Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Esempi della versione 0.1 di OCSF
Di seguito sono riportati alcuni log di esempio che utilizzano la versione di registrazione predefinita OCSF 0.1.
Esempi
Accesso concesso con OIDC
In questo esempio di registrazione, Verified Access consente l'accesso a un endpoint con un provider di fiducia per utenti OIDC.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0 }, "duration": "0.004", "end_time": "1668580194344", "time": "1668580194344", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "user", "uid": "vatp-09bc4cbce2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "00u6wj48lbxTAEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-63748362-6408d24241120b942EXAMPLE", "logged_time": 1668580281337, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:29:54.344948Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-002fa341aeEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.24.57.68", "port": "48234" }, "start_time": "1668580194340", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Accesso concesso con OIDC e JAMF
In questo esempio di registrazione, Verified Access consente l'accesso a un endpoint con provider affidabili di dispositivi OIDC e JAMF.
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0, "uid": "41b07859-4222-4f41-f3b9-97dc1EXAMPLE" }, "duration": "0.347", "end_time": "1668804944086", "time": "1668804944086", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-9778003bc2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "4f040d0f96becEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-321318ce-6100d340adf4fb29dEXAMPLE", "logged_time": 1668805278555, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-18T20:55:44.086480Z", "proxy": { "ip": "10.5.192.96", "port": 443, "svc_name": "Verified Access", "uid": "vai-3598f66575EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "192.168.20.246", "port": 61769 }, "start_time": "1668804943739", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Accesso concesso con OIDC e CrowdStrike
In questo esempio di registrazione, Verified Access consente l'accesso a un endpoint con OIDC e Device Trust Provider. CrowdStrike
{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.173.3", "os": { "name": "Windows 11", "type": "Windows", "type_id": 100 }, "type": "Unknown", "type_id": 0, "uid": "122978434f65093aee5dfbdc0EXAMPLE", "hw_info": { "serial_number": "751432a1-d504-fd5e-010d-5ed11EXAMPLE" } }, "duration": "0.028", "end_time": "1668816620842", "time": "1668816620842", "http_request": { "http_method": "GET", "url": { "hostname": "test.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://test.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-506d9753f6EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "23bb45b16a389EXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-c16c5a65-b641e4056cc6cb0eeEXAMPLE", "logged_time": 1668816977134, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-19T00:10:20.842295Z", "proxy": { "ip": "192.168.144.62", "port": 443, "svc_name": "Verified Access", "uid": "vai-2f80f37e64EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.14.173.3", "port": 55706 }, "start_time": "1668816620814", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }
Accesso negato a causa di un cookie mancante
In questo esempio di registrazione, Verified Access nega l'accesso a causa della mancanza di un cookie di autenticazione.
{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.0", "end_time": "1668593568259", "time": "1668593568259", "http_request": { "http_method": "POST", "url": { "hostname": "hello.app.example.com", "path": "/dns-query", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/dns-query" }, "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML", "version": "HTTP/2.0" }, "http_response": { "code": 302 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-5cf1c832-a565309ce20cc7dafEXAMPLE", "logged_time": 1668593776720, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T10:12:48.259762Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-108ed7a672EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.7.178.16", "port": "46246" }, "start_time": "1668593568258", "status_code": "200", "status_details": "Authentication Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }
Accesso negato dalla policy
In questa voce di registro di esempio, Verified Access nega una richiesta autenticata perché la richiesta non è consentita dalle politiche di accesso.
{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.4.133.137", "type": "Unknown", "type_id": 0 }, "duration": "0.023", "end_time": "1668573630978", "time": "1668573630978", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 401 }, "identity": { "authorizations": [], "idp": { "name": "user", "uid": "vatp-e048b3e0f8EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "0e1281ad3580aEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-531a036a-09e95794c7b96aefbEXAMPLE", "logged_time": 1668573773753, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T04:40:30.978732Z", "proxy": { "ip": "3.223.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-021d5eaed2EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.4.133.137", "port": "31746" }, "start_time": "1668573630955", "status_code": "300", "status_details": "Authorization Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }
Voce di registro sconosciuta
In questa voce di registro di esempio, Verified Access non può generare una voce di registro completa, quindi emette una voce di registro sconosciuta. Ciò garantisce che ogni richiesta venga visualizzata nel registro degli accessi.
{ "activity": "Unknown", "activity_id": "0", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.004", "end_time": "1668580207898", "time": "1668580207898", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-435eb955-6b5a1d529343f5adaEXAMPLE", "logged_time": 1668580579147, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:30:07.898344Z", "proxy": { "ip": "10.1.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-6c32b53b3cEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.28.57.68", "port": "47220" }, "start_time": "1668580207893", "status_code": "000", "status_details": "Unknown", "status_id": "0", "status": "Unknown", "type_uid": "20800100", "type_name": "AccessLogs: Unknown", "unmapped": null }
