Last active
August 7, 2024 15:22
-
-
Save chrisberkhout/1ae2f2a8dcc4f487cc8db6cabee76be7 to your computer and use it in GitHub Desktop.
Build simplifed representations of the the OCSF schema with required attributes only
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python | |
| import json | |
| import urllib.request | |
| import argparse | |
| def by_class(all_fields_to_depth): | |
| url = "https://raw.githubusercontent.com/ocsf/ocsf-lib-py/main/schema_cache/schema-1.3.0.json" | |
| schema = json.loads(urllib.request.urlopen(url).read().decode('utf-8')) | |
| by_class = {} | |
| for class_name, klass in schema["classes"].items(): | |
| by_class[class_name] = process_attributes(schema, klass, all_fields_to_depth) | |
| return by_class | |
| def process_attributes(schema, class_or_obj, all_fields_to_depth, current_depth=1): | |
| all_attribs = [] | |
| for k, v in class_or_obj["attributes"].items(): | |
| if current_depth <= all_fields_to_depth or v["requirement"] == "required": | |
| all_attribs += [(k, v)] | |
| # A profile is an optional overlay on event classes and objects that reference it. | |
| if class_or_obj["profiles"] is not None: | |
| for profile_name in class_or_obj["profiles"]: | |
| if current_depth <= all_fields_to_depth: | |
| all_attribs += schema["profiles"][profile_name]["attributes"].items() | |
| result = {} | |
| for attrib_key, attrib in all_attribs: | |
| if attrib.get("type_name") is not None: | |
| result[attrib_key] = attrib["type_name"] | |
| elif attrib.get("object_type") is not None: | |
| result[attrib_key] = get_obj(schema, attrib["object_type"], all_fields_to_depth, current_depth+1) | |
| else: | |
| exit(f"Found a required attribute without a type_name or object_type: {attrib_key}") | |
| return result | |
| def get_obj(schema, obj_type, all_fields_to_depth, current_depth): | |
| return process_attributes(schema, schema["objects"][obj_type], all_fields_to_depth, current_depth) | |
| def merged(all_fields_to_depth): | |
| merged = {} | |
| for attribs in by_class(all_fields_to_depth).values(): | |
| merged = deep_merge(merged, attribs) | |
| return merged | |
| def deep_merge(dict1, dict2): | |
| for key in dict2: | |
| if key in dict1: | |
| if isinstance(dict1[key], dict) and isinstance(dict2[key], dict): | |
| dict1[key] = deep_merge(dict1[key], dict2[key]) | |
| elif dict1[key] == dict2[key]: | |
| pass | |
| else: | |
| exit("There are conflicting types for the attribute '{key}'") | |
| else: | |
| dict1[key] = dict2[key] | |
| return dict1 | |
| def main(): | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument('--by-class', action='store_true', help='Results separated by class (default: False)') | |
| parser.add_argument('--all-fields-to-depth', type=int, default=0, help='Include non-required fields at this depth and higher (default: 0)') | |
| args = parser.parse_args() | |
| if args.by_class: | |
| print(json.dumps(by_class(args.all_fields_to_depth))) | |
| else: | |
| print(json.dumps(merged(args.all_fields_to_depth))) | |
| if __name__ == "__main__": | |
| main() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer", | |
| "email_uid": "String", | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "query_result_id": "Integer", | |
| "folder": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "job": { | |
| "name": "String", | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| } | |
| }, | |
| "status_id": "Integer", | |
| "finding_info_list": { | |
| "title": "String", | |
| "uid": "String" | |
| }, | |
| "session": {}, | |
| "reg_key": { | |
| "path": "String" | |
| }, | |
| "actor": {}, | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "process": {}, | |
| "command_uid": "String", | |
| "reg_value": { | |
| "name": "String", | |
| "path": "String" | |
| }, | |
| "finding_info": { | |
| "title": "String", | |
| "uid": "String" | |
| }, | |
| "src_endpoint": {}, | |
| "dst_endpoint": {}, | |
| "scan": { | |
| "type_id": "Integer" | |
| }, | |
| "privileges": "String", | |
| "win_resource": { | |
| "type_id": "Integer" | |
| }, | |
| "web_resources": {}, | |
| "module": { | |
| "load_type_id": "Integer" | |
| }, | |
| "state_id": "Integer", | |
| "connection_info": { | |
| "direction_id": "Integer" | |
| }, | |
| "entity": {}, | |
| "direction_id": "Integer", | |
| "email": { | |
| "from": "Email Address", | |
| "to": "Email Address" | |
| }, | |
| "peripheral_device": { | |
| "name": "String", | |
| "class": "String" | |
| }, | |
| "kernel": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "vulnerabilities": {}, | |
| "network_interfaces": { | |
| "type_id": "Integer" | |
| }, | |
| "group": {}, | |
| "driver": { | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| } | |
| }, | |
| "compliance": { | |
| "standards": "String" | |
| }, | |
| "name": "String", | |
| "win_service": { | |
| "name": "String" | |
| }, | |
| "api": { | |
| "operation": "String" | |
| }, | |
| "app": { | |
| "vendor_name": "String" | |
| }, | |
| "finding": { | |
| "title": "String", | |
| "uid": "String" | |
| }, | |
| "http_request": {}, | |
| "package": { | |
| "name": "String", | |
| "version": "String" | |
| }, | |
| "version": "String", | |
| "service": {}, | |
| "url": {}, | |
| "http_response": { | |
| "code": "Integer" | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "authentication": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "email_file_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "email_uid": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer" | |
| }, | |
| "folder_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "folder": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "activity_id": "Integer" | |
| }, | |
| "job_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "job": { | |
| "name": "String", | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| } | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "incident_finding": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "status_id": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "finding_info_list": { | |
| "title": "String", | |
| "uid": "String" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "session_query": { | |
| "session": {}, | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "win/registry_key_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "reg_key": { | |
| "path": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "process_remediation_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "process": {}, | |
| "command_uid": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "event_log": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "win/registry_value_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "reg_value": { | |
| "name": "String", | |
| "path": "String" | |
| }, | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "detection_finding": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer", | |
| "finding_info": { | |
| "title": "String", | |
| "uid": "String" | |
| } | |
| }, | |
| "authorize_session": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "account_change": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "network_file_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "src_endpoint": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "tunnel_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "ftp_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "file_hosting": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "src_endpoint": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "scan_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "scan": { | |
| "type_id": "Integer" | |
| }, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "user_access": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "privileges": "String", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "win/resource_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "win_resource": { | |
| "type_id": "Integer" | |
| }, | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "file_remediation_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "command_uid": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "user_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "ssh_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "file_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "datastore_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "src_endpoint": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "web_resources_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "web_resources": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "module_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "process": {}, | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "module": { | |
| "load_type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "network_connection_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "process": {}, | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "state_id": "Integer", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "connection_info": { | |
| "direction_id": "Integer" | |
| }, | |
| "activity_id": "Integer" | |
| }, | |
| "entity_management": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "entity": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "scheduled_job_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "job": { | |
| "name": "String", | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| } | |
| }, | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "win/registry_value_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "reg_value": { | |
| "name": "String", | |
| "path": "String" | |
| }, | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "email_activity": { | |
| "direction_id": "Integer", | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "email": { | |
| "from": "Email Address", | |
| "to": "Email Address" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer" | |
| }, | |
| "peripheral_device_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "peripheral_device": { | |
| "name": "String", | |
| "class": "String" | |
| }, | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "kernel_object_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "kernel": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "vulnerability_finding": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "vulnerabilities": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer", | |
| "finding_info": { | |
| "title": "String", | |
| "uid": "String" | |
| } | |
| }, | |
| "rdp_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "network_remediation_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "command_uid": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "connection_info": { | |
| "direction_id": "Integer" | |
| }, | |
| "activity_id": "Integer" | |
| }, | |
| "network_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "module_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "module": { | |
| "load_type_id": "Integer" | |
| }, | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "networks_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "network_interfaces": { | |
| "type_id": "Integer" | |
| }, | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "file_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "memory_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "process": {}, | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "admin_group_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "group": {}, | |
| "activity_id": "Integer" | |
| }, | |
| "base_event": { | |
| "time": "Timestamp", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "type_uid": "Long", | |
| "activity_id": "Integer", | |
| "class_uid": "Integer", | |
| "category_uid": "Integer", | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| } | |
| }, | |
| "kernel_extension": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "driver": { | |
| "file": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| } | |
| }, | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "compliance_finding": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "compliance": { | |
| "standards": "String" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer", | |
| "finding_info": { | |
| "title": "String", | |
| "uid": "String" | |
| } | |
| }, | |
| "win/prefetch_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "name": "String", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "win/win_service_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "win_service": { | |
| "name": "String" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "api_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "src_endpoint": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "api": { | |
| "operation": "String" | |
| }, | |
| "activity_id": "Integer" | |
| }, | |
| "application_lifecycle": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "app": { | |
| "vendor_name": "String" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "security_finding": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "state_id": "Integer", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "finding": { | |
| "title": "String", | |
| "uid": "String" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "web_resource_access_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "web_resources": {}, | |
| "http_request": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "data_security_finding": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer", | |
| "finding_info": { | |
| "title": "String", | |
| "uid": "String" | |
| } | |
| }, | |
| "remediation_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "command_uid": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "process_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "process": {}, | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "win/registry_key_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "reg_key": { | |
| "path": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "software_info": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "package": { | |
| "name": "String", | |
| "version": "String" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "ntp_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "version": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "user_inventory": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "user": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "group_management": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "group": {}, | |
| "activity_id": "Integer" | |
| }, | |
| "patch_state": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "device_config_state_change": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "service_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "service": {}, | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "smb_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "email_url_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "email_uid": "String", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "url": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer" | |
| }, | |
| "kernel_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "actor": {}, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "kernel": { | |
| "name": "String", | |
| "type_id": "Integer" | |
| }, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "http_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "http_response": { | |
| "code": "Integer" | |
| }, | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "http_request": {}, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "dst_endpoint": {}, | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "process_query": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "process": {}, | |
| "time": "Timestamp", | |
| "query_result_id": "Integer", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "dns_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "inventory_info": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "dhcp_activity": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "action_id": "Integer", | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| }, | |
| "config_state": { | |
| "cloud": { | |
| "provider": "String" | |
| }, | |
| "class_uid": "Integer", | |
| "time": "Timestamp", | |
| "type_uid": "Long", | |
| "device": { | |
| "type_id": "Integer" | |
| }, | |
| "metadata": { | |
| "version": "String", | |
| "product": { | |
| "vendor_name": "String" | |
| } | |
| }, | |
| "severity_id": "Integer", | |
| "osint": { | |
| "value": "String", | |
| "type_id": "Integer" | |
| }, | |
| "category_uid": "Integer", | |
| "activity_id": "Integer" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment