Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Contoh OCSF versi 0.1
Berikut ini adalah contoh log menggunakan logging default OCSF versi 0.1.
Contoh-contoh
Akses diberikan dengan OIDC
Dalam entri log contoh ini, Akses Terverifikasi memungkinkan akses ke titik akhir dengan penyedia kepercayaan pengguna OIDC.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0 }, "duration": "0.004", "end_time": "1668580194344", "time": "1668580194344", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "user", "uid": "vatp-09bc4cbce2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "00u6wj48lbxTAEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-63748362-6408d24241120b942EXAMPLE", "logged_time": 1668580281337, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:29:54.344948Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-002fa341aeEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.24.57.68", "port": "48234" }, "start_time": "1668580194340", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Akses diberikan dengan OIDC dan JAMF
Dalam entri log contoh ini, Akses Terverifikasi memungkinkan akses ke titik akhir dengan penyedia kepercayaan perangkat OIDC dan JAMF.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0, "uid": "41b07859-4222-4f41-f3b9-97dc1EXAMPLE" }, "duration": "0.347", "end_time": "1668804944086", "time": "1668804944086", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-9778003bc2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "4f040d0f96becEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-321318ce-6100d340adf4fb29dEXAMPLE", "logged_time": 1668805278555, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-18T20:55:44.086480Z", "proxy": { "ip": "10.5.192.96", "port": 443, "svc_name": "Verified Access", "uid": "vai-3598f66575EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "192.168.20.246", "port": 61769 }, "start_time": "1668804943739", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Akses diberikan dengan OIDC dan CrowdStrike
Dalam entri log contoh ini, Akses Terverifikasi memungkinkan akses ke titik akhir dengan OIDC dan penyedia kepercayaan CrowdStrike perangkat.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.173.3", "os": { "name": "Windows 11", "type": "Windows", "type_id": 100 }, "type": "Unknown", "type_id": 0, "uid": "122978434f65093aee5dfbdc0EXAMPLE", "hw_info": { "serial_number": "751432a1-d504-fd5e-010d-5ed11EXAMPLE" } }, "duration": "0.028", "end_time": "1668816620842", "time": "1668816620842", "http_request": { "http_method": "GET", "url": { "hostname": "test.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://test.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-506d9753f6EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "23bb45b16a389EXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-c16c5a65-b641e4056cc6cb0eeEXAMPLE", "logged_time": 1668816977134, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-19T00:10:20.842295Z", "proxy": { "ip": "192.168.144.62", "port": 443, "svc_name": "Verified Access", "uid": "vai-2f80f37e64EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.14.173.3", "port": 55706 }, "start_time": "1668816620814", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Akses ditolak karena cookie hilang
Dalam entri log contoh ini, Akses Terverifikasi menolak akses karena cookie otentikasi hilang.
{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.0", "end_time": "1668593568259", "time": "1668593568259", "http_request": { "http_method": "POST", "url": { "hostname": "hello.app.example.com", "path": "/dns-query", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/dns-query" }, "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML", "version": "HTTP/2.0" }, "http_response": { "code": 302 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-5cf1c832-a565309ce20cc7dafEXAMPLE", "logged_time": 1668593776720, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T10:12:48.259762Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-108ed7a672EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.7.178.16", "port": "46246" }, "start_time": "1668593568258", "status_code": "200", "status_details": "Authentication Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }
Akses ditolak oleh kebijakan
Dalam entri log contoh ini, Akses Terverifikasi menolak permintaan yang diautentikasi karena permintaan tidak diizinkan oleh kebijakan akses.
{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.4.133.137", "type": "Unknown", "type_id": 0 }, "duration": "0.023", "end_time": "1668573630978", "time": "1668573630978", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 401 }, "identity": { "authorizations": [], "idp": { "name": "user", "uid": "vatp-e048b3e0f8EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "0e1281ad3580aEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-531a036a-09e95794c7b96aefbEXAMPLE", "logged_time": 1668573773753, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T04:40:30.978732Z", "proxy": { "ip": "3.223.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-021d5eaed2EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.4.133.137", "port": "31746" }, "start_time": "1668573630955", "status_code": "300", "status_details": "Authorization Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }
Entri log tidak dikenal
Dalam entri log contoh ini, Akses Terverifikasi tidak dapat menghasilkan entri log lengkap sehingga memancarkan entri log yang tidak dikenal. Ini memastikan bahwa setiap permintaan muncul di log akses.
{ "activity": "Unknown", "activity_id": "0", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.004", "end_time": "1668580207898", "time": "1668580207898", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-435eb955-6b5a1d529343f5adaEXAMPLE", "logged_time": 1668580579147, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:30:07.898344Z", "proxy": { "ip": "10.1.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-6c32b53b3cEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.28.57.68", "port": "47220" }, "start_time": "1668580207893", "status_code": "000", "status_details": "Unknown", "status_id": "0", "status": "Unknown", "type_uid": "20800100", "type_name": "AccessLogs: Unknown", "unmapped": null }
