Austin Songer
35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
title: Elastic Exported Fields Mapping For Okta logs
|
|
order: 20
|
|
backends:
|
|
- es-qs
|
|
- es-dsl
|
|
- es-rule
|
|
- kibana
|
|
- kibana-ndjson
|
|
- xpack-watcher
|
|
- elastalert
|
|
- elastalert-dsl
|
|
fieldmappings:
|
|
client.user.id: okta.actor.id
|
|
source.user.id: okta.actor.id
|
|
User: okta.actor.type
|
|
alternateId: okta.actor.alternate_id
|
|
client.user.full_name: okta.actor.display_name
|
|
source.user.full_name: okta.actor.display_name
|
|
related.user: okta.actor.display_name
|
|
client.ip: okta.client.ip
|
|
source.ip: okta.client.ip
|
|
user_agent.original: okta.client.user_agent.raw_user_agent
|
|
userAgent.os: okta.client.user_agent.os
|
|
userAgent.browser: okta.client.user_agent.browser
|
|
client.zone: okta.client.zone
|
|
client.device: okta.client.device
|
|
client.id: okta.client.id
|
|
event.action: okta.event_type
|
|
outcome.reason: okta.outcome.reason
|
|
event.outcome: okta.event.outcome
|
|
client.as.number: okta.security_context.as.number
|
|
client.as.organization.name: okta.security_context.as.organization.name
|
|
client.domain: okta.security_context.isp
|
|
source.domain: okta.security_context.domain
|