Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Added graylog platform#42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
nazargesyk merged 1 commit intomainfromgraylog_platform
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
platform: Graylog
source: aws_cloudtrail
description: Text that describe current mapping

field_mapping:
eventSource: event.provider
eventName: event.action
AdditionalEventData: AdditionalEventData
additionalEventData.MFAUsed: additionalEventData.MFAUsed
errorCode: errorCode
errorMessage: errorMessage
eventType: eventType
requestParameters: requestParameters
requestParameters.attribute: requestParameters.attribute
requestParameters.ipPermissions.items.ipRanges.items.cidrIP: requestParameters.ipPermissions.items.ipRanges.items.cidrIP
requestParameters.ipPermissions.items.ipRanges.items.fromPort: requestParameters.ipPermissions.items.ipRanges.items.fromPort
requestParameters.userData: requestParameters.userData
responseElements: responseElements
responseElements.ConsoleLogin: responseElements.ConsoleLogin
responseElements.pendingModifiedValues.masterUserPassword: responseElements.pendingModifiedValues.masterUserPassword
responseElements.publiclyAccessible: responseElements.publiclyAccessible
status: status
terminatingRuleId: terminatingRuleId
userAgent: userAgent
userIdentity.arn: userIdentity.arn
userIdentity.principalId: userIdentity.principalId
userIdentity.sessionContext.sessionIssuer.type: userIdentity.sessionContext.sessionIssuer.type
userIdentity.type: userIdentity.type
userIdentity.userName: userIdentity.userName
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
platform: Graylog
source: aws_eks
description: Text that describe current mapping

field_mapping:
annotations.authorization.k8s.io\/decision: annotations.authorization.k8s.io\/decision
annotations.podsecuritypolicy.policy.k8s.io\/admit-policy: annotations.podsecuritypolicy.policy.k8s.io\/admit-policy
aws_node_type: aws_node_type
objectRef.namespace: objectRef.namespace
objectRef.resource: objectRef.resource
objectRef.subresource: objectRef.subresource
requestObject.rules.resources: requestObject.rules.resources
requestObject.rules.verbs: requestObject.rules.verbs
requestObject.spec.containers.image: requestObject.spec.containers.image
requestURI: requestURI
stage: stage
user.groups: user.groups
user.username: user.username
verb: verb
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
platform: Graylog
source: azure_AzureDiagnostics
description: Text that describe current mapping

field_mapping:
ResultDescription: ResultDescription
Category: Category
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
platform: Graylog
source: azure_BehaviorAnalytics
description: Text that describe current mapping

field_mapping:
ActionType: ActionType
ActivityInsights: ActivityInsights
ActivityType: ActivityType
EventSource: EventSource
DevicesInsights: DevicesInsights
RiskDetail: RiskDetail
UsersInsights: UsersInsights
UsersInsights.IsDormantAccount: UsersInsights.IsDormantAccount
UsersInsights.IsNewAccount: UsersInsights.IsNewAccount
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
platform: Graylog
source: azure_aadnoninteractiveusersigninlogs
description: Text that describe current mapping

field_mapping:
UserAgent: UserAgent
Type: Type
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
platform: Graylog
source: azure_azureactivity
description: Text that describe current mapping

field_mapping:
ActivityStatus: ActivityStatus
ActivityStatusValue: ActivityStatusValue
ActivitySubstatusValue: ActivitySubstatusValue
Authorization: Authorization
Category: Category
CategoryValue: CategoryValue
OperationName: OperationName
OperationNameValue: OperationNameValue
ResourceId: ResourceId
ResourceProviderValue: ResourceProviderValue
Type: Type
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
platform: Graylog
source: azure_azuread
description: Text that describe current mapping

field_mapping:
ActivityDisplayName: event.action
Category: azure.auditlogs.properties.category
LoggedByService: azure.auditlogs.properties.logged_by_service
Result: event.outcome
OperationName: OperationName
TargetResources: TargetResources
AADOperationType: AADOperationType
InitiatedBy: InitiatedBy
ResultReason: ResultReason
Status: Status
Status.errorCode: Status.errorCode
UserAgent: UserAgent
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
platform: Graylog
source: azure_m365
description: Text that describe current mapping

field_mapping:
ClientInfoString: ClientInfoString
LogonError: LogonError
ModifiedProperties: ModifiedProperties
OfficeObjectId: OfficeObjectId
OfficeWorkload: OfficeWorkload
Operation: Operation
Parameters: Parameters
RecordType: RecordType
ResultStatus: ResultStatus
SourceFileExtension: SourceFileExtension
SourceFileName: SourceFileName
UserAgent: UserAgent
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
platform: Graylog
source: azure_signinlogs
description: Text that describe current mapping

field_mapping:
AppDisplayName: AppDisplayName
AppId: AppId
AuthenticationRequirement: AuthenticationRequirement
Category: Category
ConditionalAccessStatus: ConditionalAccessStatus
DeviceDetail: DeviceDetail
IsInteractive: IsInteractive
NetworkLocationDetails: NetworkLocationDetails
ResourceDisplayName: ResourceDisplayName
ResourceIdentity: ResourceIdentity
ResultDescription: ResultDescription
ResultType: ResultType
Status.errorCode: Status.errorCode
Status: Status
Status.failureReason: Status.failureReason
TokenIssuerType: TokenIssuerType
UserAgent: UserAgent
UserPrincipalName: UserPrincipalName
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
platform: Graylog
source: default
description: Text that describe current mapping

default_log_source:
index: ""
11 changes: 11 additions & 0 deletionstranslator/app/translator/mappings/platforms/graylog/dns.yml
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
platform: Graylog
source: dns
description: Text that describe current mapping

field_mapping:
dns-query: dns.question.name
parent-domain:
- url.registered_domain
- destination.registered_domain
dns-answer: dns.answers.name
dns-record: dns.question.type
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
platform: Graylog
source: firewall
description: Text that describe current mapping

field_mapping:
src-ip:
- source.address
- source.ip
src-port: source.port
dst-ip:
- destination.address
- destination.ip
dst-port: destination.port
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
platform: Graylog
source: gcp_gcp.audit
description: Text that describe current mapping

field_mapping:
backupConfiguration.enabled: backupConfiguration.enabled
gcp.audit.method_name: gcp.audit.method_name
jsonPayload.enforcedSecurityPolicy.configuredAction: jsonPayload.enforcedSecurityPolicy.configuredAction
jsonPayload.enforcedSecurityPolicy.matchedFieldValue: jsonPayload.enforcedSecurityPolicy.matchedFieldValue
message: message
methodName: methodName
protoPayload.methodName: protoPayload.methodName
protoPayload.request.canIpForward: protoPayload.request.canIpForward
protoPayload.serviceName: protoPayload.serviceName
serviceName: serviceName
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
platform: Graylog
source: gcp_pubsub
description: Text that describe current mapping

field_mapping:
data.protoPayload.methodName: data.protoPayload.methodName
data.protoPayload.request.function.timeout: data.protoPayload.request.function.timeout
data.protoPayload.serviceData.policyDelta.bindingDeltas{}.action: data.protoPayload.serviceData.policyDelta.bindingDeltas{}.action
data.protoPayload.serviceData.policyDelta.bindingDeltas{}.member: data.protoPayload.serviceData.policyDelta.bindingDeltas{}.member
data.resource.type: data.resource.type
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
platform: Graylog
source: linux_auditd
description: Text that describe current mapping

field_mapping:
a0: process.args
a1: process.args
a2: process.args
a3: process.args
exe: process.executable
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
platform: Graylog
source: linux_dns_query
description: Text that describe current mapping

field_mapping:
Image: process.executable
User: user.name
QueryName: dns.question.name
QueryResults: dns.answers
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
platform: Graylog
source: linux_process_creation
description: Text that describe current mapping

field_mapping:
CommandLine: process.command_line
Image: process.executable
ParentCommandLine: process.parent.command_line
ParentImage: process.parent.executable
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
platform: Graylog
source: macos_dns_query
description: Text that describe current mapping

field_mapping:
Image: process.executable
User: user.name
QueryName: dns.question.name
QueryResults: dns.answers
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
platform: Graylog
source: macos_network_connection
description: Text that describe current mapping

field_mapping:
Image: process.executable
DestinationHostname: destination.domain
DestinationIp: destination.ip
DestinationPort: destination.port
SourceIp: source.ip
SourcePort: source.port
ParentImage: process.parent.executable
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
platform: Graylog
source: macos_process_creation
description: Text that describe current mapping

field_mapping:
CommandLine: process.command_line
Image: process.executable
ParentCommandLine: process.parent.command_line
ParentImage: process.parent.executable
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
platform: Graylog
source: okta_okta
description: Text that describe current mapping

field_mapping:
client.user.id: okta.actor.id
source.user.id: okta.actor.id
User: okta.actor.type
alternateId: okta.actor.alternate_id
client.user.full_name: okta.actor.display_name
source.user.full_name: okta.actor.display_name
related.user: okta.actor.display_name
client.ip: okta.client.ip
source.ip: okta.client.ip
user_agent.original: okta.client.user_agent.raw_user_agent
userAgent.os: okta.client.user_agent.os
userAgent.browser: okta.client.user_agent.browser
client.zone: okta.client.zone
client.device: okta.client.device
client.id: okta.client.id
event.action: okta.event_type
outcome.reason: okta.outcome.reason
event.outcome: okta.event.outcome
client.as.number: okta.security_context.as.number
client.as.organization.name: okta.security_context.as.organization.name
client.domain: okta.security_context.isp
source.domain: okta.security_context.domain
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
platform: Graylog
source: proxy
description: Text that describe current mapping

field_mapping:
c-uri: url.original
c-useragent: user_agent.original
cs-method: http.request.method
cs-bytes: http.request.body.bytes
cs-cookie-vars: http.cookie_vars
c-uri-extension: url.extension
c-uri-query: url.query
cs-cookie: http.cookie_vars
cs-host:
- url.domain
- destination.domain

cs-referrer: http.request.referrer
cs-version: http.version
r-dns:
- destination.domain
- url.domain
sc-status: http.response.status_code
post-body: http.post_body
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
platform: Graylog
source: webserver
description: Text that describe current mapping

field_mapping:
c-uri: url.original
c-useragent: user_agent.original
cs-method: http.request.method
cs-bytes: http.request.body.bytes
cs-cookie-vars: http.cookie_vars
c-uri-extension: url.extension
c-uri-query: url.query
cs-cookie: http.cookie_vars
cs-host:
- url.domain
- destination.domain
cs-referrer: http.request.referrer
cs-version: http.version
r-dns:
- destination.domain
- url.domain
sc-status: http.response.status_code
post-body: http.post_body
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
platform: Graylog
source: windows_application
description: Text that describe current mapping

field_mapping:
Provider_Name: winlog.provider_name
EventID: winlog.event_id
Data: winlog.event_data.Data
Message: winlog.event_data.Message
Level: winlog.opcode
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
platform: Graylog
source: windows_bits_client
description: Text that describe current mapping

field_mapping:
LocalName: winlog.event_data.LocalName
EventID: winlog.event_id
RemoteName: winlog.event_data.RemoteName
processPath: winlog.event_data.processPath
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
platform: Graylog
source: windows_create_remote_thread
description: Text that describe current mapping

field_mapping:
SourceImage: winlog.event_data.SourceImage
TargetImage: winlog.event_data.TargetImage
StartModule: winlog.event_data.StartModule
StartAddress: winlog.event_data.StartAddress
StartFunction: winlog.event_data.StartFunction
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
platform: Graylog
source: windows_create_stream_hash
description: Text that describe current mapping

field_mapping:
Image: winlog.event_data.Image
Hashes: winlog.event_data.Hashes
Loading
[8]ページ先頭
©2009-2025 Movatter.jp