From 30ea9a9ad942527627e15178d756161f463a363e Mon Sep 17 00:00:00 2001 From: AzureKid Date: Mon, 13 Nov 2023 20:22:19 +0100 Subject: [PATCH 1/5] added EquivalentBuiltInParser --- ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml | 1 + ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml | 1 + 20 files changed, 20 insertions(+) diff --git a/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml index ceab4a0ea6e..570d65aa908 100644 --- a/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM Audit Event normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_AuditEvent_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml index 85e4d792388..d5378f04b80 100644 --- a/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM Authentication normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_Authentication_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml index 7a2ab5d96e4..545eb421d56 100644 --- a/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing logs to the ASIM Dhcp normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_Dhcp_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml index 4f559adba53..e294b64acc7 100644 --- a/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM DNS activity normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_Dns_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml index cc2b303feb5..a8870b55b5f 100644 --- a/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM file activity normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_FileEvent_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml index e2f8fa1ffbf..334d217def0 100644 --- a/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing logs to the ASIM Network Session normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_NetworkSession_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml index fcff1edc42d..2545c63262d 100644 --- a/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml @@ -15,6 +15,7 @@ references: Description: This ASIM parser supports normalizing the logs to the ASIM process event normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_ProcessEvent_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml index 769e7e497a9..146a7abc711 100644 --- a/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing logs to the ASIM Registry event normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_RegistryEvent_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml index cbfccfb17bc..592fae28966 100644 --- a/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM User Management activity normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_UserManagement_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml index 03f69f67d0d..1553080e8a5 100644 --- a/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing logs to the ASIM Web Session normalized schema. ParserName: +EquivalentBuiltInParser: <_ASim_WebSession_Product> ParserParams: - Name: disabled Type: bool diff --git a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml index 9ea31db34cd..0454cdc2eac 100644 --- a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM Audit Event normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_AuditEvent_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml index 16293e754fc..05a141a6bc2 100644 --- a/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports filtering and normalizing the logs to the ASIM authentication normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_Authentication_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml b/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml index 471d383a348..5a40766942b 100644 --- a/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports filtering and normalizing the logs to the ASIM authentication normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_Dhcp_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml b/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml index 8466cbf8b32..2b06141a942 100644 --- a/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports filtering and normalizing the logs to the ASIM DNS activity normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_Dns_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml index 52787e74037..0b2a00a5f5c 100644 --- a/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM file activity normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_FileEvent_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml index 185fb101636..9ef0eff9851 100644 --- a/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports filtering and normalizing logs to the ASIM Network Session normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_NetworkSession_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml index 774acda83b5..40d8c7a94f2 100644 --- a/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml @@ -15,6 +15,7 @@ references: Description: This ASIM parser supports normalizing the logs to the ASIM process event normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_ProcessEvent_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml index 023922fb1b7..4518f6ffb59 100644 --- a/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing logs to the ASIM Registry event normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_RegistryEvent_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml b/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml index f6dbe5b83e5..676d24d9f09 100644 --- a/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports normalizing the logs to the ASIM User Management activity normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_UserManagement_Product> ParserParams: - Name: starttime Type: datetime diff --git a/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml index d751575c47d..e437734e40d 100644 --- a/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml @@ -15,6 +15,7 @@ References: Description: | This ASIM parser supports filtering and normalizing logs to the ASIM Web Session normalized schema. ParserName: +EquivalentBuiltInParser: <_Im_WebSession_Product> ParserParams: - Name: starttime Type: datetime From 3ab37650b0527d5f6e8be81f78c4f4f0a7bf800d Mon Sep 17 00:00:00 2001 From: AzureKid Date: Mon, 13 Nov 2023 20:25:36 +0100 Subject: [PATCH 2/5] Added default for LastUpdated field --- ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml | 2 +- ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml | 2 +- 20 files changed, 20 insertions(+), 20 deletions(-) diff --git a/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml index 570d65aa908..2f8ec699ed3 100644 --- a/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: ASIM Audit Event parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml index d5378f04b80..44a226ee176 100644 --- a/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: ASIM Authentication parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml index 545eb421d56..b73863adffd 100644 --- a/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimDhcpTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Dhcp ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml index e294b64acc7..c0ce303cec3 100644 --- a/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: DNS activity ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml index a8870b55b5f..9b60011a994 100644 --- a/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: File events ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml index 334d217def0..516be25e466 100644 --- a/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Network Session ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml index 2545c63262d..5fb4ab297c6 100644 --- a/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Process event ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml index 146a7abc711..9b2d1aaf059 100644 --- a/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Registry Event ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml index 592fae28966..25aee7cfddd 100644 --- a/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: User Management activity ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml index 1553080e8a5..abbeb912d92 100644 --- a/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Web Session ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml index 0454cdc2eac..b5c4ae90fcd 100644 --- a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: ASIM Audit Event parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml index 05a141a6bc2..fd441ed6f8c 100644 --- a/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: ASIM Authentication filtering parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml b/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml index 5a40766942b..361a53f3ff9 100644 --- a/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimDhcpTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: ASIM Dhcp filtering parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml b/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml index 2b06141a942..4e4eac3335d 100644 --- a/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: DNS activity ASIM filtering parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml index 0b2a00a5f5c..46a61f91711 100644 --- a/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: File events ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml index 9ef0eff9851..83dcd401841 100644 --- a/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Network Session ASIM filtering parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml index 40d8c7a94f2..2662dd931af 100644 --- a/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Process event ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml index 4518f6ffb59..a70e448eb6a 100644 --- a/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Registry Event ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml b/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml index 676d24d9f09..b1b9db1e10d 100644 --- a/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: User Management activity ASIM parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: diff --git a/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml b/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml index e437734e40d..7780073ba81 100644 --- a/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml @@ -1,7 +1,7 @@ Parser: Title: Web Session ASIM filtering parser for Version: '' - LastUpdated: + LastUpdated: Product: Name: Normalization: From 2248c1feb58ec9411c03b4c00b24897a1012f259 Mon Sep 17 00:00:00 2001 From: AzureKid Date: Mon, 13 Nov 2023 20:28:49 +0100 Subject: [PATCH 3/5] changed eventtype to dynamic --- ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml index b5c4ae90fcd..5f0634f5fab 100644 --- a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml @@ -27,8 +27,8 @@ ParserParams: Type: dynamic Default: dynamic([]) - Name: eventtype_in - Type: string - Default: '*' + Type: dynamic + Default: dynamic([]) - Name: eventresult Type: string Default: '*' @@ -52,7 +52,7 @@ ParserQuery: | starttime:datetime = datetime(null) , endtime:datetime = datetime(null) , srcipaddr_has_any_prefix:dynamic = dynamic([]) - , eventtype_in:string = '*' + , eventtype_in:string = dynamic([]) , eventresult:string = '*' , actorusername_has_any:dynamic = dynamic([]) , operation_has_any:dynamic = dynamic([]) From 2b9f3246fa2b77d3b1b897bbfcbed694c3bc1e8f Mon Sep 17 00:00:00 2001 From: AzureKid Date: Mon, 13 Nov 2023 20:33:20 +0100 Subject: [PATCH 4/5] added requested filters --- .../vimAuthenticationTemplate.yaml | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml index fd441ed6f8c..f243fa5f8f7 100644 --- a/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml +++ b/ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml @@ -26,15 +26,27 @@ ParserParams: - Name: targetusername_has Type: string Default: '*' + - Name: eventtype_in + Type: dynamic + Default: dynamic([]) + - Name: eventresultdetails_in + Type: dynamic + Default: dynamic([]) + - Name: eventresult + Type: string + Default: '*' - Name: disabled Type: bool Default: false ParserQuery: | let parser = ( - starttime:datetime = datetime(null) - , endtime:datetime = datetime(null) - , targetusername_has:string = "*" - , disabled:bool = false + starttime:datetime = datetime(null) + , endtime:datetime = datetime(null) + , targetusername_has:string = "*" + , eventtype_in:dynamic = dynamic([]) + , eventresultdetails_in:dynamic = dynamic([]) + , eventresult:string = '*' + , disabled:bool = false ) { @@ -43,5 +55,8 @@ ParserQuery: | starttime = starttime , endtime = endtime , targetusername_has = targetusername_has + , eventtype_in = eventtype_in + , eventresultdetails_in = eventresultdetails_in + , eventresult = eventresult , disabled = disabled ) From 4f767c09ed1c5819a84ef8d2cde83e705c2c13aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 22:07:56 +0000 Subject: [PATCH 5/5] Bump the pip group across 5 directories with 4 updates Bumps the pip group with 2 updates in the /Solutions/Box/Data Connectors directory: [cryptography](https://github.com/pyca/cryptography) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 2 updates in the /Solutions/CiscoUmbrella/Data Connectors directory: [cryptography](https://github.com/pyca/cryptography) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /Solutions/CyberArkEPM/DataConnectors directory: [lxml](https://github.com/lxml/lxml). Bumps the pip group with 1 update in the /Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts directory: [cryptography](https://github.com/pyca/cryptography). Bumps the pip group with 3 updates in the /Solutions/Fortinet FortiNDR Cloud/Data Connectors directory: [cryptography](https://github.com/pyca/cryptography), [urllib3](https://github.com/urllib3/urllib3) and [aiohttp](https://github.com/aio-libs/aiohttp). Updates `cryptography` from 41.0.6 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.4) Updates `urllib3` from 1.26.9 to 1.26.18 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...1.26.18) Updates `cryptography` from 36.0.0 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.4) Updates `urllib3` from 1.25.11 to 1.26.18 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...1.26.18) Updates `lxml` from 4.8.0 to 4.9.1 - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](https://github.com/lxml/lxml/compare/lxml-4.8.0...lxml-4.9.1) Updates `cryptography` from 41.0.6 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.4) Updates `cryptography` from 36.0.2 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.4) Updates `urllib3` from 1.26.17 to 1.26.18 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...1.26.18) Updates `aiohttp` from 3.8.6 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](https://github.com/aio-libs/aiohttp/compare/v3.8.6...v3.9.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: cryptography dependency-type: direct:production dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: lxml dependency-type: direct:production dependency-group: pip-security-group - dependency-name: cryptography dependency-type: direct:production dependency-group: pip-security-group - dependency-name: cryptography dependency-type: direct:production dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] --- Solutions/Box/Data Connectors/requirements.txt | 4 ++-- Solutions/CiscoUmbrella/Data Connectors/requirements.txt | 4 ++-- Solutions/CyberArkEPM/DataConnectors/requirements.txt | 2 +- .../Data Connectors/DataminrPulseAlerts/requirements.txt | 2 +- .../Data Connectors/requirements.txt | 6 +++--- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Solutions/Box/Data Connectors/requirements.txt b/Solutions/Box/Data Connectors/requirements.txt index d0a42c2f9ce..788857d4ba1 100644 --- a/Solutions/Box/Data Connectors/requirements.txt +++ b/Solutions/Box/Data Connectors/requirements.txt @@ -5,8 +5,8 @@ azure-functions pyjwt==2.4.0 -cryptography==41.0.6 +cryptography==42.0.4 boxsdk==3.3.0 azure-storage-file-share==12.7.0 python-dateutil==2.8.2 -urllib3==1.26.9 \ No newline at end of file +urllib3==1.26.18 \ No newline at end of file diff --git a/Solutions/CiscoUmbrella/Data Connectors/requirements.txt b/Solutions/CiscoUmbrella/Data Connectors/requirements.txt index 1642f88f05f..64bc9cd8dc2 100644 --- a/Solutions/CiscoUmbrella/Data Connectors/requirements.txt +++ b/Solutions/CiscoUmbrella/Data Connectors/requirements.txt @@ -10,7 +10,7 @@ botocore==1.12.253 certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.1.0 -cryptography==36.0.0 +cryptography==42.0.4 docutils==0.15.2 idna==2.8 isodate==0.6.1 @@ -24,4 +24,4 @@ requests-oauthlib==1.3.1 s3transfer==0.2.1 six==1.16.0 typing_extensions==4.0.0 -urllib3==1.25.11 \ No newline at end of file +urllib3==1.26.18 \ No newline at end of file diff --git a/Solutions/CyberArkEPM/DataConnectors/requirements.txt b/Solutions/CyberArkEPM/DataConnectors/requirements.txt index fb0c963a3db..48a23476619 100644 --- a/Solutions/CyberArkEPM/DataConnectors/requirements.txt +++ b/Solutions/CyberArkEPM/DataConnectors/requirements.txt @@ -5,4 +5,4 @@ azure-storage-file-share==12.5.0 azure-functions requests -lxml==4.8.0 +lxml==4.9.1 diff --git a/Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/requirements.txt b/Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/requirements.txt index 496d0e5ac4f..0a77cda6fe2 100644 --- a/Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/requirements.txt +++ b/Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/requirements.txt @@ -8,7 +8,7 @@ requests #Libraries for Log Analytics to Threat Intelligence Function. azure-monitor-query azure-identity -cryptography==41.0.6 +cryptography==42.0.4 asyncio aiohttp azure-storage-file-share==12.10.1 diff --git a/Solutions/Fortinet FortiNDR Cloud/Data Connectors/requirements.txt b/Solutions/Fortinet FortiNDR Cloud/Data Connectors/requirements.txt index 45b28ea9ead..3231ff46888 100644 --- a/Solutions/Fortinet FortiNDR Cloud/Data Connectors/requirements.txt +++ b/Solutions/Fortinet FortiNDR Cloud/Data Connectors/requirements.txt @@ -2,7 +2,7 @@ # The Python Worker is managed by Azure Functions platform # Manually managing azure-functions-worker may cause unexpected issues -aiohttp==3.8.6 +aiohttp==3.9.2 aiosignal==1.3.1 astor==0.8.1 astroid==2.9.3 @@ -29,7 +29,7 @@ commonmark==0.9.1 ConfigArgParse==1.7 configparser==5.3.0 coverage==7.3.2 -cryptography==36.0.2 +cryptography==42.0.4 dateparser==1.1.8 decorator==5.1.1 demisto-py==3.2.13 @@ -157,7 +157,7 @@ typing_extensions==4.8.0 tzdata==2023.3 tzlocal==4.3.1 ujson==5.8.0 -urllib3==1.26.17 +urllib3==1.26.18 vulture==2.10 wcmatch==8.5 wcwidth==0.2.8