diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 1829902..16b72f4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -8,25 +8,10 @@ assignees: bud1979 --- **Describe the bug** -A clear and concise description of what the bug is. + -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. +**Optional: Suggested outcome** + **Graylog Version (please complete the following information):** -- Graylog Version: -- Elastic Version: -- Mongo Version: -- Illuminate Version: -- OS: - - Browser: +- Schema version: diff --git a/source/schema/entities/alerts_derived.csv b/source/schema/entities/alerts_derived.csv index 071853e..4740ddb 100644 --- a/source/schema/entities/alerts_derived.csv +++ b/source/schema/entities/alerts_derived.csv @@ -1,3 +1,3 @@ "Field Name", "Example Values", "Field Type", "Notes" "alert_severity", "critical, high, medium, low, informational", "keyword", "Severity of Alert" -"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical" \ No newline at end of file +"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical" diff --git a/source/schema/entities/destination_derived.csv b/source/schema/entities/destination_derived.csv index 362807b..79bfa0a 100644 --- a/source/schema/entities/destination_derived.csv +++ b/source/schema/entities/destination_derived.csv @@ -6,4 +6,4 @@ "destination_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" "destination_priority","critical, high, medium, low","keyword","Future: from entity mapping" "destination_priority_level","1-4","byte","Numeric value representing the priority of the destination device, 1 = low, 2 = medium, 3 = high, 4 = critical" -"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, desination_mac" \ No newline at end of file +"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, destination_mac" diff --git a/source/schema/entities/event_derived.csv b/source/schema/entities/event_derived.csv index 9fd5f4a..416b9f4 100644 --- a/source/schema/entities/event_derived.csv +++ b/source/schema/entities/event_derived.csv @@ -1,4 +1,4 @@ "Field Name", "Example Values", "Field Type", "Notes" "event_outcome","success, failure","keyword","The outcome (success/failure) of the action described by event_action." "event_severity","critical, high, medium, low, informational","keyword","This will be added by Illuminate Core if only the event_severity_level is defined. This can be mapped from vendor severity levels that do not use the same severity definitions." -"event_severity_level","1-5","byte","Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical. This will be added by Illuminate core when only event_severity is defined." \ No newline at end of file +"event_severity_level","1-5","byte","Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical. This will be added by Illuminate core when only event_severity is defined." diff --git a/source/schema/entities/source_derived.csv b/source/schema/entities/source_derived.csv index fd5cbb2..e4a8f6c 100644 --- a/source/schema/entities/source_derived.csv +++ b/source/schema/entities/source_derived.csv @@ -6,4 +6,4 @@ "source_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" "source_priority","critical, high, medium, low","keyword","Future: from entity mapping" "source_priority_level","1-4","byte","Numeric value representing the priority of the source device, 1 = low, 2 = medium, 3 = high, 4 = critical" -"source_reference","IPv4,IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: source_ip, source_hostname, source_vm_name, source_mac" \ No newline at end of file +"source_reference","IPv4,IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: source_ip, source_hostname, source_vm_name, source_mac" diff --git a/source/schema/entities/user_derived.csv b/source/schema/entities/user_derived.csv index c1f44d9..ef9b57e 100644 --- a/source/schema/entities/user_derived.csv +++ b/source/schema/entities/user_derived.csv @@ -3,4 +3,4 @@ "user_name_mapped","Built in\Administrators","keyword (normalized:loweronly)","When a user identity or identities is mapped from a source outside of the message itself it is written to this field. This is where Windows well-known SIDs are resolved." "user_priority","critical, high, medium, low","keyword","Future: From entity mapping" "user_priority_level","1-4","byte","Numeric value representing the priority of the user account, 1 = low, 2 = medium, 3 = high, 4 = critical" -"user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”" \ No newline at end of file +"user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”" diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv new file mode 100644 index 0000000..4b73f79 --- /dev/null +++ b/source/schema/entities/wifi.csv @@ -0,0 +1,21 @@ +"Field Name", "Example Values", "Field Type", "Notes" +"wifi_ssid","Guest_Access","keyword","The name of the broadcasted network." +"wifi_frequency","2416","long","The f0 frequency for the selected band or channel frequency." +"wifi_frequency_unit","MHz","keyword","The f0 frequency unit for the selected band or channel frequency." +"wifi_channel","3","long","WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data." +"wifi_band","2.4 GHz","keyword","The 802.11 standard provides several bands for WiFi use like 900 MHz, 2.4GHz, 5 GHz and others." +"wifi_encryption","WPA","keyword","The selected encyption method, some other options are WEP, WPA2 or WPA3." +"wifi_phy_mode","g","keyword","Sometimes called phy_type, other options range from 802.11 to 802.11be (WiFi 7)." +"wifi_signal_strength","-57","long","Some vendors use the field name rssi in dbm." +"wifi_signal_strength_unit","dbm","keyword","The unit for signal strength, some options are dBμV/m or dBm." +"wifi_signal_to_noise","48","long","The signal to noise ratio." +"wifi_signal_to_noise_unit","db","keyword","The unit for signal to noise ratio." +"wifi_signal_to_noise_level","-90","long","The signal to noise level." +"wifi_signal_to_noise_level_unit","dbm","keyword","The unit for signal to noise ratio level." +"wifi_data_rate","400","long","The used data rate." +"wifi_data_rate_unit","Mbps","keyword","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." +"wifi_frame_type_value","0","keyword","Sometimes called fc_type." +"wifi_frame_type_description","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." +"wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." +"wifi_frame_subtype_description","beacon","keyword","The description of a code, e.g. 1000 is for beacon." +"wifi_virtual_access_point","My_access_point","keyword","Virtual access point name." diff --git a/source/schema/entities/wifi.rst b/source/schema/entities/wifi.rst new file mode 100644 index 0000000..bc35056 --- /dev/null +++ b/source/schema/entities/wifi.rst @@ -0,0 +1,11 @@ +WiFi Fields +============ + + - For messages that are related to wireless connections. + + +.. csv-table:: WiFi Fields + :file: wifi.csv + :widths: 10, 15, 10, 65 + :header-rows: 1 + :delim: ,