Skip to content

Commit

Permalink
turning all ocsf 1.0 replacements with additions
Browse files Browse the repository at this point in the history 
Signed-off-by: Dennis Toepker <[email protected]>
  • Loading branch information
@toepkerd-zz
toepkerd-zz committed Nov 11, 2024
1 parent eaffdc5 commit b0d09f0
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 6 deletions.
11 changes: 8 additions & 3 deletions src/main/resources/OSMapping/cloudtrail_logtype.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
{
"raw_field":"eventType",
"ecs":"aws.cloudtrail.event_type",
"ocsf" : "unmapped.eventType",
"ocsf11": "metadata.event_code"
},
{
Expand Down Expand Up @@ -125,12 +126,14 @@
{
"raw_field":"requestParameters.userName",
"ecs":"aws.cloudtrail.request_parameters.username",
"ocsf": "user.name"
"ocsf": "unmapped.requestParameters.userName",
"ocsf11": "user.name"
},
{
"raw_field":"requestParameters.roleArn",
"ecs":"aws.cloudtrail.request_parameters.roleArn",
"ocsf": "user.uid"
"ocsf": "user.uuid",
"ocsf11": "user.uid"
},
{
"raw_field":"requestParameters.roleSessionName",
Expand All @@ -150,12 +153,14 @@
{
"raw_field":"userIdentity.principalId",
"ecs":"aws.cloudtrail.user_identity.principalId",
"ocsf": "actor.user.uid",
"ocsf11":"actor.user.uid_alt"
},
{
"raw_field":"userIdentity.arn",
"ecs":"aws.cloudtrail.user_identity.arn",
"ocsf": "actor.user.uid"
"ocsf": "actor.user.uuid",
"ocsf11": "actor.user.uid"
},
{
"raw_field":"userIdentity.accountId",
Expand Down
3 changes: 2 additions & 1 deletion src/main/resources/OSMapping/dns_logtype.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,8 @@
{
"raw_field":"firewall_rule_action",
"ecs":"aws.route53.srcids.firewall_rule_action",
"ocsf": "disposition"
"ocsf": "disposition_id",
"ocsf11": "disposition"
},
{
"raw_field":"creationTime",
Expand Down
6 changes: 4 additions & 2 deletions src/main/resources/OSMapping/vpcflow_logtype.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,14 @@
{
"raw_field":"action",
"ecs":"netflow.action",
"ocsf": "disposition"
"ocsf": "disposition_id",
"ocsf11": "disposition"
},
{
"raw_field":"traffic_path",
"ecs":"netflow.traffic_path",
"ocsf": "connection_info.boundary_id"
"ocsf": "boundary_id",
"ocsf11": "connection_info.boundary_id"
},
{
"raw_field":"flow_direction",
Expand Down

0 comments on commit b0d09f0

Please sign in to comment.