security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Update ecs-okta.yml

Browse Source
This commit is contained in:
Austin Songer
2021-09-13 22:29:19 -05:00
committed by GitHub
parent 1895906580
commit 2a52cef62e
1 changed files with 0 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/config/ecs-okta.yml
-35
View File
@@ -28,42 +28,7 @@ fieldmappings:
event.action: okta.event_type
outcome.reason: okta.outcome.reason
event.outcome: okta.event.outcome
: okta.transaction.id
: okta.transaction.type
: okta.debug_context.debug_data.device_fingerprint
: okta.debug_context.debug_data.request_id
: okta.debug_context.debug_data.request_uri
: okta.debug_context.debug_data.threat_suspected
: okta.debug_context.debug_data.url
: okta.debug_context.debug_data.suspicious_activity.browser
: okta.debug_context.debug_data.suspicious_activity.event_city
: okta.debug_context.debug_data.suspicious_activity.event_country
: okta.debug_context.debug_data.suspicious_activity.event_id
: okta.debug_context.debug_data.suspicious_activity.event_ip
: okta.debug_context.debug_data.suspicious_activity.event_latitude
: okta.debug_context.debug_data.suspicious_activity.event_longitude
: okta.debug_context.debug_data.suspicious_activity.event_state
: okta.debug_context.debug_data.suspicious_activity.event_transaction_id
: okta.debug_context.debug_data.suspicious_activity.event_type
: okta.debug_context.debug_data.suspicious_activity.os
: okta.debug_context.debug_data.suspicious_activity.timestamp
: okta.authentication_context.authentication_provider
: okta.authentication_context.authentication_step
: okta.authentication_context.credential_provider
: okta.authentication_context.credential_type
: okta.authentication_context.issuer
: okta.authentication_context.external_session_id
: okta.authentication_context.interface
client.as.number: okta.security_context.as.number
client.as.organization.name: okta.security_context.as.organization.name
client.domain: okta.security_context.isp
source.domain: okta.security_context.domain
: okta.security_context.is_proxy
: okta.request.ip_chain.ip
: okta.request.ip_chain.version
: okta.request.ip_chain.source
: okta.request.ip_chain.geographical_context.city
: okta.request.ip_chain.geographical_context.state
: okta.request.ip_chain.geographical_context.postal_code
: okta.request.ip_chain.geographical_context.country
: okta.request.ip_chain.geographical_context.geolocation