Add Zero Networks integration with assets
datadog-assets / validate-logs
failed
Jan 1, 2025 in 0s
Validation Results for "logs"
The "logs" assets are not valid.
Details
See individual file annotations for details.
Annotations
Check failure on line 4 in zero_networks/assets/logs/zero-networks.yaml
datadog-assets / validate-logs
Error in logs
Facets are either sorted incorrectly or are missing standard attribute facets. Replace existing `facets` list with:
- groups:
- Geoip
name: City Name
path: network.client.geoip.city.name
source: log
- groups:
- Geoip
name: Continent Code
path: network.client.geoip.continent.code
source: log
- groups:
- Geoip
name: Continent Name
path: network.client.geoip.continent.name
source: log
- groups:
- Geoip
name: Country ISO Code
path: network.client.geoip.country.iso_code
source: log
- groups:
- Geoip
name: Country Name
path: network.client.geoip.country.name
source: log
- groups:
- Geoip
name: Subdivision ISO Code
path: network.client.geoip.subdivision.iso_code
source: log
- groups:
- Geoip
name: Subdivision Name
path: network.client.geoip.subdivision.name
source: log
- groups:
- Web Access
name: Client IP
path: network.client.ip
source: log
- groups:
- Web Access
name: Client Port
path: network.client.port
source: log
- groups:
- Geoip
name: Destination City Name
path: network.destination.geoip.city.name
source: log
- groups:
- Geoip
name: Destination Continent Code
path: network.destination.geoip.continent.code
source: log
- groups:
- Geoip
name: Destination Continent Name
path: network.destination.geoip.continent.name
source: log
- groups:
- Geoip
name: Destination Country ISO Code
path: network.destination.geoip.country.iso_code
source: log
- groups:
- Geoip
name: Destination Country Name
path: network.destination.geoip.country.name
source: log
- groups:
- Geoip
name: Destination Subdivision ISO Code
path: network.destination.geoip.subdivision.iso_code
source: log
- groups:
- Geoip
name: Destination Subdivision Name
path: network.destination.geoip.subdivision.name
source: log
- groups:
- Web Access
name: Destination IP
path: network.destination.ip
source: log
- groups:
- Web Access
name: Destination Port
path: network.destination.port
source: log
- groups:
- User
name: User ID
path: usr.id
source: log
- groups:
- User
name: User Name
path: usr.name
source: log
Check failure on line 1 in zero_networks/assets/logs/zero-networks_tests.yaml
datadog-assets / validate-logs
Error in logs
Expected sample output:
id: "zero-networks"
tests:
-
sample: |-
{
"reportedObjectId" : "",
"performedBy" : {
"name" : "Test User",
"id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe"
},
"enforcementSource" : 4,
"parentObjectId" : "",
"details" : "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}",
"auditType" : 73,
"userRole" : 1,
"isoTimestamp" : "2024-12-31T08:35:30.990Z",
"timestamp" : 1735634130990,
"destinationEntitiesList" : [ {
"name" : "Test User",
"id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe"
} ]
}
result:
custom:
auditType: 73
destinationEntitiesList:
-
name: "Test User"
id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe"
details: "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}"
enforcementSource: 4
isoTimestamp: "2024-12-31T08:35:30.990Z"
parentObjectId: ""
performedBy:
id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe"
name: "Test User"
reportedObjectId: ""
timestamp: 1735634130990
userRole: 1
message: |-
{
"reportedObjectId" : "",
"performedBy" : {
"name" : "Test User",
"id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe"
},
"enforcementSource" : 4,
"parentObjectId" : "",
"details" : "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}",
"auditType" : 73,
"userRole" : 1,
"isoTimestamp" : "2024-12-31T08:35:30.990Z",
"timestamp" : 1735634130990,
"destinationEntitiesList" : [ {
"name" : "Test User",
"id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe"
} ]
}
tags:
- "source:LOGS_SOURCE"
timestamp: 1735634130990
Check failure on line 1 in zero_networks/assets/logs/zero-networks_tests.yaml
datadog-assets / validate-logs
Error in logs
Expected sample output:
id: "zero-networks"
tests:
-
sample: |-
{
"reason" : 5,
"protocol" : 17,
"dst" : {
"networkProtectionState" : 5,
"processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)",
"ipThreatScore" : 0,
"fqdn" : "dc01.posh.local",
"ip" : "10.0.0.4",
"userName" : "NT AUTHORITY\\LOCAL SERVICE",
"userId" : "S-1-5-19",
"assetType" : 2,
"eventRecordId" : 43174318,
"assetSrc" : 3,
"port" : 123,
"processId" : "1056",
"processName" : "svchost.exe (W32Time) (1056)",
"assetId" : "a:a:VWW2G2C8"
},
"src" : {
"networkProtectionState" : 6,
"processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)",
"ipThreatScore" : 0,
"fqdn" : "fs02.posh.local",
"ip" : "10.0.0.8",
"userName" : "NT AUTHORITY\\LOCAL SERVICE",
"envGroupId" : "g:e:zUnrnhfa",
"userId" : "S-1-5-19",
"assetType" : 2,
"eventRecordId" : 24143201,
"assetSrc" : 3,
"port" : 123,
"processId" : "1072",
"processName" : "svchost.exe (W32Time) (1072)",
"assetId" : "a:a:ka62y0mc"
},
"trafficType" : 1,
"state" : 3,
"timestamp" : 1734584254851
}
result:
custom:
dst:
assetId: "a:a:VWW2G2C8"
assetSrc: 3
assetType: 2
eventRecordId: 43174318
fqdn: "dc01.posh.local"
ip: "10.0.0.4"
ipThreatScore: 0
networkProtectionState: 5
port: 123
processId: "1056"
processName: "svchost.exe (W32Time) (1056)"
processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)"
userId: "S-1-5-19"
userName: "NT AUTHORITY\\LOCAL SERVICE"
protocol: 17
reason: 5
src:
assetId: "a:a:ka62y0mc"
assetSrc: 3
assetType: 2
envGroupId: "g:e:zUnrnhfa"
eventRecordId: 24143201
fqdn: "fs02.posh.local"
ip: "10.0.0.8"
ipThreatScore: 0
networkProtectionState: 6
port: 123
processId: "1072"
processName: "svchost.exe (W32Time) (1072)"
processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)"
userId: "S-1-5-19"
userName: "NT AUTHORITY\\LOCAL SERVICE"
state: 3
timestamp: 1734584254851
trafficType: 1
message: |-
{
"reason" : 5,
"protocol" : 17,
"dst" : {
"networkProtectionState" : 5,
"processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)",
"ipThreatScore" : 0,
"fqdn" : "dc01.posh.local",
"ip" : "10.0.0.4",
"userName" : "NT AUTHORITY\\LOCAL SERVICE",
"userId" : "S-1-5-19",
"assetType" : 2,
"eventRecordId" : 43174318,
"assetSrc" : 3,
"port" : 123,
"processId" : "1056",
"processName" : "svchost.exe (W32Time) (1056)",
"assetId" : "a:a:VWW2G2C8"
},
"src" : {
"networkProtectionState" : 6,
"processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)",
"ipThreatScore" : 0,
"fqdn" : "fs02.posh.local",
"ip" : "10.0.0.8",
"userName" : "NT AUTHORITY\\LOCAL SERVICE",
"envGroupId" : "g:e:zUnrnhfa",
"userId" : "S-1-5-19",
"assetType" : 2,
"eventRecordId" : 24143201,
"assetSrc" : 3,
"port" : 123,
"processId" : "1072",
"processName" : "svchost.exe (W32Time) (1072)",
"assetId" : "a:a:ka62y0mc"
},
"trafficType" : 1,
"state" : 3,
"timestamp" : 1734584254851
}
tags:
- "source:LOGS_SOURCE"
timestamp: 1734584254851
Loading