Skip to content

Commit

Permalink
Merge pull request #281 from airbnb/mimeframe-streamalert-schemas-update
Browse files Browse the repository at this point in the history
[streamalert] logs - update CB and osquery schemas
  • Loading branch information
mimeframe authored Sep 6, 2017
2 parents 08b9dc5 + d7e640e commit 8942c7d
Showing 1 changed file with 34 additions and 6 deletions.
40 changes: 34 additions & 6 deletions conf/logs.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"md5": "string",
"node_id": "string",
"size": "string",
"timestamp": "float",
"timestamp": "string",
"type": "string"
},
"parser": "json"
Expand Down Expand Up @@ -151,13 +151,21 @@
"alert_resolution": "string",
"cb_server": "string",
"feed_name": "string",
"ioc_query_index": "string",
"ioc_query_string": "string",
"ioc_type": "string",
"ioc_value": "string",
"report_id": [],
"timestamp": "string",
"type": "string"
},
"parser": "json"
"parser": "json",
"configuration": {
"optional_top_level_keys": [
"ioc_query_index",
"ioc_query_string"
]
}
},
"carbonblack:alert.watchlist.hit.feedsearch.binary": {
"schema": {
Expand Down Expand Up @@ -273,7 +281,7 @@
},
"carbonblack:alert.watchlist.hit.query.process": {
"schema": {
"alert_severity": "integer",
"alert_severity": "float",
"alert_type": "string",
"assigned_to": "string",
"cb_server": "string",
Expand All @@ -290,7 +298,7 @@
"hostname": "string",
"interface_ip": "string",
"ioc_attr": "string",
"ioc_confidence": "integer",
"ioc_confidence": "float",
"ioc_type": "string",
"md5": "string",
"modload_count": "integer",
Expand Down Expand Up @@ -804,6 +812,7 @@
"hostIdentifier": "string",
"calendarTime": "string",
"unixTime": "string",
"epoch": "integer",
"columns": {},
"action": "string",
"decorations": {},
Expand All @@ -812,8 +821,9 @@
"parser": "json",
"configuration": {
"optional_top_level_keys": [
"log_type",
"decorations"
"decorations",
"epoch",
"log_type"
]
}
},
Expand All @@ -837,6 +847,24 @@
]
}
},
"osquery_snapshot": {
"schema": {
"snapshot": [],
"name": "string",
"hostIdentifier": "string",
"calendarTime": "string",
"unixTime": "string",
"action": "string",
"decorations": {},
"log_type": "string"
},
"parser": "json",
"configuration": {
"optional_top_level_keys": [
"decorations"
]
}
},
"pan": {
"schema": {
"messageId": "string",
Expand Down

0 comments on commit 8942c7d

Please sign in to comment.