-
Notifications
You must be signed in to change notification settings - Fork 28
/
test_event_reason1.json
61 lines (61 loc) · 1.79 KB
/
test_event_reason1.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
{
"input": {
"message": "1,2024/10/25 16:10:48,024101010000,SYSTEM,userid,2562,2024/10/25 16:10:48,,connect-ldap-sever,1.2.3.4,0,0,general,informational,\"ldap cfg joe_done connected to server 5.6.7.8:333, initiated by: 0.0.1.1\",73897065222988700000,0x0,0,0,0,0,,FFFFFF01,0,0,2024-10-25T16:10:48.575+02:00",
"sekoiaio": {
"intake": {
"dialect": "Palo Alto NGFW",
"dialect_uuid": "903ec1b8-f206-4ba5-8563-db21da09cafd"
}
}
},
"expected": {
"message": "1,2024/10/25 16:10:48,024101010000,SYSTEM,userid,2562,2024/10/25 16:10:48,,connect-ldap-sever,1.2.3.4,0,0,general,informational,\"ldap cfg joe_done connected to server 5.6.7.8:333, initiated by: 0.0.1.1\",73897065222988700000,0x0,0,0,0,0,,FFFFFF01,0,0,2024-10-25T16:10:48.575+02:00",
"event": {
"category": [
"network"
],
"dataset": "system",
"reason": "ldap cfg joe_done connected to server 5.6.7.8:333, initiated by: 0.0.1.1",
"type": [
"info"
]
},
"@timestamp": "2024-10-25T14:10:48.575000Z",
"action": {
"name": "connect-ldap-sever",
"type": "userid"
},
"destination": {
"address": "5.6.7.8",
"ip": "5.6.7.8"
},
"log": {
"hostname": "FFFFFF01",
"level": "informational",
"logger": "system"
},
"observer": {
"name": "FFFFFF01",
"product": "PAN-OS",
"serial_number": "024101010000"
},
"paloalto": {
"DGHierarchyLevel1": "0",
"DGHierarchyLevel2": "0",
"DGHierarchyLevel3": "0",
"DGHierarchyLevel4": "0",
"EventID": "connect-ldap-sever",
"Threat_ContentType": "userid"
},
"related": {
"ip": [
"0.0.1.1",
"5.6.7.8"
]
},
"source": {
"address": "0.0.1.1",
"ip": "0.0.1.1"
}
}
}