Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please update the schema categories table #44

Open
miwent opened this issue Aug 29, 2024 · 0 comments · Fixed by #47
Open

Please update the schema categories table #44

miwent opened this issue Aug 29, 2024 · 0 comments · Fixed by #47
Assignees
@annie-zempel
Labels
triaged Issue was processed the bug triage meeting.

Comments

@miwent
Copy link
Contributor

miwent commented Aug 29, 2024

Please update the schema table with the included CSV file contents as the GIM type code table in the page Content/Schema/Message Categories/Graylog Message Categories.htm

This should be incorporated in the current version (5.2) of the documentation.

Here is the CSV content:

"gim_event_type_code","gim_event_class","gim_event_category","gim_event_subcategory","gim_event_type"
000000,"","message","message.log_message","message"
100000,"","authentication","authentication.logon","logon"
100003,"","authentication","authentication.logon","logon with alternate credentials"
100004,"","authentication","authentication.logon","session reconnect"
100500,"","authentication","authentication.credential validation","credential validation"
100501,"","authentication","authentication.credential validation","error"
100502,"","authentication","authentication.credential validation","mfa"
100503,"","authentication","authentication.credential validation","sms_send_message"
100504,"","authentication","authentication.credential validation","voice_call"
101000,"","authentication","authentication.access notice","special logon"
101001,"","authentication","authentication.access notice","error"
101500,"","authentication","authentication.access policy","access policy violation"
101501,"","authentication","authentication.access policy","device policy violation"
101502,"","authentication","authentication.access policy","account policy violation"
102000,"","authentication","authentication.kerberos request","service ticket renewed"
102001,"","authentication","authentication.kerberos request","service ticket requested"
102002,"","authentication","authentication.kerberos request","tgt request"
102003,"","authentication","authentication.kerberos request","error"
102500,"","authentication","authentication.logoff","logoff"
102501,"","authentication","authentication.logoff","session disconnect"
109999,"","authentication","authentication.default","authentication message"
110000,"","iam","iam.object create","account created"
110001,"","iam","iam.object create","error"
110002,"","iam","iam.object create","group created"
110500,"","iam","iam.object delete","account deleted"
110501,"","iam","iam.object delete","group deleted"
111000,"","iam","iam.object modify","account modified"
111001,"","iam","iam.object modify","privileges assigned"
111002,"","iam","iam.object modify","privileges removed"
111003,"","iam","iam.object modify","account renamed"
111004,"","iam","iam.object modify","password change"
111005,"","iam","iam.object modify","administrative password reset"
111006,"","iam","iam.object modify","error"
111007,"","iam","iam.object modify","group member added"
111008,"","iam","iam.object modify","group member removed"
111009,"","iam","iam.object modify","group properties modified"
111500,"","iam","iam.object disable","account locked"
111501,"","iam","iam.object disable","account disabled"
112000,"","iam","iam.object enable","account unlocked"
112001,"","iam","iam.object enable","account enabled"
112002,"","iam","iam.object enable","error"
119500,"","iam","iam.information","group membership enumerated"
119999,"","iam","iam.default","iam message"
120000,"","network","network.network connection","network connection"
120100,"","network","network.routing","network routing"
120200,"","network","network.open","network connection initiated"
120300,"","network","network.close","network connection ended"
120500,"","network","network.flow","flow record"
120600,"","network","network.icmp_request","icmp_request"
120700,"","network","network.icmp_reply","icmp_reply"
129999,"","network","network.default","network message"
130000,"","messaging","messaging.email","email sent"
130500,"","messaging","messaging.email","email blocked"
131000,"","messaging","messaging.email","email rejected"
131500,"","messaging","messaging.email","email quarantined"
132000,"","messaging","messaging.email","email deleted"
139999,"","messaging","messaging.default","message"
140000,"protocol","name resolution","name resolution.dns request","dns query"
140200,"protocol","name resolution","name resolution.dns answer","dns response"
140300,"protocol","name resolution","name resolution.error","dns error"
140500,"protocol","name resolution","name resolution.ddns update","ddns update"
149999,"protocol","name resolution","name resolution.default","dns message"
150000,"","database","database.query","database query"
150500,"","database","database.update","update rows"
151000,"","database","database.add","insert rows"
151001,"","database","database.add","add table"
151002,"","database","database.add","create database"
151500,"","database","database.delete","delete rows"
151501,"","database","database.delete","drop table"
151502,"","database","database.delete","drop database"
159999,"","database","database.default","database message"
170000,"","alert","alert.network alert","ids alert"
170001,"","alert","alert.network alert","network alert"
170002,"","alert","alert.network alert","network dlp alert"
171000,"","alert","alert.host alert","malware alert"
171001,"","alert","alert.host alert","host dlp alert"
171002,"","alert","alert.host alert","hips alert"
171003,"","alert","alert.host alert","fim alert"
179999,"","alert","alert.default","alert message"
180000,"protocol","http","http.default","http message"
180100,"protocol","http","http.request","http request"
180200,"protocol","http","http.communication","http communication"
180300,"protocol","http","http.proxied","http proxied communication"
190000,"endpoint","process","process.execute","process started"
190100,"endpoint","process","process.end","process stopped"
190500,"endpoint","process","process.interaction","process accessed"
190501,"endpoint","process","process.interaction","remote thread created"
191000,"endpoint","process","process.action","process altered"
191001,"endpoint","process","process.action","image loaded"
199990,"endpoint","process","process.default","process message"
200000,"endpoint","file","file.create","file created"
200100,"endpoint","file","file.delete","file deleted"
201000,"endpoint","file","file.modify","file modified"
201001,"endpoint","file","file.modify","file timestamp modified"
201002,"endpoint","file","file.modify","file stream created"
201500,"endpoint","file","file.access","file accessed"
201501,"endpoint","file","file.access","raw file access"
202000,"endpoint","file","file.integrity","file signature invalid"
202001,"endpoint","file","file.integrity","file integrity notice"
209999,"endpoint","file","file.default","file event"
210000,"endpoint","service","service.start","service started"
210100,"endpoint","service","service.stop","service stopped"
211000,"endpoint","service","service.configuration","service configuration change"
211500,"endpoint","service","service.state","service installed"
211501,"endpoint","service","service.state","service removed"
211502,"endpoint","service","service.state","service enabled"
211503,"endpoint","service","service.state","service disabled"
211504,"endpoint","service","service.state","service error"
219999,"endpoint","service","service.default","service event"
220000,"endpoint","audit","audit.integrity","audit log cleared"
220100,"endpoint","audit","audit.state","audit service started"
220101,"endpoint","audit","audit.state","audit service stopped"
220102,"endpoint","audit","audit.state","audit error"
220500,"endpoint","audit","audit.policy","audit policy changed"
229999,"endpoint","audit","audit.default","audit event"
230000,"endpoint","pipe","pipe.add","pipe created"
230100,"endpoint","pipe","pipe.remove","pipe deleted"
230500,"endpoint","pipe","pipe.state","pipe connected"
239999,"endpoint","pipe","pipe.default","pipe event"
240000,"endpoint","wmi","wmi.filter","wmi filter created"
240001,"endpoint","wmi","wmi.filter","wmi filter removed"
240500,"endpoint","wmi","wmi.consumer","wmi consumer created"
240501,"endpoint","wmi","wmi.consumer","wmi consumer removed"
241000,"endpoint","wmi","wmi.binding","wmi binding created"
249999,"endpoint","wmi","wmi.default","wmi event"
250000,"endpoint","registry","registry.value_change","registry value set"
250001,"endpoint","registry","registry.value_change","registry value added"
250002,"endpoint","registry","registry.value_change","registry value deleted"
250003,"endpoint","registry","registry.value_change","registry value modified"
250500,"endpoint","registry","registry.key_change","registry key added"
250501,"endpoint","registry","registry.key_change","registry key deleted"
250502,"endpoint","registry","registry.key_change","registry key renamed"
251000,"endpoint","registry","registry.object_renamed","registry object renamed"
259999,"endpoint","registry","registry.default","registry event"
260000,"endpoint","system_time","system_time.time_change","system time changed"
269999,"endpoint","system_time","system_time.default","system time event"
270000,"endpoint","driver","driver.loaded","system driver loaded"
270100,"endpoint","driver","driver.unloaded","system driver unloaded"
279999,"endpoint","driver","driver.default","system driver event"
280000,"endpoint","agent","agent.activity","agent activity"
280001,"endpoint","agent","agent.activity","antivirus and malware scan"
280100,"endpoint","agent","agent.update","agent update"
280200,"endpoint","agent","agent.status","agent status"
289999,"endpoint","agent","agent.default","agent default"
290000,"protocol","dhcp","dhcp.request","dhcp request"
290100,"protocol","dhcp","dhcp.offer","dhcp offer"
290200,"protocol","dhcp","dhcp.discovery","dhcp discovery"
290300,"protocol","dhcp","dhcp.acknowledgement","dhcp acknowledgement"
299999,"protocol","dhcp","dhcp.default","dhcp default event"
300000,"","detection","detection.network_detection","ids_detection"
300001,"","detection","detection.network_detection","network_detection"
300002,"","detection","detection.network_detection","network_dlp_detection"
301000,"","detection","detection.host_detection","host_malware_detection"
301001,"","detection","detection.host_detection","host_dlp_detection"
301002,"","detection","detection.host_detection","hips_detection"
301003,"","detection","detection.host_detection","fim_detection"
309999,"","detection","detection.default","detection_message"
@gormanbj gormanbj added the triaged Issue was processed the bug triage meeting. label Sep 4, 2024
@miwent miwent linked a pull request Sep 6, 2024 that will close this issue
44 please update the schema categories table #46
Closed
2 tasks
@miwent miwent removed a link to a pull request Sep 6, 2024
44 please update the schema categories table #46
Closed
2 tasks
@miwent miwent linked a pull request Sep 6, 2024 that will close this issue
Added GIM mapping CSV file #47
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@annie-zempel annie-zempel

Labels
triaged Issue was processed the bug triage meeting.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added GIM mapping CSV file Graylog2/illuminate-documentation
3 participants
@miwent @annie-zempel @gormanbj