs.yml‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,7 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_aadnoninteractiveusersigninlogs`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+UserAgent:UserAgent`
	`7`	`+Type:Type`

`‎translator/app/translator/mappings/platforms/graylog/azure_azureactivity.yml‎`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,16 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_azureactivity`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+ActivityStatus:ActivityStatus`
	`7`	`+ActivityStatusValue:ActivityStatusValue`
	`8`	`+ActivitySubstatusValue:ActivitySubstatusValue`
	`9`	`+Authorization:Authorization`
	`10`	`+Category:Category`
	`11`	`+CategoryValue:CategoryValue`
	`12`	`+OperationName:OperationName`
	`13`	`+OperationNameValue:OperationNameValue`
	`14`	`+ResourceId:ResourceId`
	`15`	`+ResourceProviderValue:ResourceProviderValue`
	`16`	`+Type:Type`

`‎translator/app/translator/mappings/platforms/graylog/azure_azuread.yml‎`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,17 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_azuread`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+ActivityDisplayName:event.action`
	`7`	`+Category:azure.auditlogs.properties.category`
	`8`	`+LoggedByService:azure.auditlogs.properties.logged_by_service`
	`9`	`+Result:event.outcome`
	`10`	`+OperationName:OperationName`
	`11`	`+TargetResources:TargetResources`
	`12`	`+AADOperationType:AADOperationType`
	`13`	`+InitiatedBy:InitiatedBy`
	`14`	`+ResultReason:ResultReason`
	`15`	`+Status:Status`
	`16`	`+Status.errorCode:Status.errorCode`
	`17`	`+UserAgent:UserAgent`

`‎translator/app/translator/mappings/platforms/graylog/azure_m365.yml‎`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,17 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_m365`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+ClientInfoString:ClientInfoString`
	`7`	`+LogonError:LogonError`
	`8`	`+ModifiedProperties:ModifiedProperties`
	`9`	`+OfficeObjectId:OfficeObjectId`
	`10`	`+OfficeWorkload:OfficeWorkload`
	`11`	`+Operation:Operation`
	`12`	`+Parameters:Parameters`
	`13`	`+RecordType:RecordType`
	`14`	`+ResultStatus:ResultStatus`
	`15`	`+SourceFileExtension:SourceFileExtension`
	`16`	`+SourceFileName:SourceFileName`
	`17`	`+UserAgent:UserAgent`

`‎translator/app/translator/mappings/platforms/graylog/azure_signinlogs.yml‎`

Lines changed: 23 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,23 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:azure_signinlogs`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+field_mapping:`
	`6`	`+AppDisplayName:AppDisplayName`
	`7`	`+AppId:AppId`
	`8`	`+AuthenticationRequirement:AuthenticationRequirement`
	`9`	`+Category:Category`
	`10`	`+ConditionalAccessStatus:ConditionalAccessStatus`
	`11`	`+DeviceDetail:DeviceDetail`
	`12`	`+IsInteractive:IsInteractive`
	`13`	`+NetworkLocationDetails:NetworkLocationDetails`
	`14`	`+ResourceDisplayName:ResourceDisplayName`
	`15`	`+ResourceIdentity:ResourceIdentity`
	`16`	`+ResultDescription:ResultDescription`
	`17`	`+ResultType:ResultType`
	`18`	`+Status.errorCode:Status.errorCode`
	`19`	`+Status:Status`
	`20`	`+Status.failureReason:Status.failureReason`
	`21`	`+TokenIssuerType:TokenIssuerType`
	`22`	`+UserAgent:UserAgent`
	`23`	`+UserPrincipalName:UserPrincipalName`

`‎translator/app/translator/mappings/platforms/graylog/default.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,6 @@`
	`1`	`+platform:Graylog`
	`2`	`+source:default`
	`3`	`+description:Text that describe current mapping`
	`4`	`+`
	`5`	`+default_log_source:`
	`6`	`+index:""`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2693f41

File tree

51 files changed

Some content is hidden

51 files changed

`‎translator/app/translator/mappings/platforms/graylog/aws_cloudtrail.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/aws_eks.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_AzureDiagnostics.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_BehaviorAnalytics.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_aadnoninteractiveusersigninlogs.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_azureactivity.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_azuread.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_m365.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/azure_signinlogs.yml‎`

`‎translator/app/translator/mappings/platforms/graylog/default.yml‎`

0 commit comments