├── .github └── CODEOWNERS ├── .gitignore ├── README.md ├── encodings ├── README.md ├── ilf │ ├── README.md │ └── example_logs │ │ ├── 1_0_0_OCSF_api_activity.ilf │ │ ├── 1_0_0_OCSF_api_activity.ocsf │ │ ├── 1_0_0_OCSF_authentication.ilf │ │ ├── 1_0_0_OCSF_authentication.ocsf │ │ ├── 1_1_0_OCSF_account_change.ilf │ │ ├── 1_1_0_OCSF_account_change.ocsf │ │ ├── 1_1_0_OCSF_api_activity.ilf │ │ ├── 1_1_0_OCSF_api_activity.ocsf │ │ ├── 1_1_0_OCSF_authentication.ilf │ │ ├── 1_1_0_OCSF_authentication.ocsf │ │ ├── 1_1_0_account_change.ilf │ │ ├── 1_1_0_account_change.ocsf │ │ ├── 1_1_0_authentication.ilf │ │ ├── 1_1_0_authentication.ocsf │ │ ├── 1_1_0_generic_api_activity.ilf │ │ ├── 1_1_0_generic_api_activity.ocsf │ │ ├── 1_1_0_route53.ilf │ │ ├── 1_1_0_route53.ocsf │ │ ├── 1_1_0_vpcflow.ilf │ │ ├── 1_1_0_vpcflow.ocsf │ │ ├── 1_1_0_vpcflowlog.ilf │ │ ├── 1_1_0_vpcflowlog.ocsf │ │ ├── README.md │ │ ├── eks.ilf │ │ ├── eks.ocsf │ │ ├── inspector.ilf │ │ ├── inspector.ocsf │ │ ├── sechub-guardduty.ilf │ │ ├── sechub-guardduty.ocsf │ │ ├── sechub-pci.ilf │ │ └── sechub-pci.ocsf ├── json │ └── README.md └── protobuf │ ├── README.md │ ├── control.json │ └── proto │ ├── buf.yaml │ └── com │ └── github │ └── ocsf │ └── ocsf_schema │ └── v1 │ └── ocsf.proto ├── labs ├── ocsf-bento │ ├── .dockerignore │ ├── .gitignore │ ├── README.md │ ├── blobl_mappings │ │ ├── aws │ │ │ └── cloudtrail │ │ │ │ ├── 3_iam │ │ │ │ └── v1.2.0 │ │ │ │ │ ├── 3001_account_change.blobl │ │ │ │ │ └── 3002_authentication.blobl │ │ │ │ └── 6_application_activity │ │ │ │ └── v1.2.0 │ │ │ │ └── 6003_api_activity.blobl │ │ └── okta │ │ │ └── 3_identity_&_access_management │ │ │ └── v1.2.0 │ │ │ └── 3002_authentication.blobl │ ├── config │ │ └── bento.yml │ ├── docker-compose.yml │ └── resources │ │ ├── input_bucket.yml │ │ ├── output_bucket.yml │ │ ├── output_error_log.yml │ │ ├── parsers │ │ ├── aws_cloudtrail.yml │ │ └── okta.yml │ │ ├── pre_processor.yml │ │ ├── processor_error_log.yml │ │ └── processor_ocsf.yml └── ocsf-reference-lab │ └── README.md ├── mappings ├── README.md ├── bloblang │ ├── AWS │ │ ├── CloudTrail │ │ │ ├── AWS_CloudTrail.png │ │ │ ├── README.md │ │ │ ├── v1.0.0 │ │ │ │ ├── Account Chanage │ │ │ │ │ ├── cloudtrail_account_change.blobl │ │ │ │ │ └── samples │ │ │ │ │ │ ├── OCSF_account_change.json │ │ │ │ │ │ └── account_change.raw │ │ │ │ ├── Api Activity │ │ │ │ │ ├── cloudtrail_api_activity.blobl │ │ │ │ │ └── samples │ │ │ │ │ │ ├── OCSF_api_activity.json │ │ │ │ │ │ └── generic_api_activity.raw │ │ │ │ └── Authentication │ │ │ │ │ ├── cloudtrail_authentication.blobl │ │ │ │ │ └── samples │ │ │ │ │ ├── OCSF_authentication.json │ │ │ │ │ └── authentication.raw │ │ │ └── v1.1.0 │ │ │ │ ├── Account Chnage │ │ │ │ ├── cloudtrail_account_change.blobl │ │ │ │ └── samples │ │ │ │ │ ├── OCSF_account_change.json │ │ │ │ │ └── account_change.raw │ │ │ │ ├── Api Activity │ │ │ │ ├── cloudtrail_api_activity.blobl │ │ │ │ └── samples │ │ │ │ │ ├── OCSF_api_activity.json │ │ │ │ │ └── generic_api_activity.raw │ │ │ │ ├── Authentication │ │ │ │ ├── OCSF_authentication.json │ │ │ │ ├── authentication.raw │ │ │ │ └── cloudtrail_authentication.blobl │ │ │ │ └── cloudtrail.yml │ │ ├── eks │ │ │ └── v1.2.0 │ │ │ │ ├── eks_api_activity.blobl │ │ │ │ └── samples │ │ │ │ ├── eks.json │ │ │ │ └── ocsf_eks.json │ │ └── route53 │ │ │ ├── AWS_route53.png │ │ │ ├── readme.md │ │ │ ├── route53.yml │ │ │ ├── v1.0.0 │ │ │ ├── route53.blobl │ │ │ └── samples │ │ │ │ ├── OCSF_dns_activity.json │ │ │ │ └── route53.raw │ │ │ └── v1.1.0 │ │ │ ├── route53_dns_activity.blobl │ │ │ └── samples │ │ │ ├── OCSF_dns_activity.json │ │ │ └── route53.raw │ └── README.md ├── dataprepper │ ├── AWS │ │ └── v1.1.0 │ │ │ └── VPC Flow │ │ │ ├── pipeline.yaml │ │ │ └── samples │ │ │ ├── vpcflowlog.ocsf │ │ │ └── vpcflowlog.raw │ └── README.md └── markdown │ ├── AWS │ ├── v1.0.0-rc.2 │ │ ├── CloudTrail │ │ │ ├── API Activity │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── generic_api_activity.ocsf │ │ │ │ │ └── generic_api_activity.raw │ │ │ ├── Account Change │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── account_change.ocsf │ │ │ │ │ └── account_change.raw │ │ │ └── Authentication │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ ├── authentication.ocsf │ │ │ │ └── authentication.raw │ │ ├── Route53 │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── route53.ocsf │ │ │ │ └── route53.raw │ │ ├── Security Hub │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── Security Hub.ocsf │ │ │ │ └── Security Hub.raw │ │ └── VPC Flowlogs │ │ │ ├── README.md │ │ │ └── samples │ │ │ ├── vpcflowlog.ocsf │ │ │ └── vpcflowlog.raw │ ├── v1.1.0 │ │ ├── CloudTrail │ │ │ ├── API Activity │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── generic_api_activity.ocsf │ │ │ │ │ └── generic_api_activity.raw │ │ │ ├── Account Change │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── account_change.ocsf │ │ │ │ │ └── account_change.raw │ │ │ ├── Authentication │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── authentication.ocsf │ │ │ │ │ └── authentication.raw │ │ │ ├── README.md │ │ │ └── cloudtrail-selector.png │ │ ├── EKS Audit Logs │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── eks.ocsf │ │ │ │ └── eks.raw │ │ ├── Route53 │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── route53.ocsf │ │ │ │ └── route53.raw │ │ ├── Security Hub │ │ │ ├── Compliance Finding │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── sechub-pci.ocsf │ │ │ │ │ └── sechub-pci.raw │ │ │ ├── Detection Finding │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── sechub-guardduty.ocsf │ │ │ │ │ └── sechub-guardduty.raw │ │ │ ├── README.md │ │ │ ├── Vulnerability Finding │ │ │ │ ├── README.md │ │ │ │ └── samples │ │ │ │ │ ├── inspector.ocsf │ │ │ │ │ └── inspector.raw │ │ │ └── securityhub-selector.png │ │ ├── VPC Flowlogs │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── vpcflowlog.ocsf │ │ │ │ └── vpcflowlog.raw │ │ └── WAF │ │ │ ├── README.md │ │ │ └── Samples │ │ │ ├── waf.ocsf │ │ │ └── waf.raw │ └── v1.5.0 │ │ ├── CloudTrail │ │ ├── API Activity │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── generic_api_activity.ocsf │ │ │ │ └── generic_api_activity.raw │ │ ├── Account Change │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── account_change.ocsf │ │ │ │ └── account_change.raw │ │ ├── Authentication │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── authentication.ocsf │ │ │ │ └── authentication.raw │ │ ├── README.md │ │ └── cloudtrail-selector.png │ │ ├── EKS Audit Logs │ │ ├── README.md │ │ └── samples │ │ │ ├── eks.ocsf │ │ │ └── eks.raw │ │ ├── Route53 │ │ ├── README.md │ │ └── samples │ │ │ ├── route53.ocsf │ │ │ └── route53.raw │ │ ├── VPC Flowlogs │ │ ├── README.md │ │ └── samples │ │ │ ├── vpcflowlog.ocsf │ │ │ └── vpcflowlog.raw │ │ └── WAF │ │ ├── README.md │ │ └── Samples │ │ ├── waf.ocsf │ │ └── waf.raw │ ├── CERT-NetSA at CMU-SEI │ └── SiLK Network Flow Data │ │ ├── README.md │ │ └── samples │ │ ├── SampleOCSF_FCCX.json │ │ └── SiLK_FCCX.raw.csv │ ├── Cisco │ └── v1.3.0 │ │ └── ASA │ │ ├── 106023 │ │ ├── README.md │ │ └── samples │ │ │ ├── cisco_asa_106023.ocsf │ │ │ └── cisco_asa_106023.raw │ │ ├── 302013 │ │ ├── README.md │ │ └── samples │ │ │ ├── cisco_asa_302013.ocsf │ │ │ └── cisco_asa_302013.raw │ │ ├── 302014 │ │ ├── README.md │ │ └── samples │ │ │ ├── cisco_asa_302014.ocsf │ │ │ └── cisco_asa_302014.raw │ │ ├── 302015 │ │ ├── README.md │ │ └── samples │ │ │ ├── cisco_asa_302015.ocsf │ │ │ └── cisco_asa_302015.raw │ │ ├── 302016 │ │ ├── README.md │ │ └── samples │ │ │ ├── cisco_asa_302016.ocsf │ │ │ └── cisco_asa_302016.raw │ │ ├── 305011 │ │ ├── README.md │ │ └── samples │ │ │ ├── cisco_asa_305011.ocsf │ │ │ └── cisco_asa_305011.raw │ │ └── 305012 │ │ ├── README.md │ │ └── samples │ │ ├── cisco_asa_305012.ocsf │ │ └── cisco_asa_305012.raw │ ├── Falco │ ├── README.md │ └── samples │ │ ├── falco.ocsf │ │ └── falco.raw │ ├── GitHub │ └── v1.3.0 │ │ └── Github Audit Logs │ │ ├── API Activity │ │ ├── README.md │ │ └── samples │ │ │ ├── api_activity.ocsf │ │ │ └── api_activity.raw │ │ ├── Account Change │ │ ├── README.md │ │ └── samples │ │ │ ├── account_change.ocsf │ │ │ └── account_change.raw │ │ ├── Authentication │ │ ├── README.md │ │ └── samples │ │ │ ├── authentication.ocsf │ │ │ └── authentication.raw │ │ ├── Entity Management │ │ ├── README.md │ │ └── samples │ │ │ ├── entity_management.ocsf │ │ │ └── entity_management.raw │ │ ├── Group Management │ │ ├── README.md │ │ └── samples │ │ │ ├── group_management.ocsf │ │ │ └── group_management.raw │ │ ├── README.md │ │ └── github-audit-log-filters.png │ ├── IBM │ └── QRadar SIEM │ │ ├── README.md │ │ └── samples │ │ ├── local_destinations.raw │ │ ├── offense.ocsf │ │ ├── offense.raw │ │ ├── rule.raw │ │ └── source_address.raw │ ├── Microsoft │ ├── O365 │ │ └── Exchange │ │ │ └── messagetrace │ │ │ └── v1.4.0 │ │ │ ├── README.md │ │ │ └── samples │ │ │ ├── messagetrace_Delivered.ocsf │ │ │ ├── messagetrace_Delivered.raw │ │ │ ├── messagetrace_Expanded.ocsf │ │ │ ├── messagetrace_Expanded.raw │ │ │ ├── messagetrace_Failed.ocsf │ │ │ ├── messagetrace_Failed.raw │ │ │ ├── messagetrace_FilteredAsSpam.ocsf │ │ │ ├── messagetrace_FilteredAsSpam.raw │ │ │ ├── messagetrace_GettingStatus.ocsf │ │ │ ├── messagetrace_GettingStatus.raw │ │ │ ├── messagetrace_None.ocsf │ │ │ ├── messagetrace_None.raw │ │ │ ├── messagetrace_Pending.ocsf │ │ │ ├── messagetrace_Pending.raw │ │ │ ├── messagetrace_Quarantined.ocsf │ │ │ ├── messagetrace_Quarantined.raw │ │ │ ├── messagetrace_Resolved.ocsf │ │ │ └── messagetrace_Resolved.raw │ ├── Windows Defender │ │ ├── 1116.event │ │ ├── 1116.xml │ │ └── README.md │ └── Windows Events │ │ ├── 4624 │ │ ├── 4624_0.event │ │ ├── 4624_0.json │ │ └── README.md │ │ ├── 4625 │ │ ├── 4625_0.event │ │ ├── 4625_0.json │ │ └── README.md │ │ ├── 4661 │ │ ├── 4661.event │ │ ├── 4661.json │ │ └── README.md │ │ ├── 4663 │ │ ├── 4663_0.event │ │ ├── 4663_0.json │ │ └── README.md │ │ ├── 4673 │ │ ├── 4673_0.event │ │ ├── 4673_0.json │ │ └── README.md │ │ ├── 4688 │ │ ├── 4688_0.event │ │ ├── 4688_0.json │ │ └── README.md │ │ └── 4689 │ │ ├── 4689_0.event │ │ ├── 4689_0.json │ │ └── README.md │ ├── Okta │ └── v1.3.0 │ │ └── System Logs │ │ ├── API Activity │ │ ├── README.md │ │ └── samples │ │ │ ├── generic_api_activity.ocsf │ │ │ └── generic_api_activity.raw │ │ ├── Account Change │ │ ├── README.md │ │ └── samples │ │ │ ├── account_change.ocsf │ │ │ └── account_change.raw │ │ ├── Authentication │ │ ├── README.md │ │ └── samples │ │ │ ├── authentication.ocsf │ │ │ └── authentication.raw │ │ ├── Detection Finding │ │ ├── README.md │ │ └── samples │ │ │ ├── detection_finding.ocsf │ │ │ └── detection_finding.raw │ │ ├── Entity Management │ │ ├── README.md │ │ └── samples │ │ │ ├── entity_management.ocsf │ │ │ └── entity_management.raw │ │ ├── Group Management │ │ ├── README.md │ │ └── samples │ │ │ ├── group_management.ocsf │ │ │ └── group_management.raw │ │ ├── README.md │ │ └── okta-system-log-filters.png │ ├── Prowler │ ├── README.md │ └── samples │ │ └── prowler.ocsf │ ├── README.md │ ├── SSC │ ├── README.md │ └── samples │ │ ├── malware_infection_detected_sample.json │ │ └── malware_infection_detected_sample.parquet │ ├── Zeek │ ├── v1.3.0 │ │ ├── conn_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── conn_log.ocsf │ │ │ │ └── conn_log.raw │ │ ├── dns_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── dns_log.ocsf │ │ │ │ └── dns_log.raw │ │ ├── ftp_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── ftp_log.ocsf │ │ │ │ └── ftp_log.raw │ │ ├── http_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── http_log.ocsf │ │ │ │ └── http_log.raw │ │ ├── rdp_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── rdp_log.ocsf │ │ │ │ └── rdp_log.raw │ │ ├── smtp_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── smtp_log.ocsf │ │ │ │ └── smtp_log.raw │ │ ├── ssh_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ │ ├── ssh_log.ocsf │ │ │ │ └── ssh_log.raw │ │ └── ssl_log │ │ │ ├── README.md │ │ │ └── samples │ │ │ ├── ssl_log.ocsf │ │ │ └── ssl_log.raw │ └── v1.4.0 │ │ ├── conn_log │ │ ├── README.md │ │ └── samples │ │ │ ├── conn_log.ocsf │ │ │ └── conn_log.raw │ │ └── x509_log │ │ ├── README.md │ │ └── samples │ │ ├── x509_log.ocsf │ │ └── x509_log.raw │ └── submission_spec.md ├── raw_sample_log_dataset ├── Microsoft │ └── WinEventLog │ │ ├── Security │ │ └── xml │ │ │ └── security.evtx │ │ └── Sysmon │ │ └── xml │ │ └── sysmon.evtx ├── README.md └── Zeek │ ├── analyzer.log │ ├── conn.log │ ├── dce_rpc.log │ ├── dhcp.log │ ├── dnp3.log │ ├── dns.log │ ├── dpd.log │ ├── files.log │ ├── ftp.log │ ├── http.log │ ├── kerberos.log │ ├── modbus.log │ ├── mqtt_connect.log │ ├── mqtt_publish.log │ ├── mqtt_subscribe.log │ ├── mysql.log │ ├── ntlm.log │ ├── ntp.log │ ├── ocsp.log │ ├── packet_filter.log │ ├── pe.log │ ├── rdp.log │ ├── rfb.log │ ├── sip.log │ ├── smb_files.log │ ├── smb_mapping.log │ ├── smtp.log │ ├── snmp.log │ ├── socks.log │ ├── ssh.log │ ├── ssl.log │ ├── syslog.log │ ├── tunnel.log │ ├── weird.log │ └── x509.log └── use-cases ├── spark ├── README.md ├── data │ ├── README.md │ ├── highFailedLogin.parquet │ └── pwSpray.parquet └── images │ ├── distinctUsers.png │ ├── highLoginFailures.png │ ├── loginFailures.png │ └── pwSpray.png └── splunk ├── README.md ├── images ├── activity_bar.png ├── dns_rcode.png ├── high_error_rate.png ├── high_nx.png ├── port_pie.png └── rare_api_call.png └── queries ├── activity_bar.txt ├── dns_rcode.txt ├── high_error_rate.txt ├── high_nx.txt ├── port_pie.txt └── rare_api_call.txt /.github/CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/.github/CODEOWNERS -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/README.md -------------------------------------------------------------------------------- /encodings/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/README.md -------------------------------------------------------------------------------- /encodings/ilf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/README.md -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_0_0_OCSF_api_activity.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_0_0_OCSF_api_activity.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_0_0_OCSF_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_0_0_OCSF_api_activity.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_0_0_OCSF_authentication.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_0_0_OCSF_authentication.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_0_0_OCSF_authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_0_0_OCSF_authentication.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_OCSF_account_change.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_OCSF_account_change.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_OCSF_account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_OCSF_account_change.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_OCSF_api_activity.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_OCSF_api_activity.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_OCSF_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_OCSF_api_activity.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_OCSF_authentication.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_OCSF_authentication.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_OCSF_authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_OCSF_authentication.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_account_change.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_account_change.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_account_change.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_authentication.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_authentication.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_authentication.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_generic_api_activity.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_generic_api_activity.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_generic_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_generic_api_activity.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_route53.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_route53.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_route53.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_route53.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_vpcflow.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_vpcflow.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_vpcflow.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_vpcflow.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_vpcflowlog.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_vpcflowlog.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/1_1_0_vpcflowlog.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/1_1_0_vpcflowlog.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/README.md -------------------------------------------------------------------------------- /encodings/ilf/example_logs/eks.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/eks.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/eks.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/eks.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/inspector.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/inspector.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/inspector.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/inspector.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/sechub-guardduty.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/sechub-guardduty.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/sechub-guardduty.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/sechub-guardduty.ocsf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/sechub-pci.ilf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/sechub-pci.ilf -------------------------------------------------------------------------------- /encodings/ilf/example_logs/sechub-pci.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/ilf/example_logs/sechub-pci.ocsf -------------------------------------------------------------------------------- /encodings/json/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/json/README.md -------------------------------------------------------------------------------- /encodings/protobuf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/protobuf/README.md -------------------------------------------------------------------------------- /encodings/protobuf/control.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/protobuf/control.json -------------------------------------------------------------------------------- /encodings/protobuf/proto/buf.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/protobuf/proto/buf.yaml -------------------------------------------------------------------------------- /encodings/protobuf/proto/com/github/ocsf/ocsf_schema/v1/ocsf.proto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/encodings/protobuf/proto/com/github/ocsf/ocsf_schema/v1/ocsf.proto -------------------------------------------------------------------------------- /labs/ocsf-bento/.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/.dockerignore -------------------------------------------------------------------------------- /labs/ocsf-bento/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/.gitignore -------------------------------------------------------------------------------- /labs/ocsf-bento/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/README.md -------------------------------------------------------------------------------- /labs/ocsf-bento/blobl_mappings/aws/cloudtrail/3_iam/v1.2.0/3001_account_change.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/blobl_mappings/aws/cloudtrail/3_iam/v1.2.0/3001_account_change.blobl -------------------------------------------------------------------------------- /labs/ocsf-bento/blobl_mappings/aws/cloudtrail/3_iam/v1.2.0/3002_authentication.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/blobl_mappings/aws/cloudtrail/3_iam/v1.2.0/3002_authentication.blobl -------------------------------------------------------------------------------- /labs/ocsf-bento/blobl_mappings/aws/cloudtrail/6_application_activity/v1.2.0/6003_api_activity.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/blobl_mappings/aws/cloudtrail/6_application_activity/v1.2.0/6003_api_activity.blobl -------------------------------------------------------------------------------- /labs/ocsf-bento/blobl_mappings/okta/3_identity_&_access_management/v1.2.0/3002_authentication.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/blobl_mappings/okta/3_identity_&_access_management/v1.2.0/3002_authentication.blobl -------------------------------------------------------------------------------- /labs/ocsf-bento/config/bento.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/config/bento.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/docker-compose.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/input_bucket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/input_bucket.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/output_bucket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/output_bucket.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/output_error_log.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/output_error_log.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/parsers/aws_cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/parsers/aws_cloudtrail.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/parsers/okta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/parsers/okta.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/pre_processor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/pre_processor.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/processor_error_log.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/processor_error_log.yml -------------------------------------------------------------------------------- /labs/ocsf-bento/resources/processor_ocsf.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/labs/ocsf-bento/resources/processor_ocsf.yml -------------------------------------------------------------------------------- /labs/ocsf-reference-lab/README.md: -------------------------------------------------------------------------------- 1 | # OCSF Reference Lab 2 | -------------------------------------------------------------------------------- /mappings/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/README.md -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/AWS_CloudTrail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/AWS_CloudTrail.png -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/README.md -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Account Chanage/cloudtrail_account_change.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Account Chanage/cloudtrail_account_change.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Account Chanage/samples/OCSF_account_change.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Account Chanage/samples/OCSF_account_change.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Account Chanage/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Account Chanage/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Api Activity/cloudtrail_api_activity.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Api Activity/cloudtrail_api_activity.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Api Activity/samples/OCSF_api_activity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Api Activity/samples/OCSF_api_activity.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Api Activity/samples/generic_api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Api Activity/samples/generic_api_activity.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Authentication/cloudtrail_authentication.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Authentication/cloudtrail_authentication.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Authentication/samples/OCSF_authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Authentication/samples/OCSF_authentication.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.0.0/Authentication/samples/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.0.0/Authentication/samples/authentication.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Account Chnage/cloudtrail_account_change.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Account Chnage/cloudtrail_account_change.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Account Chnage/samples/OCSF_account_change.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Account Chnage/samples/OCSF_account_change.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Account Chnage/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Account Chnage/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Api Activity/cloudtrail_api_activity.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Api Activity/cloudtrail_api_activity.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Api Activity/samples/OCSF_api_activity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Api Activity/samples/OCSF_api_activity.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Api Activity/samples/generic_api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Api Activity/samples/generic_api_activity.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Authentication/OCSF_authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Authentication/OCSF_authentication.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Authentication/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Authentication/authentication.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/Authentication/cloudtrail_authentication.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/Authentication/cloudtrail_authentication.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/CloudTrail/v1.1.0/cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/CloudTrail/v1.1.0/cloudtrail.yml -------------------------------------------------------------------------------- /mappings/bloblang/AWS/eks/v1.2.0/eks_api_activity.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/eks/v1.2.0/eks_api_activity.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/eks/v1.2.0/samples/eks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/eks/v1.2.0/samples/eks.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/eks/v1.2.0/samples/ocsf_eks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/eks/v1.2.0/samples/ocsf_eks.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/AWS_route53.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/AWS_route53.png -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/readme.md -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/route53.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/route53.yml -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/v1.0.0/route53.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/v1.0.0/route53.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/v1.0.0/samples/OCSF_dns_activity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/v1.0.0/samples/OCSF_dns_activity.json -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/v1.0.0/samples/route53.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/v1.0.0/samples/route53.raw -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/v1.1.0/route53_dns_activity.blobl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/v1.1.0/route53_dns_activity.blobl -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/v1.1.0/samples/OCSF_dns_activity.json: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /mappings/bloblang/AWS/route53/v1.1.0/samples/route53.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/bloblang/AWS/route53/v1.1.0/samples/route53.raw -------------------------------------------------------------------------------- /mappings/bloblang/README.md: -------------------------------------------------------------------------------- 1 | # ocsf-benthos 2 | WIP Mapping files for OCSF in Bloblang 3 | -------------------------------------------------------------------------------- /mappings/dataprepper/AWS/v1.1.0/VPC Flow/pipeline.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/dataprepper/AWS/v1.1.0/VPC Flow/pipeline.yaml -------------------------------------------------------------------------------- /mappings/dataprepper/AWS/v1.1.0/VPC Flow/samples/vpcflowlog.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/dataprepper/AWS/v1.1.0/VPC Flow/samples/vpcflowlog.ocsf -------------------------------------------------------------------------------- /mappings/dataprepper/AWS/v1.1.0/VPC Flow/samples/vpcflowlog.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/dataprepper/AWS/v1.1.0/VPC Flow/samples/vpcflowlog.raw -------------------------------------------------------------------------------- /mappings/dataprepper/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/dataprepper/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/API Activity/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/API Activity/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/API Activity/samples/generic_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/API Activity/samples/generic_api_activity.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/API Activity/samples/generic_api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/API Activity/samples/generic_api_activity.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Account Change/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Account Change/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Account Change/samples/account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Account Change/samples/account_change.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Account Change/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Account Change/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Authentication/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Authentication/samples/authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Authentication/samples/authentication.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Authentication/samples/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/CloudTrail/Authentication/samples/authentication.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/Route53/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/Route53/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/Route53/samples/route53.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/Route53/samples/route53.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/Route53/samples/route53.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/Route53/samples/route53.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/Security Hub/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/Security Hub/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/Security Hub/samples/Security Hub.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/Security Hub/samples/Security Hub.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/Security Hub/samples/Security Hub.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/Security Hub/samples/Security Hub.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/VPC Flowlogs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/VPC Flowlogs/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/VPC Flowlogs/samples/vpcflowlog.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/VPC Flowlogs/samples/vpcflowlog.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.0.0-rc.2/VPC Flowlogs/samples/vpcflowlog.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.0.0-rc.2/VPC Flowlogs/samples/vpcflowlog.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/API Activity/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/API Activity/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/API Activity/samples/generic_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/API Activity/samples/generic_api_activity.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/API Activity/samples/generic_api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/API Activity/samples/generic_api_activity.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/Account Change/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/Account Change/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/Account Change/samples/account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/Account Change/samples/account_change.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/Account Change/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/Account Change/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/Authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/Authentication/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/Authentication/samples/authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/Authentication/samples/authentication.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/Authentication/samples/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/Authentication/samples/authentication.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/CloudTrail/cloudtrail-selector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/CloudTrail/cloudtrail-selector.png -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/EKS Audit Logs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/EKS Audit Logs/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/EKS Audit Logs/samples/eks.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/EKS Audit Logs/samples/eks.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/EKS Audit Logs/samples/eks.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/EKS Audit Logs/samples/eks.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Route53/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Route53/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Route53/samples/route53.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Route53/samples/route53.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Route53/samples/route53.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Route53/samples/route53.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Compliance Finding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Compliance Finding/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Compliance Finding/samples/sechub-pci.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Compliance Finding/samples/sechub-pci.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Compliance Finding/samples/sechub-pci.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Compliance Finding/samples/sechub-pci.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Detection Finding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Detection Finding/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Detection Finding/samples/sechub-guardduty.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Detection Finding/samples/sechub-guardduty.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Detection Finding/samples/sechub-guardduty.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Detection Finding/samples/sechub-guardduty.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Vulnerability Finding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Vulnerability Finding/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Vulnerability Finding/samples/inspector.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Vulnerability Finding/samples/inspector.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/Vulnerability Finding/samples/inspector.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/Vulnerability Finding/samples/inspector.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/Security Hub/securityhub-selector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/Security Hub/securityhub-selector.png -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/VPC Flowlogs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/VPC Flowlogs/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/VPC Flowlogs/samples/vpcflowlog.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/VPC Flowlogs/samples/vpcflowlog.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/VPC Flowlogs/samples/vpcflowlog.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/VPC Flowlogs/samples/vpcflowlog.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/WAF/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/WAF/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/WAF/Samples/waf.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/WAF/Samples/waf.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.1.0/WAF/Samples/waf.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.1.0/WAF/Samples/waf.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/API Activity/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/API Activity/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/API Activity/samples/generic_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/API Activity/samples/generic_api_activity.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/API Activity/samples/generic_api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/API Activity/samples/generic_api_activity.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/Account Change/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/Account Change/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/Account Change/samples/account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/Account Change/samples/account_change.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/Account Change/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/Account Change/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/Authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/Authentication/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/Authentication/samples/authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/Authentication/samples/authentication.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/Authentication/samples/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/Authentication/samples/authentication.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/CloudTrail/cloudtrail-selector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/CloudTrail/cloudtrail-selector.png -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/EKS Audit Logs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/EKS Audit Logs/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/EKS Audit Logs/samples/eks.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/EKS Audit Logs/samples/eks.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/EKS Audit Logs/samples/eks.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/EKS Audit Logs/samples/eks.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/Route53/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/Route53/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/Route53/samples/route53.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/Route53/samples/route53.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/Route53/samples/route53.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/Route53/samples/route53.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/VPC Flowlogs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/VPC Flowlogs/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/VPC Flowlogs/samples/vpcflowlog.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/VPC Flowlogs/samples/vpcflowlog.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/VPC Flowlogs/samples/vpcflowlog.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/VPC Flowlogs/samples/vpcflowlog.raw -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/WAF/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/WAF/README.md -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/WAF/Samples/waf.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/WAF/Samples/waf.ocsf -------------------------------------------------------------------------------- /mappings/markdown/AWS/v1.5.0/WAF/Samples/waf.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/AWS/v1.5.0/WAF/Samples/waf.raw -------------------------------------------------------------------------------- /mappings/markdown/CERT-NetSA at CMU-SEI/SiLK Network Flow Data/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/CERT-NetSA at CMU-SEI/SiLK Network Flow Data/README.md -------------------------------------------------------------------------------- /mappings/markdown/CERT-NetSA at CMU-SEI/SiLK Network Flow Data/samples/SampleOCSF_FCCX.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/CERT-NetSA at CMU-SEI/SiLK Network Flow Data/samples/SampleOCSF_FCCX.json -------------------------------------------------------------------------------- /mappings/markdown/CERT-NetSA at CMU-SEI/SiLK Network Flow Data/samples/SiLK_FCCX.raw.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/CERT-NetSA at CMU-SEI/SiLK Network Flow Data/samples/SiLK_FCCX.raw.csv -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/106023/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/106023/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/106023/samples/cisco_asa_106023.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/106023/samples/cisco_asa_106023.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/106023/samples/cisco_asa_106023.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/106023/samples/cisco_asa_106023.raw -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302013/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302013/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302013/samples/cisco_asa_302013.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302013/samples/cisco_asa_302013.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302013/samples/cisco_asa_302013.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302013/samples/cisco_asa_302013.raw -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302014/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302014/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302014/samples/cisco_asa_302014.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302014/samples/cisco_asa_302014.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302014/samples/cisco_asa_302014.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302014/samples/cisco_asa_302014.raw -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302015/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302015/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302015/samples/cisco_asa_302015.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302015/samples/cisco_asa_302015.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302015/samples/cisco_asa_302015.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302015/samples/cisco_asa_302015.raw -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302016/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302016/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302016/samples/cisco_asa_302016.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302016/samples/cisco_asa_302016.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/302016/samples/cisco_asa_302016.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/302016/samples/cisco_asa_302016.raw -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/305011/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/305011/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/305011/samples/cisco_asa_305011.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/305011/samples/cisco_asa_305011.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/305011/samples/cisco_asa_305011.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/305011/samples/cisco_asa_305011.raw -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/305012/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/305012/README.md -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/305012/samples/cisco_asa_305012.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/305012/samples/cisco_asa_305012.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Cisco/v1.3.0/ASA/305012/samples/cisco_asa_305012.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Cisco/v1.3.0/ASA/305012/samples/cisco_asa_305012.raw -------------------------------------------------------------------------------- /mappings/markdown/Falco/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Falco/README.md -------------------------------------------------------------------------------- /mappings/markdown/Falco/samples/falco.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Falco/samples/falco.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Falco/samples/falco.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Falco/samples/falco.raw -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/API Activity/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/API Activity/README.md -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/API Activity/samples/api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/API Activity/samples/api_activity.ocsf -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/API Activity/samples/api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/API Activity/samples/api_activity.raw -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Account Change/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Account Change/README.md -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Account Change/samples/account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Account Change/samples/account_change.ocsf -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Account Change/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Account Change/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Authentication/README.md -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Authentication/samples/authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Authentication/samples/authentication.ocsf -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Authentication/samples/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Authentication/samples/authentication.raw -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Entity Management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Entity Management/README.md -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Entity Management/samples/entity_management.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Entity Management/samples/entity_management.ocsf -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Entity Management/samples/entity_management.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Entity Management/samples/entity_management.raw -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Group Management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Group Management/README.md -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Group Management/samples/group_management.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Group Management/samples/group_management.ocsf -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Group Management/samples/group_management.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/Group Management/samples/group_management.raw -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/README.md -------------------------------------------------------------------------------- /mappings/markdown/GitHub/v1.3.0/Github Audit Logs/github-audit-log-filters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/GitHub/v1.3.0/Github Audit Logs/github-audit-log-filters.png -------------------------------------------------------------------------------- /mappings/markdown/IBM/QRadar SIEM/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/IBM/QRadar SIEM/README.md -------------------------------------------------------------------------------- /mappings/markdown/IBM/QRadar SIEM/samples/local_destinations.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/IBM/QRadar SIEM/samples/local_destinations.raw -------------------------------------------------------------------------------- /mappings/markdown/IBM/QRadar SIEM/samples/offense.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/IBM/QRadar SIEM/samples/offense.ocsf -------------------------------------------------------------------------------- /mappings/markdown/IBM/QRadar SIEM/samples/offense.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/IBM/QRadar SIEM/samples/offense.raw -------------------------------------------------------------------------------- /mappings/markdown/IBM/QRadar SIEM/samples/rule.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/IBM/QRadar SIEM/samples/rule.raw -------------------------------------------------------------------------------- /mappings/markdown/IBM/QRadar SIEM/samples/source_address.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/IBM/QRadar SIEM/samples/source_address.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Delivered.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Delivered.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Delivered.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Delivered.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Expanded.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Expanded.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Expanded.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Expanded.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Failed.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Failed.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Failed.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Failed.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_FilteredAsSpam.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_FilteredAsSpam.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_FilteredAsSpam.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_FilteredAsSpam.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_GettingStatus.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_GettingStatus.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_GettingStatus.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_GettingStatus.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_None.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_None.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_None.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_None.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Pending.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Pending.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Pending.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Pending.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Quarantined.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Quarantined.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Quarantined.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Quarantined.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Resolved.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Resolved.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Resolved.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/O365/Exchange/messagetrace/v1.4.0/samples/messagetrace_Resolved.raw -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Defender/1116.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Defender/1116.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Defender/1116.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Defender/1116.xml -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Defender/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Defender/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4624/4624_0.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4624/4624_0.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4624/4624_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4624/4624_0.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4624/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4624/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4625/4625_0.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4625/4625_0.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4625/4625_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4625/4625_0.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4625/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4625/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4661/4661.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4661/4661.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4661/4661.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4661/4661.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4661/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4661/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4663/4663_0.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4663/4663_0.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4663/4663_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4663/4663_0.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4663/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4663/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4673/4673_0.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4673/4673_0.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4673/4673_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4673/4673_0.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4673/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4673/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4688/4688_0.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4688/4688_0.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4688/4688_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4688/4688_0.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4688/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4688/README.md -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4689/4689_0.event: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4689/4689_0.event -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4689/4689_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4689/4689_0.json -------------------------------------------------------------------------------- /mappings/markdown/Microsoft/Windows Events/4689/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Microsoft/Windows Events/4689/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/API Activity/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/API Activity/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/API Activity/samples/generic_api_activity.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/API Activity/samples/generic_api_activity.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/API Activity/samples/generic_api_activity.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/API Activity/samples/generic_api_activity.raw -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Account Change/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Account Change/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Account Change/samples/account_change.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Account Change/samples/account_change.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Account Change/samples/account_change.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Account Change/samples/account_change.raw -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Authentication/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Authentication/samples/authentication.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Authentication/samples/authentication.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Authentication/samples/authentication.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Authentication/samples/authentication.raw -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Detection Finding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Detection Finding/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Detection Finding/samples/detection_finding.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Detection Finding/samples/detection_finding.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Detection Finding/samples/detection_finding.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Detection Finding/samples/detection_finding.raw -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Entity Management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Entity Management/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Entity Management/samples/entity_management.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Entity Management/samples/entity_management.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Entity Management/samples/entity_management.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Entity Management/samples/entity_management.raw -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Group Management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Group Management/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Group Management/samples/group_management.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Group Management/samples/group_management.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/Group Management/samples/group_management.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/Group Management/samples/group_management.raw -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/README.md -------------------------------------------------------------------------------- /mappings/markdown/Okta/v1.3.0/System Logs/okta-system-log-filters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Okta/v1.3.0/System Logs/okta-system-log-filters.png -------------------------------------------------------------------------------- /mappings/markdown/Prowler/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Prowler/README.md -------------------------------------------------------------------------------- /mappings/markdown/Prowler/samples/prowler.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Prowler/samples/prowler.ocsf -------------------------------------------------------------------------------- /mappings/markdown/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/README.md -------------------------------------------------------------------------------- /mappings/markdown/SSC/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/SSC/README.md -------------------------------------------------------------------------------- /mappings/markdown/SSC/samples/malware_infection_detected_sample.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/SSC/samples/malware_infection_detected_sample.json -------------------------------------------------------------------------------- /mappings/markdown/SSC/samples/malware_infection_detected_sample.parquet: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/SSC/samples/malware_infection_detected_sample.parquet -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/conn_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/conn_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/conn_log/samples/conn_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/conn_log/samples/conn_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/conn_log/samples/conn_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/conn_log/samples/conn_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/dns_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/dns_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/dns_log/samples/dns_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/dns_log/samples/dns_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/dns_log/samples/dns_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/dns_log/samples/dns_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ftp_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ftp_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ftp_log/samples/ftp_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ftp_log/samples/ftp_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ftp_log/samples/ftp_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ftp_log/samples/ftp_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/http_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/http_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/http_log/samples/http_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/http_log/samples/http_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/http_log/samples/http_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/http_log/samples/http_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/rdp_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/rdp_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/rdp_log/samples/rdp_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/rdp_log/samples/rdp_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/rdp_log/samples/rdp_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/rdp_log/samples/rdp_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/smtp_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/smtp_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/smtp_log/samples/smtp_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/smtp_log/samples/smtp_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/smtp_log/samples/smtp_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/smtp_log/samples/smtp_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ssh_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ssh_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ssh_log/samples/ssh_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ssh_log/samples/ssh_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ssh_log/samples/ssh_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ssh_log/samples/ssh_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ssl_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ssl_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ssl_log/samples/ssl_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ssl_log/samples/ssl_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.3.0/ssl_log/samples/ssl_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.3.0/ssl_log/samples/ssl_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.4.0/conn_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.4.0/conn_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.4.0/conn_log/samples/conn_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.4.0/conn_log/samples/conn_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.4.0/conn_log/samples/conn_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.4.0/conn_log/samples/conn_log.raw -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.4.0/x509_log/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.4.0/x509_log/README.md -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.4.0/x509_log/samples/x509_log.ocsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.4.0/x509_log/samples/x509_log.ocsf -------------------------------------------------------------------------------- /mappings/markdown/Zeek/v1.4.0/x509_log/samples/x509_log.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/Zeek/v1.4.0/x509_log/samples/x509_log.raw -------------------------------------------------------------------------------- /mappings/markdown/submission_spec.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/mappings/markdown/submission_spec.md -------------------------------------------------------------------------------- /raw_sample_log_dataset/Microsoft/WinEventLog/Security/xml/security.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Microsoft/WinEventLog/Security/xml/security.evtx -------------------------------------------------------------------------------- /raw_sample_log_dataset/Microsoft/WinEventLog/Sysmon/xml/sysmon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Microsoft/WinEventLog/Sysmon/xml/sysmon.evtx -------------------------------------------------------------------------------- /raw_sample_log_dataset/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/README.md -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/analyzer.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/analyzer.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/conn.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/conn.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/dce_rpc.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/dce_rpc.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/dhcp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/dhcp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/dnp3.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/dnp3.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/dns.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/dns.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/dpd.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/dpd.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/files.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/files.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/ftp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/ftp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/http.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/http.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/kerberos.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/kerberos.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/modbus.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/modbus.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/mqtt_connect.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/mqtt_connect.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/mqtt_publish.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/mqtt_publish.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/mqtt_subscribe.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/mqtt_subscribe.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/mysql.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/mysql.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/ntlm.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/ntlm.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/ntp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/ntp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/ocsp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/ocsp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/packet_filter.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/packet_filter.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/pe.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/pe.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/rdp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/rdp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/rfb.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/rfb.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/sip.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/sip.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/smb_files.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/smb_files.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/smb_mapping.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/smb_mapping.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/smtp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/smtp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/snmp.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/snmp.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/socks.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/socks.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/ssh.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/ssh.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/ssl.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/ssl.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/syslog.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/syslog.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/tunnel.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/tunnel.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/weird.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/weird.log -------------------------------------------------------------------------------- /raw_sample_log_dataset/Zeek/x509.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/raw_sample_log_dataset/Zeek/x509.log -------------------------------------------------------------------------------- /use-cases/spark/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/README.md -------------------------------------------------------------------------------- /use-cases/spark/data/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/data/README.md -------------------------------------------------------------------------------- /use-cases/spark/data/highFailedLogin.parquet: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/data/highFailedLogin.parquet -------------------------------------------------------------------------------- /use-cases/spark/data/pwSpray.parquet: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/data/pwSpray.parquet -------------------------------------------------------------------------------- /use-cases/spark/images/distinctUsers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/images/distinctUsers.png -------------------------------------------------------------------------------- /use-cases/spark/images/highLoginFailures.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/images/highLoginFailures.png -------------------------------------------------------------------------------- /use-cases/spark/images/loginFailures.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/images/loginFailures.png -------------------------------------------------------------------------------- /use-cases/spark/images/pwSpray.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/spark/images/pwSpray.png -------------------------------------------------------------------------------- /use-cases/splunk/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/README.md -------------------------------------------------------------------------------- /use-cases/splunk/images/activity_bar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/images/activity_bar.png -------------------------------------------------------------------------------- /use-cases/splunk/images/dns_rcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/images/dns_rcode.png -------------------------------------------------------------------------------- /use-cases/splunk/images/high_error_rate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/images/high_error_rate.png -------------------------------------------------------------------------------- /use-cases/splunk/images/high_nx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/images/high_nx.png -------------------------------------------------------------------------------- /use-cases/splunk/images/port_pie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/images/port_pie.png -------------------------------------------------------------------------------- /use-cases/splunk/images/rare_api_call.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/images/rare_api_call.png -------------------------------------------------------------------------------- /use-cases/splunk/queries/activity_bar.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/queries/activity_bar.txt -------------------------------------------------------------------------------- /use-cases/splunk/queries/dns_rcode.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/queries/dns_rcode.txt -------------------------------------------------------------------------------- /use-cases/splunk/queries/high_error_rate.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/queries/high_error_rate.txt -------------------------------------------------------------------------------- /use-cases/splunk/queries/high_nx.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/queries/high_nx.txt -------------------------------------------------------------------------------- /use-cases/splunk/queries/port_pie.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/queries/port_pie.txt -------------------------------------------------------------------------------- /use-cases/splunk/queries/rare_api_call.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ocsf/examples/HEAD/use-cases/splunk/queries/rare_api_call.txt --------------------------------------------------------------------------------