Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

standardize graylog schema field names #8061

Merged
merged 2 commits into from
May 7, 2020
Merged

standardize graylog schema field names #8061

merged 2 commits into from
May 7, 2020

Conversation

lingpri
Copy link
Contributor

@lingpri lingpri commented May 7, 2020
edited
Loading

standardize field names in graylog common schema, will be used in codecs to map vendor specific fields.

Description

  • add a constant field event_source_product.
  • add 2 new fields application_sso_signonmode and application_sso_target_name
  • there are 5 vendor events.action, description, severity, outcome, outcome_reason
  • there are 5 non-vendor events , severity description, threat suspected, transaction type,transaction id, user type

Pending and needs clarification

Add: Where target.type = "AppInstance":

Motivation and Context

https://github.com/Graylog2/graylog-plugin-enterprise-integrations/issues/214

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring (non-breaking change)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.

@lingpri lingpri requested a review from waab76 May 7, 2020 16:04
@lingpri lingpri self-assigned this May 7, 2020
@lingpri lingpri added this to the 3.3.0 milestone May 7, 2020
@lingpri lingpri changed the title add, modify field names standardize graylog schema field names May 7, 2020
waab76
waab76 requested changes May 7, 2020
View reviewed changes
Copy link
Contributor

@waab76 waab76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One line to remove. Otherwise this looks perfect. Thanks!

graylog2-server/src/main/java/org/graylog/schema/GraylogSchemaFields.java Outdated Show resolved Hide resolved
waab76
waab76 approved these changes May 7, 2020
View reviewed changes
Copy link
Contributor

@waab76 waab76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@waab76 waab76 merged commit 3d836e0 into master May 7, 2020
@waab76 waab76 deleted the graylog_schema branch May 7, 2020 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@waab76 waab76 waab76 approved these changes

Assignees

@lingpri lingpri

Labels
security
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lingpri @waab76