Merge branch 'main' into fix/RemoveAutomationInfoFromWrongFormats

HarishHary · May 22, 2024 · 72446c0 · 72446c0
2 parents 8944bc3 + c7bc774
commit 72446c0
Show file tree

Hide file tree

Showing 9 changed files with 11 additions and 33 deletions.
diff --git a/Tanium/_meta/manifest.yml b/Tanium/_meta/manifest.yml
@@ -1,4 +1,4 @@
-uuid: b433f418-490f-4f46-8f6f-4566df5a74dd
+uuid: b788522c-fa2f-4742-ab96-b37ff770e0cb
 name: Tanium
 slug: tanium
-description: ""
+description: Tanium is a privately held cybersecurity and systems management
diff --git a/VMWare/vmware-vcenter/ingest/parser.yml b/VMWare/vmware-vcenter/ingest/parser.yml
@@ -6,7 +6,7 @@ pipeline:
       properties:
         input_field: "{{original.message}}"
         output_field: message
-        pattern: "%{SESSION_TYPE_1}|%{SESSION_TYPE_2}|%{SESSION_TYPE_3}|%{SESSION_TYPE_4}|%{SESSION_TYPE_5}|%{SESSION_TYPE_6}|%{CONNECTIONS}|%{FAULT}|%{FAULT_TYPE_2}|%{HTTP_LOGS_1}|%{HTTP_LOGS_2}|%{OTHERS_EVENTS_TYPE_6}|%{OTHERS_EVENTS}|%{OTHERS_EVENTS_TYPE_2}|%{OTHERS_EVENTS_TYPE_3}|%{OTHERS_EVENTS_TYPE_5}|%{OTHERS_EVENTS_TYPE_4}"
+        pattern: "%{SESSION_TYPE_1}|%{SESSION_TYPE_2}|%{SESSION_TYPE_3}|%{SESSION_TYPE_4}|%{SESSION_TYPE_5}|%{SESSION_TYPE_6}|%{CONNECTIONS}|%{FAULT}|%{FAULT_TYPE_2}|%{HTTP_LOGS_1}|%{HTTP_LOGS_2}|%{OTHERS_EVENTS_TYPE_6}|%{OTHERS_EVENTS}|%{OTHERS_EVENTS_TYPE_2}|%{OTHERS_EVENTS_TYPE_3}|%{OTHERS_EVENTS_TYPE_5}|%{GREEDYDATA}"
         custom_patterns:
           SESSION_TYPE_1: 'Event \[%{INT:id}\] \[1-1\] \[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:event_code}\] \[%{DATA:log_level}\] \[%{DATA:source_user_name}\] \[%{HOSTNAME:hostname}\] \[%{INT}] \[Cannot login %{USERNAME:username}@%{IP:ip_address}\]'
           SESSION_TYPE_2: 'Event \[%{INT:id}\] \[1-1\] \[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:event_code}\] \[%{DATA:log_level}\] \[%{DATA}\] \[%{DATA}\] \[%{INT}\] \[User (%{DATA:source_user_domain}\\)?%{DATA:source_user_name}@%{IP:ip_address} logged in as %{DATA:username}\]'
@@ -21,8 +21,7 @@ pipeline:
           HTTP_LOGS_2: '\[%{HTTPDATE:http_logs2_timestamp}\] %{DATA:thread} \[Request]\ %{IP:source_ip}:%{NUMBER:source_port} to local %{NUMBER:destination_port} - HTTP/%{NUMBER:http_version} %{DATA:http_method} %{URIPATH:url_path} %{DATA} %{NUMBER:response_status} - %{NUMBER:response_bytes} bytes %{DATA} process %{NUMBER:process_time}ms / commit %{NUMBER:commit_time}ms / conn \[%{DATA:conn_status}\]'
           OTHERS_EVENTS: '%{TIMESTAMP_ISO8601:timestamp} %{DATA:log_level} %{DATA:process}\[%{INT:pid}\] \[%{DATA}\] %{DATA} -- %{GREEDYDATA:reason}'
           OTHERS_EVENTS_TYPE_2: '%{TIMESTAMP_ISO8601:timestamp} \[%{DATA:thread}\] %{DATA:log_level} opId=%{DATA:operationID} %{DATA:process} - %{GREEDYDATA:reason}'
-          OTHERS_EVENTS_TYPE_3: '%{TIMESTAMP_ISO8601:timestamp}: %{DATA}: \[%{GREEDYDATA:reason}'
-          OTHERS_EVENTS_TYPE_4: "%{GREEDYDATA:reason}"
+          OTHERS_EVENTS_TYPE_3: '%{TIMESTAMP_ISO8601:timestamp}: %{DATA}: \[%{GREEDYDATA:reason}\]'
           OTHERS_EVENTS_TYPE_5: '\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:log_level} \] %{GREEDYDATA:reason}'
           OTHERS_EVENTS_TYPE_6: 'Event \[%{INT:id}\] \[1-1\] \[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:event_code}\] \[%{DATA:log_level}\] \[%{DATA}\] \[%{DATA}\] \[%{INT}\] \[A ticket for %{USERNAME:username} of type %{DATA} on %{IP:ip_address} in %{DATA} has been acquired\]'
   - name: parsed_date

diff --git a/VMWare/vmware-vcenter/tests/others_events_type3.json b/VMWare/vmware-vcenter/tests/others_events_type3.json
@@ -1,9 +1,9 @@
 {
   "input": {
-    "message": "2023-05-11T10:22:26.181+0000: 23134193.224: [GC (Allocation Failure)"
+    "message": "2023-05-11T10:22:26.181+0000: 23134193.224: [GC (Allocation Failure)]"
   },
   "expected": {
-    "message": "2023-05-11T10:22:26.181+0000: 23134193.224: [GC (Allocation Failure)",
+    "message": "2023-05-11T10:22:26.181+0000: 23134193.224: [GC (Allocation Failure)]",
     "event": {
       "category": [
         "network"

diff --git a/VMWare/vmware-vcenter/tests/others_events_type4.json b/VMWare/vmware-vcenter/tests/others_events_type4.json
diff --git a/VMWare/vmware-vcenter/tests/others_tests_example3_type3.json b/VMWare/vmware-vcenter/tests/others_tests_example3_type3.json
@@ -8,7 +8,7 @@
       "category": [
         "network"
       ],
-      "reason": "WeakReference, 0 refs, 0.0000061 secs]",
+      "reason": "WeakReference, 0 refs, 0.0000061 secs",
       "type": [
         "connection"
       ]

diff --git a/VMWare/vmware-vcenter/tests/others_tests_example4_type3.json b/VMWare/vmware-vcenter/tests/others_tests_example4_type3.json
@@ -8,7 +8,7 @@
       "category": [
         "network"
       ],
-      "reason": "FinalReference, 150 refs, 0.0004388 secs]",
+      "reason": "FinalReference, 150 refs, 0.0004388 secs",
       "type": [
         "connection"
       ]

diff --git a/VMWare/vmware-vcenter/tests/others_tests_example5_type3.json b/VMWare/vmware-vcenter/tests/others_tests_example5_type3.json
@@ -8,7 +8,7 @@
       "category": [
         "network"
       ],
-      "reason": "PhantomReference, 0 refs, 0 refs, 0.0000065 secs]",
+      "reason": "PhantomReference, 0 refs, 0 refs, 0.0000065 secs",
       "type": [
         "connection"
       ]

diff --git a/VMWare/vmware-vcenter/tests/others_tests_example6_type3.json b/VMWare/vmware-vcenter/tests/others_tests_example6_type3.json
@@ -8,7 +8,7 @@
       "category": [
         "network"
       ],
-      "reason": "JNI Weak Reference, 0.0000149 secs]",
+      "reason": "JNI Weak Reference, 0.0000149 secs",
       "type": [
         "connection"
       ]

diff --git a/VMWare/vmware-vcenter/tests/others_tests_example_type3.json b/VMWare/vmware-vcenter/tests/others_tests_example_type3.json
@@ -8,7 +8,7 @@
       "category": [
         "network"
       ],
-      "reason": "SoftReference, 0 refs, 0.0000457 secs]",
+      "reason": "SoftReference, 0 refs, 0.0000457 secs",
       "type": [
         "connection"
       ]