Skip to content

Commit e81d943

Browse files
v-atulyadavv-atulyadav
authored
Merge pull request #12295 from Azure/v-pmalreddy-cdn
Google Cloud Platform CDN CCF Connector - Standard Table
2 parents 80f88f0 + 92742e6 commit e81d943

File tree

15 files changed

+31
-1276
lines changed

15 files changed

+31
-1276
lines changed

Solutions/GoogleCloudPlatformCDN/Data Connectors/GCPCDNLogs_ccp/GCPCDNLogs_ConnectorDefinition.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,10 @@
77
"properties": {
88
"connectorUiConfig": {
99
"id": "GCPCDNLogsCCPDefinition",
10-
"title": "Google Cloud Platform CDN",
10+
"title": "Google Cloud Platform CDN (via Codeless Connector Framework) (Preview)",
1111
"publisher": "Microsoft",
1212
"descriptionMarkdown": "The Google Cloud Platform CDN data connector provides the capability to ingest Cloud CDN Audit logs and Cloud CDN Traffic logs into Microsoft Sentinel using the Compute Engine API. Refer the [Product overview](https://cloud.google.com/cdn/docs/overview) document for more details.",
13-
"graphQueriesTableName": "GCP_CDNV2_CL",
13+
"graphQueriesTableName": "GCPCDN",
1414
"graphQueries": [
1515
{
1616
"metricName": "Total events received",

Solutions/GoogleCloudPlatformCDN/Data Connectors/GCPCDNLogs_ccp/GCPCDNLogs_DCR.json

Lines changed: 2 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -6,68 +6,6 @@
66
"location": "{{location}}",
77
"properties": {
88
"dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
9-
"streamDeclarations": {
10-
"Custom-GCPCDN": {
11-
"columns": [
12-
{
13-
"name": "insertId",
14-
"type": "string"
15-
},
16-
{
17-
"name": "logName",
18-
"type": "string"
19-
},
20-
{
21-
"name": "protoPayload",
22-
"type": "dynamic"
23-
},
24-
{
25-
"name": "resource",
26-
"type": "dynamic"
27-
},
28-
{
29-
"name": "severity",
30-
"type": "string"
31-
},
32-
{
33-
"name": "timestamp",
34-
"type": "datetime"
35-
},
36-
{
37-
"name": "jsonPayload",
38-
"type": "dynamic"
39-
},
40-
{
41-
"name": "labels",
42-
"type": "dynamic"
43-
},
44-
{
45-
"name": "receiveTimestamp",
46-
"type": "datetime"
47-
},
48-
{
49-
"name": "operation",
50-
"type": "dynamic"
51-
},
52-
{
53-
"name": "spanId",
54-
"type": "string"
55-
},
56-
{
57-
"name": "trace",
58-
"type": "string"
59-
},
60-
{
61-
"name": "httpRequest",
62-
"type": "dynamic"
63-
},
64-
{
65-
"name": "TimeGenerated",
66-
"type": "datetime"
67-
}
68-
]
69-
}
70-
},
719
"destinations": {
7210
"logAnalytics": [
7311
{
@@ -79,13 +17,11 @@
7917
"dataFlows": [
8018
{
8119
"streams": [
82-
"Custom-GCPCDN"
20+
"Microsoft-GCPCDN"
8321
],
8422
"destinations": [
8523
"clv2ws1"
86-
],
87-
"transformKql": "source | extend ProtoPayload = parse_json(protoPayload) | extend JsonPayload = parse_json(jsonPayload) | extend Operation = parse_json(operation) | extend Labels = parse_json(labels) | extend Resource = parse_json(resource) | extend HttpRequest = parse_json(httpRequest) | extend TimeGenerated = now(), InsertID = insertId, Timestamp = timestamp, Severity = severity, LogName = logName, ReceiveTimestamp = receiveTimestamp, SpanID = spanId, Trace = trace, LabelsAPIRootTriggerID = tostring(Labels['compute.googleapis.com/root_trigger_id']), ResourceType = tostring(Resource['type']), ResourceLabelsBackendServiceID = tostring(Resource['labels']['backend_service_id']), ResourceLabelsBackendBucketID = tostring(Resource['labels']['backend_bucket_id']), ResourceLabelsProjectID = tostring(Resource['labels']['project_id']), ResourceLabelsLocation = tostring(Resource['labels']['location']), PayloadType = tostring(ProtoPayload['@type']), MethodName = tostring(ProtoPayload['methodName']), NumResponseItems = tostring(ProtoPayload['numResponseItems']), ResourceName = tostring(ProtoPayload['resourceName']), ServiceName = tostring(ProtoPayload['serviceName']), AuthenticationInfoPrincipalEmail = tostring(ProtoPayload['authenticationInfo']['principalEmail']), AuthorizationInfo = tostring(ProtoPayload['authorizationInfo']), RequestType = tostring(ProtoPayload['request']['@type']), RequestKeyName = tostring(ProtoPayload['request']['keyName']), RequestGroup = tostring(ProtoPayload['request']['group']), RequestSecurityPolicy = tostring(ProtoPayload['request']['securityPolicy']), RequestCompressionMode = tostring(ProtoPayload['request']['compressionMode']), RequestDescription = tostring(ProtoPayload['request']['description']), RequestEnableCDN = tobool(ProtoPayload['request']['enableCDN']), RequestIPAddressSelectionPolicy = tostring(ProtoPayload['request']['ipAddressSelectionPolicy']), RequestLoadBalancingScheme = tostring(ProtoPayload['request']['loadBalancingScheme']), RequestLocalityLbPolicy = tostring(ProtoPayload['request']['localityLbPolicy']), RequestName = tostring(ProtoPayload['request']['name']), RequestPortName = tostring(ProtoPayload['request']['portName']), RequestProtocol = tostring(ProtoPayload['request']['protocol']), RequestSessionAffinity = tostring(ProtoPayload['request']['sessionAffinity']), RequestTimeoutSec = tostring(ProtoPayload['request']['timeoutSec']), RequestBackends = tostring(ProtoPayload['request']['backends']), RequestCDNPolicySignedUrlCacheMaxAgeSec = tostring(ProtoPayload['request']['cdnPolicy']['signedUrlCacheMaxAgeSec']), RequestFingerprint = tostring(ProtoPayload['request']['fingerprint']), RequestCDNPolicyCacheMode = tostring(ProtoPayload['request']['cdnPolicy']['cacheMode']), RequestCDNPolicyClientTtl = tostring(ProtoPayload['request']['cdnPolicy']['clientTtl']), RequestCDNPolicyDefaultTtl = tostring(ProtoPayload['request']['cdnPolicy']['defaultTtl']), RequestCDNPolicyMaxTtl = tostring(ProtoPayload['request']['cdnPolicy']['maxTtl']), RequestCDNPolicyNegativeCaching = tobool(ProtoPayload['request']['cdnPolicy']['negativeCaching']), RequestCDNPolicyServeWhileStale = tostring(ProtoPayload['request']['cdnPolicy']['serveWhileStale']), RequestCDNPolicyCacheKeyPolicyIncludeHost = tobool(ProtoPayload['request']['cdnPolicy']['cacheKeyPolicy']['includeHost']), RequestCDNPolicyCacheKeyPolicyIncludeProtocol = tobool(ProtoPayload['request']['cdnPolicy']['cacheKeyPolicy']['includeProtocol']), RequestCDNPolicyCacheKeyPolicyIncludeQueryString = tobool(ProtoPayload['request']['cdnPolicy']['cacheKeyPolicy']['includeQueryString']), RequestConnectionDrainingTimeoutSec = tostring(ProtoPayload['request']['connectionDraining']['drainingTimeoutSec']), RequestHealthChecks = tostring(ProtoPayload['request']['healthChecks']), RequestLogConfigEnable = tobool(ProtoPayload['request']['logConfig']['enable']), RequestLogConfigSampleRate = tostring(ProtoPayload['request']['logConfig']['sampleRate']), RequestMetadataCallerIP = tostring(ProtoPayload['requestMetadata']['callerIp']), RequestMetadataCallerSuppliedUserAgent = tostring(ProtoPayload['requestMetadata']['callerSuppliedUserAgent']), RequestMetadataDestinationAttributes = tostring(ProtoPayload['requestMetadata']['destinationAttributes']), RequestMetadataRequestAttributesAuth = tostring(ProtoPayload['requestMetadata']['requestAttributes']['auth']), RequestMetadataRequestAttributesTime = todatetime(ProtoPayload['requestMetadata']['requestAttributes']['time']), RequestMetadataRequestAttributesReason = tostring(ProtoPayload['requestMetadata']['requestAttributes']['reason']), ResourceLocationCurrentLocations = tostring(ProtoPayload['resourceLocation']['currentLocations']), ResponseType = tostring(ProtoPayload['response']['@type']), ResponseID = tostring(ProtoPayload['response']['id']), ResponseInsertTime = todatetime(ProtoPayload['response']['insertTime']), ResponseName = tostring(ProtoPayload['response']['name']), ResponseOperationType = tostring(ProtoPayload['response']['operationType']), ResponseProgress = tostring(ProtoPayload['response']['progress']), ResponseSelfLink = tostring(ProtoPayload['response']['selfLink']), ResponseSelfLinkWithID = tostring(ProtoPayload['response']['selfLinkWithId']), ResponseStartTime = todatetime(ProtoPayload['response']['startTime']), ResponseStatus = tostring(ProtoPayload['response']['status']), ResponseTargetID = tostring(ProtoPayload['response']['targetId']), ResponseTargetLink = tostring(ProtoPayload['response']['targetLink']), ResponseUser = tostring(ProtoPayload['response']['user']), OperationFirst = tobool(Operation['first']), OperationLast = tobool(Operation['last']), OperationID = tostring(Operation['id']), OperationProducer = tostring(Operation['producer']), HttpRequestCacheLookup = tobool(HttpRequest['cacheLookup']), HttpRequestLatency = tostring(HttpRequest['latency']), HttpRequestRemoteIP = tostring(HttpRequest['remoteIp']), HttpRequestRequestMethod = tostring(HttpRequest['requestMethod']), HttpRequestRequestSize = tostring(HttpRequest['requestSize']), HttpRequestRequestUrl = tostring(HttpRequest['requestUrl']), HttpRequestResponseSize = tostring(HttpRequest['responseSize']), HttpRequestCacheFillBytes = tostring(HttpRequest['cacheFillBytes']), HttpRequestCacheHit = tobool(HttpRequest['cacheHit']), HttpRequestServerIP = tostring(HttpRequest['serverIp']), HttpRequestStatus = todouble(HttpRequest['status']), HttpRequestUserAgent = tostring(HttpRequest['userAgent']), JsonPayloadType = tostring(JsonPayload['@type']), BackendTargetProjectNumber = tostring(JsonPayload['backendTargetProjectNumber']), CacheDecision = tostring(JsonPayload['cacheDecision']), CacheID = tostring(JsonPayload['cacheId']), RemoteIP = tostring(JsonPayload['remoteIp']), StatusDetails = tostring(JsonPayload['statusDetails']), EnforcedEdgeSecurityPolicyConfiguredAction = tostring(JsonPayload['enforcedEdgeSecurityPolicy']['configuredAction']), EnforcedEdgeSecurityPolicyName = tostring(JsonPayload['enforcedEdgeSecurityPolicy']['name']), EnforcedEdgeSecurityPolicyOutcome = tostring(JsonPayload['enforcedEdgeSecurityPolicy']['outcome']), EnforcedEdgeSecurityPolicyPriority = tostring(JsonPayload['enforcedEdgeSecurityPolicy']['priority']), OverrideResponseCode = todouble(JsonPayload['overrideResponseCode']), ErrorService = tostring(JsonPayload['errorService']), ErrorBackendStatusDetails = tostring(JsonPayload['errorBackendStatusDetails']), AuthzPolicyInfoPolicies = tostring(JsonPayload['authzPolicyInfo']['policies']), AuthzPolicyInfoResult = tostring(JsonPayload['authzPolicyInfo']['result']), LoadBalancingScheme = tostring(JsonPayload['loadBalancingScheme']), ResourceLabelsBackendServiceName = tostring(Resource['labels']['backend_service_name']), ResourceLabelsForwardingRuleName = tostring(Resource['labels']['forwarding_rule_name']), ResourceLabelsTargetProxyName = tostring(Resource['labels']['target_proxy_name']), ResourceLabelsUrlMapName = tostring(Resource['labels']['url_map_name']), ResourceLabelsZone = tostring(Resource['labels']['zone']) | project-away protoPayload, resource, jsonPayload, labels, operation, httpRequest",
88-
"outputStream": "Custom-GCP_CDNV2_CL"
24+
]
8925
}
9026
]
9127
}

Solutions/GoogleCloudPlatformCDN/Data Connectors/GCPCDNLogs_ccp/GCPCDNLogs_PollingConfig.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@
77
"location": "{{location}}",
88
"properties": {
99
"connectorDefinitionName": "GCPCDNLogsCCPDefinition",
10-
"dataType": "GCP_CDNV2_CL",
10+
"dataType": "GCPCDN",
1111
"dcrConfig": {
12-
"streamName": "Custom-GCPCDN",
12+
"streamName": "SENTINEL_GCP_CDN_LOGS",
1313
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
1414
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
1515
},

0 commit comments

Comments
 (0)