Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
OCSFejemplos de registro de la versión 0.1 para Verified Access
A continuación se muestran ejemplos de registros que utilizan la OCSF versión 0.1 de registro predeterminada.
Ejemplos
El acceso se concede con OIDC
En este ejemplo de entrada de registro, el acceso verificado permite el acceso a un punto final con un proveedor OIDC de confianza para el usuario.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0 }, "duration": "0.004", "end_time": "1668580194344", "time": "1668580194344", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "user", "uid": "vatp-09bc4cbce2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "00u6wj48lbxTAEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-63748362-6408d24241120b942EXAMPLE", "logged_time": 1668580281337, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:29:54.344948Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-002fa341aeEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.24.57.68", "port": "48234" }, "start_time": "1668580194340", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
El acceso se concede con OIDC y JAMF
En este ejemplo de entrada de registro, el acceso verificado permite el acceso a un punto final tanto OIDC con proveedores de confianza como con proveedores de confianza JAMF del dispositivo.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0, "uid": "41b07859-4222-4f41-f3b9-97dc1EXAMPLE" }, "duration": "0.347", "end_time": "1668804944086", "time": "1668804944086", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-9778003bc2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "4f040d0f96becEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-321318ce-6100d340adf4fb29dEXAMPLE", "logged_time": 1668805278555, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-18T20:55:44.086480Z", "proxy": { "ip": "10.5.192.96", "port": 443, "svc_name": "Verified Access", "uid": "vai-3598f66575EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "192.168.20.246", "port": 61769 }, "start_time": "1668804943739", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
El acceso se concede con OIDC y CrowdStrike
En este ejemplo de entrada de registro, el acceso verificado permite el acceso a un punto final tanto OIDC con proveedores de confianza como con proveedores de confianza CrowdStrike del dispositivo.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.173.3", "os": { "name": "Windows 11", "type": "Windows", "type_id": 100 }, "type": "Unknown", "type_id": 0, "uid": "122978434f65093aee5dfbdc0EXAMPLE", "hw_info": { "serial_number": "751432a1-d504-fd5e-010d-5ed11EXAMPLE" } }, "duration": "0.028", "end_time": "1668816620842", "time": "1668816620842", "http_request": { "http_method": "GET", "url": { "hostname": "test.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://test.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-506d9753f6EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "23bb45b16a389EXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-c16c5a65-b641e4056cc6cb0eeEXAMPLE", "logged_time": 1668816977134, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-19T00:10:20.842295Z", "proxy": { "ip": "192.168.144.62", "port": 443, "svc_name": "Verified Access", "uid": "vai-2f80f37e64EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.14.173.3", "port": 55706 }, "start_time": "1668816620814", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Acceso denegado debido a la falta de una cookie
En este ejemplo de entrada de registro, Acceso verificado deniega el acceso porque falta una cookie de autenticación.
{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.0", "end_time": "1668593568259", "time": "1668593568259", "http_request": { "http_method": "POST", "url": { "hostname": "hello.app.example.com", "path": "/dns-query", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/dns-query" }, "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML", "version": "HTTP/2.0" }, "http_response": { "code": 302 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-5cf1c832-a565309ce20cc7dafEXAMPLE", "logged_time": 1668593776720, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T10:12:48.259762Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-108ed7a672EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.7.178.16", "port": "46246" }, "start_time": "1668593568258", "status_code": "200", "status_details": "Authentication Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }
Acceso denegado por política
En este ejemplo de entrada de registro, Acceso verificado deniega una solicitud autenticada porque las políticas de acceso no la permiten.
{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.4.133.137", "type": "Unknown", "type_id": 0 }, "duration": "0.023", "end_time": "1668573630978", "time": "1668573630978", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 401 }, "identity": { "authorizations": [], "idp": { "name": "user", "uid": "vatp-e048b3e0f8EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "0e1281ad3580aEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-531a036a-09e95794c7b96aefbEXAMPLE", "logged_time": 1668573773753, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T04:40:30.978732Z", "proxy": { "ip": "3.223.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-021d5eaed2EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.4.133.137", "port": "31746" }, "start_time": "1668573630955", "status_code": "300", "status_details": "Authorization Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }
Entrada de registro desconocida
En este ejemplo de entrada de registro, Acceso verificado no puede generar una entrada de registro completa, por lo que emite una entrada de registro desconocida. Esto garantiza que todas las solicitudes aparezcan en el registro de acceso.
{ "activity": "Unknown", "activity_id": "0", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.004", "end_time": "1668580207898", "time": "1668580207898", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-435eb955-6b5a1d529343f5adaEXAMPLE", "logged_time": 1668580579147, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:30:07.898344Z", "proxy": { "ip": "10.1.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-6c32b53b3cEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.28.57.68", "port": "47220" }, "start_time": "1668580207893", "status_code": "000", "status_details": "Unknown", "status_id": "0", "status": "Unknown", "type_uid": "20800100", "type_name": "AccessLogs: Unknown", "unmapped": null }
