Skip to content

Commit

Permalink
[conf] Update osquery types and sort conf/types.json by types.
Browse files Browse the repository at this point in the history
  • Loading branch information
Chunyong Lin committed Sep 6, 2017
1 parent 0119f4f commit f97a6a7
Showing 1 changed file with 36 additions and 32 deletions.
68 changes: 36 additions & 32 deletions conf/types.json
Original file line number Diff line number Diff line change
@@ -1,66 +1,70 @@
{
"carbonblack":{
"userName": ["username"],
"command": ["cmdline"],
"destinationAddress": ["remote_ip"],
"destinationDomain": ["domain"],
"processPath": ["parent_path", "process_path", "path"],
"destinationPort": ["remote_port"],
"deviceAddress": ["interface_ip", "comms_ip"],
"fileHash": ["process_md5", "parent_md5", "expect_followon_w_md5", "md5"],
"fileName": ["observed_filename", "file_path"],
"filePath": ["path"],
"transportProtocol": ["protocol"],
"processName": ["parent_name", "process_name"],
"fileName": ["observed_filename", "file_path"],
"command": ["cmdline"],
"fileHash": ["process_md5", "parent_md5", "expect_followon_w_md5", "md5"],
"deviceAddress": ["interface_ip", "comms_ip"],
"processPath": ["parent_path", "process_path", "path"],
"sourceAddress": ["ipv4", "local_ip"],
"destinationAddress": ["remote_ip"],
"sourcePort": ["port", "local_port"],
"destinationPort": ["remote_port"]
"transportProtocol": ["protocol"],
"userName": ["username"]
},
"cloudwatch":{
"userName": ["userName", "owner", "invokedBy"],
"sourceAccount": ["account"],
"destinationAccount": ["recipientAccountId"],
"transportProtocol": ["protocol"],
"eventType": ["eventType"],
"destinationAddress": ["destination"],
"destinationPort": ["destport"],
"eventName": ["eventName"],
"eventType": ["eventType"],
"region": ["region"],
"userAgent": ["userAgent"],
"sourceAccount": ["account"],
"sourceAddress": ["source", "sourceIPAddress"],
"destinationAddress": ["destination"],
"sourcePort": ["srcport"],
"destinationPort": ["destport"]
"transportProtocol": ["protocol"],
"userAgent": ["userAgent"],
"userName": ["userName", "owner", "invokedBy"]
},
"cloudtrail": {
"sourceAccount": ["account", "accountId"],
"destinationAccount": ["recipientAccountId"],
"eventType": ["eventType"],
"eventName": ["eventName"],
"eventType": ["eventType"],
"region": ["region", "awsRegion"],
"userAgent": ["userAgent"],
"sourceAddress": ["sourceIPAddress"]
"sourceAccount": ["account", "accountId"],
"sourceAddress": ["sourceIPAddress"],
"userAgent": ["userAgent"]
},
"ghe": {
"userName": ["current_user"],
"destinationAddress": ["remote_address"],
"sourcePort": ["port"]
"sourcePort": ["port"],
"userName": ["current_user"]
},
"osquery": {
"userName": ["username", "user"],
"filePath": ["path"],
"transportProtocol": ["protocol"],
"severity": ["severity"],
"command": ["cmdline", "command"],
"destinationAddress": ["destination", "remote_address", "gateway"],
"destinationPort": ["remote_port"],
"fileHash": ["md5", "sha1", "sha256"],
"filePath": ["path", "directory"],
"fileSize": ["size"],
"message": ["message"],
"receiptTime": ["unixTime"],
"severity": ["severity"],
"sourceAddress": ["host", "source", "local_address", "address"],
"destinationAddress": ["destination", "remote_address", "gateway"],
"sourcePort": ["local_port", "port"],
"destinationPort": ["remote_port"]
"sourceUserId": ["uid"],
"transportProtocol": ["protocol"],
"userName": ["username", "user"]
},
"pan": {
"userName": ["srcuser", "dstuser"],
"transportProtocol": ["proto"],
"sourceAddress": ["src", "natsrc"],
"destinationAddress": ["dst", "natdst"],
"destinationPort": ["dport", "natdport"],
"sourceAddress": ["src", "natsrc"],
"sourcePort": ["sport", "natsport"],
"destinationPort": ["dport", "natdport"]
"transportProtocol": ["proto"],
"userName": ["srcuser", "dstuser"]
}
}

0 comments on commit f97a6a7

Please sign in to comment.