Instantly share code, notes, and snippets.
Created
June 30, 2017 01:29
-
Star
(0)
0
You must be signed in to star a gist -
Fork
(0)
0
You must be signed in to fork a gist
-
Save bvarghese1/49cea9d2afda27913f2f1ae2d3209770 to your computer and use it in GitHub Desktop.
navigation and config API response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GET https://10.43.7.112/api/configuration/getNavigationAndConfig/logs | |
{ | |
"data": { | |
"data_sources": { | |
"fields": [ | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "new_source", | |
"visibleValue": "New Source" | |
} | |
], | |
"externalName": "Source", | |
"fieldType": "enum", | |
"internalName": "source" | |
}, | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "splunk", | |
"visibleValue": "Splunk" | |
}, | |
{ | |
"internalValue": "syslog", | |
"visibleValue": "Syslog" | |
}, | |
{ | |
"internalValue": "ldap", | |
"visibleValue": "LDAP" | |
}, | |
{ | |
"internalValue": "wmi", | |
"visibleValue": "WMI" | |
}, | |
{ | |
"internalValue": "soltra", | |
"visibleValue": "soltra" | |
}, | |
{ | |
"internalValue": "amoncollector", | |
"visibleValue": "AMON collector" | |
} | |
], | |
"externalName": "Source Type", | |
"fieldType": "enum", | |
"internalName": "source_type" | |
}, | |
{ | |
"asciiOnly": true, | |
"externalName": "Label", | |
"fieldType": "string", | |
"internalName": "label" | |
}, | |
{ | |
"externalName": "Username", | |
"fieldType": "string", | |
"internalName": "userName", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Password", | |
"fieldType": "string", | |
"internalName": "password", | |
"isOptional": true, | |
"isPassword": true | |
}, | |
{ | |
"asciiOnly": true, | |
"externalName": "IP or Host", | |
"fieldType": "hostNameOrIpAddress", | |
"internalName": "wmiIpOrHost", | |
"isOptional": true | |
}, | |
{ | |
"asciiOnly": true, | |
"externalName": "Hostname", | |
"fieldType": "hostNameOrIpAddress", | |
"internalName": "hostName", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Time Offset", | |
"fieldType": "integer", | |
"internalName": "timeOffset", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Port", | |
"fieldRange": "1-65535", | |
"fieldType": "integer", | |
"internalName": "hostPort", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "TCP Port", | |
"fieldRange": "1-65535", | |
"fieldType": "integer", | |
"internalName": "syslogListenTcpPort", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "UDP Port", | |
"fieldRange": "1-65535", | |
"fieldType": "integer", | |
"internalName": "syslogListenUdpPort", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Base DN", | |
"fieldType": "LDAPDN", | |
"internalName": "queryDN", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Filter Query", | |
"fieldType": "string", | |
"internalName": "filterQuery", | |
"isOptional": true | |
}, | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "true", | |
"visibleValue": "Enabled" | |
}, | |
{ | |
"internalValue": "starttls", | |
"visibleValue": "STARTTLS" | |
}, | |
{ | |
"internalValue": "false", | |
"visibleValue": "Disabled" | |
} | |
], | |
"externalName": "SSL", | |
"fieldType": "enum", | |
"internalName": "use_ssl", | |
"isOptional": true | |
}, | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "clear_text", | |
"visibleValue": "Clear Text" | |
}, | |
{ | |
"internalValue": "https", | |
"visibleValue": "HTTPS" | |
}, | |
{ | |
"internalValue": "two_way_handshake", | |
"visibleValue": "Two-Way SSL Handshake" | |
} | |
], | |
"externalName": "Connect Using", | |
"fieldType": "enum", | |
"internalName": "connect_using", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Certificate", | |
"fieldType": "string", | |
"internalName": "certificate_path", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Private Key", | |
"fieldType": "string", | |
"internalName": "private_key_path", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Key Password", | |
"fieldType": "string", | |
"internalName": "key_password", | |
"isOptional": true, | |
"isPassword": true | |
} | |
], | |
"section": { | |
"groupName": "Logs", | |
"id": "cfg_data_sources", | |
"name": "Data Sources" | |
} | |
}, | |
"data_types": { | |
"fields": [ | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "splunk", | |
"visibleValue": "Splunk" | |
}, | |
{ | |
"internalValue": "syslog", | |
"visibleValue": "Syslog" | |
}, | |
{ | |
"internalValue": "wmi", | |
"visibleValue": "WMI" | |
}, | |
{ | |
"internalValue": "ldap", | |
"visibleValue": "LDAP" | |
}, | |
{ | |
"internalValue": "soltra", | |
"visibleValue": "soltra" | |
}, | |
{ | |
"internalValue": "amoncollector", | |
"visibleValue": "AMON collector" | |
} | |
], | |
"externalName": "Source Type", | |
"fieldType": "enum", | |
"internalName": "source_type" | |
}, | |
{ | |
"asciiOnly": true, | |
"externalName": "Label", | |
"fieldType": "string", | |
"internalName": "label" | |
}, | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "standard", | |
"visibleValue": "Standard" | |
}, | |
{ | |
"internalValue": "cef", | |
"visibleValue": "CEF" | |
}, | |
{ | |
"internalValue": "stix/taxii", | |
"visibleValue": "STIX/ TAXII" | |
}, | |
{ | |
"internalValue": "multiline", | |
"visibleValue": "Multi-line" | |
}, | |
{ | |
"internalValue": "nxlog", | |
"visibleValue": "NXLog" | |
}, | |
{ | |
"internalValue": "acs", | |
"visibleValue": "ACS" | |
}, | |
{ | |
"internalValue": "cef_xml", | |
"visibleValue": "CEF/XML" | |
}, | |
{ | |
"internalValue": "qradar", | |
"visibleValue": "QRadar" | |
}, | |
{ | |
"internalValue": "rsa", | |
"visibleValue": "RSA" | |
}, | |
{ | |
"internalValue": "intrust", | |
"visibleValue": "Intrust" | |
}, | |
{ | |
"internalValue": "snare", | |
"visibleValue": "Snare" | |
}, | |
{ | |
"internalValue": "amon", | |
"visibleValue": "AMON" | |
} | |
], | |
"externalName": "Format", | |
"fieldType": "enum", | |
"internalName": "format" | |
}, | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "microsoft", | |
"visibleValue": "Microsoft" | |
}, | |
{ | |
"internalValue": "juniper", | |
"visibleValue": "Juniper" | |
}, | |
{ | |
"internalValue": "paloAlto", | |
"visibleValue": "Palo Alto" | |
}, | |
{ | |
"internalValue": "cisco", | |
"visibleValue": "Cisco" | |
}, | |
{ | |
"internalValue": "bro", | |
"visibleValue": "Bro" | |
}, | |
{ | |
"internalValue": "infoblox", | |
"visibleValue": "Infoblox" | |
}, | |
{ | |
"internalValue": "hp", | |
"visibleValue": "HPE" | |
}, | |
{ | |
"internalValue": "bluecoat", | |
"visibleValue": "Bluecoat" | |
}, | |
{ | |
"internalValue": "fortinet", | |
"visibleValue": "Fortinet" | |
}, | |
{ | |
"internalValue": "dnsmasq", | |
"visibleValue": "Dnsmasq" | |
}, | |
{ | |
"internalValue": "mcafee", | |
"visibleValue": "McAfee" | |
}, | |
{ | |
"internalValue": "checkpoint", | |
"visibleValue": "Checkpoint" | |
}, | |
{ | |
"internalValue": "f5", | |
"visibleValue": "F5" | |
}, | |
{ | |
"internalValue": "fireeye", | |
"visibleValue": "FireEye" | |
}, | |
{ | |
"internalValue": "soltra", | |
"visibleValue": "Soltra" | |
}, | |
{ | |
"internalValue": "bind", | |
"visibleValue": "Bind" | |
}, | |
{ | |
"internalValue": "symantec", | |
"visibleValue": "Symantec" | |
}, | |
{ | |
"internalValue": "bluecat", | |
"visibleValue": "Bluecat" | |
}, | |
{ | |
"internalValue": "box", | |
"visibleValue": "Box" | |
}, | |
{ | |
"internalValue": "beyondtrust", | |
"visibleValue": "BeyondTrust" | |
}, | |
{ | |
"internalValue": "highlander", | |
"visibleValue": "Highlander" | |
}, | |
{ | |
"internalValue": "aruba", | |
"visibleValue": "Aruba" | |
} | |
], | |
"externalName": "Vendor", | |
"fieldType": "enum", | |
"internalName": "vendor" | |
}, | |
{ | |
"enumValues": [ | |
{ | |
"internalValue": "nac", | |
"visibleValue": "NAC" | |
}, | |
{ | |
"internalValue": "connlogs", | |
"visibleValue": "Conn Logs" | |
}, | |
{ | |
"internalValue": "ftp", | |
"visibleValue": "FTP" | |
}, | |
{ | |
"internalValue": "dhcp", | |
"visibleValue": "DHCP" | |
}, | |
{ | |
"internalValue": "dns", | |
"visibleValue": "DNS" | |
}, | |
{ | |
"internalValue": "security", | |
"visibleValue": "Windows AD Security" | |
}, | |
{ | |
"internalValue": "ldap", | |
"visibleValue": "Windows AD Users and groups" | |
}, | |
{ | |
"internalValue": "vpn", | |
"visibleValue": "VPN" | |
}, | |
{ | |
"internalValue": "firewall", | |
"visibleValue": "Firewall" | |
}, | |
{ | |
"internalValue": "wildfire", | |
"visibleValue": "Wildfire" | |
}, | |
{ | |
"internalValue": "anyconnectVpn", | |
"visibleValue": "Anyconnect VPN" | |
}, | |
{ | |
"internalValue": "webProxy", | |
"visibleValue": "Web Proxy" | |
}, | |
{ | |
"internalValue": "session", | |
"visibleValue": "Session" | |
}, | |
{ | |
"internalValue": "alerts", | |
"visibleValue": "Alerts" | |
}, | |
{ | |
"internalValue": "endpoint", | |
"visibleValue": "EndPoint" | |
}, | |
{ | |
"internalValue": "asa", | |
"visibleValue": "ASA" | |
}, | |
{ | |
"internalValue": "ironport", | |
"visibleValue": "IronPort" | |
}, | |
{ | |
"internalValue": "ata", | |
"visibleValue": "ATA" | |
}, | |
{ | |
"internalValue": "threat_intel", | |
"visibleValue": "Threat Intelligence" | |
}, | |
{ | |
"internalValue": "event", | |
"visibleValue": "Event" | |
}, | |
{ | |
"internalValue": "powerbroker", | |
"visibleValue": "PowerBroker" | |
}, | |
{ | |
"internalValue": "highlander", | |
"visibleValue": "Highlander" | |
} | |
], | |
"externalName": "category", | |
"fieldType": "enum", | |
"internalName": "category" | |
}, | |
{ | |
"externalName": "Splunk Search", | |
"fieldType": "string", | |
"internalName": "splunkSearch", | |
"isOptional": true | |
}, | |
{ | |
"asciiOnly": true, | |
"externalName": "Syslog Identifier", | |
"fieldRange": "1-50", | |
"fieldType": "string", | |
"internalName": "syslogIdentifier", | |
"isOptional": true | |
}, | |
{ | |
"externalName": "Feeds", | |
"fieldType": "string", | |
"internalName": "feeds", | |
"isOptional": true | |
} | |
], | |
"section": { | |
"groupName": "Logs", | |
"id": "cfg_data_types", | |
"name": "Data Types" | |
} | |
}, | |
"navigation": { | |
"amoncollector_source_type": { | |
"label": "none", | |
"order": [ | |
"label" | |
] | |
}, | |
"aruba": { | |
"category": [ | |
"firewall", | |
"dns" | |
], | |
"dns": { | |
"amon": { | |
"new_source": { | |
"source_type": [ | |
"amoncollector" | |
] | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"amon" | |
] | |
}, | |
"firewall": { | |
"amon": { | |
"new_source": { | |
"source_type": [ | |
"amoncollector" | |
] | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"amon" | |
] | |
} | |
}, | |
"beyondtrust": { | |
"category": [ | |
"powerbroker" | |
], | |
"powerbroker": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"bind": { | |
"alerts": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "named" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"category": [ | |
"alerts" | |
] | |
}, | |
"bluecat": { | |
"category": [ | |
"dhcp" | |
], | |
"dhcp": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "dhcpd" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"bluecoat": { | |
"category": [ | |
"webProxy" | |
], | |
"webProxy": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=webproxy" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"box": { | |
"category": [ | |
"event" | |
], | |
"event": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"bro": { | |
"category": [ | |
"connlogs", | |
"ftp", | |
"dns" | |
], | |
"connlogs": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"dns": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"ftp": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"checkpoint": { | |
"category": [ | |
"firewall", | |
"vpn" | |
], | |
"firewall": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=firewall" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"vpn": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "product: Identity Awareness" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"cisco": { | |
"anyconnectVpn": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "%ASA" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"asa": { | |
"cef": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"standard", | |
"cef" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=firewall" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"category": [ | |
"anyconnectVpn", | |
"asa", | |
"ironport", | |
"vpn" | |
], | |
"ironport": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "type=email" | |
}, | |
"syslog": { | |
"syslogIdentifier": "raw" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"vpn": { | |
"acs": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "vpn acs" | |
}, | |
"syslog": { | |
"syslogIdentifier": "CSCOacs_RADIUS_Accounting" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"acs" | |
] | |
} | |
}, | |
"dnsmasq": { | |
"category": [ | |
"dhcp" | |
], | |
"dhcp": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"f5": { | |
"category": [ | |
"vpn" | |
], | |
"vpn": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=vpn" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"fireeye": { | |
"alerts": { | |
"cef_xml": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "fenotify" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"cef_xml" | |
] | |
}, | |
"category": [ | |
"alerts" | |
] | |
}, | |
"fortinet": { | |
"category": [ | |
"session", | |
"vpn" | |
], | |
"session": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=traffic subtype=forward" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"vpn": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=event subtype=vpn" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"highlander": { | |
"category": [ | |
"highlander" | |
], | |
"highlander": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"hp": { | |
"category": [ | |
"nac" | |
], | |
"nac": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"infoblox": { | |
"category": [ | |
"dhcp", | |
"dns" | |
], | |
"dhcp": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=cisco_syslog" | |
}, | |
"syslog": { | |
"syslogIdentifier": "dhcpd" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"dns": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=query" | |
}, | |
"syslog": { | |
"syslogIdentifier": "named" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"juniper": { | |
"category": [ | |
"vpn", | |
"firewall" | |
], | |
"firewall": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=firewall" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"vpn": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "type=vpn" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"ldap_source_type": { | |
"filterQuery": "(|(sAMAccountType=805306368){UPDATED})", | |
"hostName": "none", | |
"hostPort": "none", | |
"label": "none", | |
"order": [ | |
"hostName", | |
"hostPort", | |
"queryDN", | |
"filterQuery", | |
"use_ssl", | |
"userName", | |
"password", | |
"label" | |
], | |
"password": "none", | |
"queryDN": "none", | |
"use_ssl": "false", | |
"userName": "none" | |
}, | |
"mcafee": { | |
"category": [ | |
"webProxy" | |
], | |
"webProxy": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=webproxy" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"microsoft": { | |
"ata": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "index=msft-ata" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"category": [ | |
"dns", | |
"dhcp", | |
"security", | |
"ldap", | |
"ata" | |
], | |
"dhcp": { | |
"cef": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"standard", | |
"cef" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=DhcpSrvLog" | |
}, | |
"syslog": { | |
"syslogIdentifier": "Win-DHCP" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"dns": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=MSAD:NT6:DNS" | |
}, | |
"syslog": { | |
"syslogIdentifier": "Win-DNS" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"ldap": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"ldap", | |
"wmi" | |
], | |
"splunk": { | |
"splunkSearch": "none" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"security": { | |
"cef": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Microsoft-Windows-Security-Auditing" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"standard", | |
"cef", | |
"nxlog", | |
"multiline", | |
"qradar", | |
"rsa", | |
"intrust", | |
"snare" | |
], | |
"intrust": { | |
"new_source": { | |
"source_type": [ | |
"splunk" | |
], | |
"splunk": { | |
"splunkSearch": "intrust" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"multiline": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Microsoft Windows security auditing" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"nxlog": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Microsoft-Windows-Security-Auditing" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"qradar": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Microsoft-Windows-Security-Auditing" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"rsa": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Microsoft-Windows-Security-Auditing" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"snare": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Microsoft-Windows-Security-Auditing" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"wmi" | |
], | |
"splunk": { | |
"splunkSearch": "sourcetype=WinEventLog:Security" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"paloalto": { | |
"category": [ | |
"wildfire", | |
"vpn", | |
"firewall" | |
], | |
"firewall": { | |
"cef": { | |
"new_source": { | |
"source_type": [ | |
"syslog" | |
], | |
"syslog": { | |
"syslogIdentifier": "Palo Alto Networks" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
}, | |
"format": [ | |
"standard", | |
"cef" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "type=firewall" | |
}, | |
"syslog": { | |
"syslogIdentifier": "TRAFFIC" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"vpn": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "GlobalProtect" | |
}, | |
"syslog": { | |
"syslogIdentifier": "GlobalProtect" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
}, | |
"wildfire": { | |
"format": [ | |
"standard" | |
], | |
"standard": { | |
"new_source": { | |
"source_type": [ | |
"splunk", | |
"syslog" | |
], | |
"splunk": { | |
"splunkSearch": "type=wildfire" | |
}, | |
"syslog": { | |
"syslogIdentifier": "wildfire" | |
} | |
}, | |
"source": [ | |
"new_source" | |
] | |
} | |
} | |
}, | |
"splunk_source_type": { | |
"hostName": "none", | |
"hostPort": "8089", | |
"label": "none", | |
"order": [ | |
"hostName", | |
"userName", | |
"password", | |
"timeOffset", | |
"hostPort", | |
"label" | |
], | |
"password": "none", | |
"timeOffset": "60", | |
"userName": "none" | |
}, | |
"syslog_source_type": { | |
"label": "none", | |
"order": [ | |
"syslogListenTcpPort", | |
"syslogListenUdpPort", | |
"label" | |
], | |
"syslogListenTcpPort": "514", | |
"syslogListenUdpPort": "514" | |
}, | |
"vendor": [ | |
"microsoft", | |
"bro", | |
"juniper", | |
"paloAlto", | |
"cisco", | |
"hp", | |
"infoblox", | |
"bluecoat", | |
"fortinet", | |
"dnsmasq", | |
"mcafee", | |
"checkpoint", | |
"f5", | |
"fireeye", | |
"bind", | |
"bluecat", | |
"box", | |
"beyondtrust", | |
"highlander", | |
"aruba" | |
], | |
"wmi_source_type": { | |
"label": "none", | |
"order": [ | |
"userName", | |
"password", | |
"wmiIpOrHost", | |
"label" | |
], | |
"password": "none", | |
"userName": "none", | |
"wmiIpOrHost": "none" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment