feat(TrendMicro): extract event.dataset

SEKOIA-IO · Jan 21, 2025 · 3ee60a9 · 3ee60a9
1 parent 65e9ad2
commit 3ee60a9
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 0 deletions.
diff --git a/Trend Micro/trend-micro-vision-one-oat/ingest/parser.yml b/Trend Micro/trend-micro-vision-one-oat/ingest/parser.yml
@@ -41,6 +41,7 @@ stages:
           event.end: "{{parsed_event.message.detail.lastSeen | to_rfc3339}}"
           event.provider: "{{parsed_event.message.pname}}"
           event.reason: "{{parsed_event.message.description}}"
+          event.dataset: "{{parsed_event.message.source}}"
 
           host.id: "{{parsed_event.message.detail.endpointGuid}}"
           host.os.name: "{{parsed_event.message.detail.osName}}"

diff --git a/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_1.json b/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_1.json
@@ -8,6 +8,7 @@
       "category": [
         "intrusion_detection"
       ],
+      "dataset": "endpointActivityData",
       "end": "2022-04-12T23:43:15Z",
       "start": "2022-04-12T23:43:15Z",
       "type": [

diff --git a/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_2.json b/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_2.json
@@ -8,6 +8,7 @@
       "category": [
         "intrusion_detection"
       ],
+      "dataset": "endpointActivityData",
       "end": "2024-11-26T16:45:02.571000Z",
       "start": "2024-11-26T16:45:02.571000Z",
       "type": [

diff --git a/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_3.json b/Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_3.json
@@ -8,6 +8,7 @@
       "category": [
         "intrusion_detection"
       ],
+      "dataset": "endpointActivityData",
       "end": "2024-11-26T16:45:03.446000Z",
       "start": "2024-11-26T16:45:01.774000Z",
       "type": [