Skip to content

Commit 9b4e5e2

Browse files
v-atulyadavv-atulyadav
authored
Merge pull request Azure#13211 from fenil-savani/corelight-new-aggregation-parsers
[Corelight][Parsers] - Adding new parsers for corelight aggregation
2 parents 91557c8 + 0265667 commit 9b4e5e2

17 files changed

+2826
-296
lines changed

.script/tests/KqlvalidationsTests/CustomTables/Corelight_v2_conn_agg_CL.json

Lines changed: 285 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,285 @@
1+
{
2+
"Name": "Corelight_v2_conn_agg_CL",
3+
"Properties": [
4+
{
5+
"Name": "TimeGenerated",
6+
"Type": "DateTime"
7+
},
8+
{
9+
"Name": "_path_s",
10+
"Type": "String"
11+
},
12+
{
13+
"Name": "_system_name_s",
14+
"Type": "String"
15+
},
16+
{
17+
"Name": "_write_ts_t",
18+
"Type": "DateTime"
19+
},
20+
{
21+
"Name": "uid_s",
22+
"Type": "String"
23+
},
24+
{
25+
"Name": "id_orig_h_s",
26+
"Type": "String"
27+
},
28+
{
29+
"Name": "id_orig_p_d",
30+
"Type": "Double"
31+
},
32+
{
33+
"Name": "id_resp_h_s",
34+
"Type": "String"
35+
},
36+
{
37+
"Name": "id_resp_p_d",
38+
"Type": "Double"
39+
},
40+
{
41+
"Name": "proto_s",
42+
"Type": "String"
43+
},
44+
{
45+
"Name": "suri_ids_s",
46+
"Type": "String"
47+
},
48+
{
49+
"Name": "local_orig_b",
50+
"Type": "Boolean"
51+
},
52+
{
53+
"Name": "local_resp_b",
54+
"Type": "Boolean"
55+
},
56+
{
57+
"Name": "id_orig_h_n_s",
58+
"Type": "String"
59+
},
60+
{
61+
"Name": "id_resp_h_n_s",
62+
"Type": "String"
63+
},
64+
{
65+
"Name": "community_id_s",
66+
"Type": "String"
67+
},
68+
{
69+
"Name": "spcap_url_s",
70+
"Type": "String"
71+
},
72+
{
73+
"Name": "service_s",
74+
"Type": "String"
75+
},
76+
{
77+
"Name": "app_s",
78+
"Type": "String"
79+
},
80+
{
81+
"Name": "corelight_shunted_b",
82+
"Type": "Boolean"
83+
},
84+
{
85+
"Name": "duration_d",
86+
"Type": "Double"
87+
},
88+
{
89+
"Name": "orig_bytes_d",
90+
"Type": "Double"
91+
},
92+
{
93+
"Name": "resp_bytes_d",
94+
"Type": "Double"
95+
},
96+
{
97+
"Name": "missed_bytes_d",
98+
"Type": "Double"
99+
},
100+
{
101+
"Name": "orig_shunted_pkts_d",
102+
"Type": "Double"
103+
},
104+
{
105+
"Name": "orig_shunted_bytes_d",
106+
"Type": "Double"
107+
},
108+
{
109+
"Name": "resp_shunted_pkts_d",
110+
"Type": "Double"
111+
},
112+
{
113+
"Name": "resp_shunted_bytes_d",
114+
"Type": "Double"
115+
},
116+
{
117+
"Name": "orig_pkts_d",
118+
"Type": "Double"
119+
},
120+
{
121+
"Name": "orig_ip_bytes_d",
122+
"Type": "Double"
123+
},
124+
{
125+
"Name": "resp_pkts_d",
126+
"Type": "Double"
127+
},
128+
{
129+
"Name": "resp_ip_bytes_d",
130+
"Type": "Double"
131+
},
132+
{
133+
"Name": "conn_state_s",
134+
"Type": "String"
135+
},
136+
{
137+
"Name": "history_s",
138+
"Type": "String"
139+
},
140+
{
141+
"Name": "tunnel_parents_s",
142+
"Type": "String"
143+
},
144+
{
145+
"Name": "netskope_site_id_s",
146+
"Type": "String"
147+
},
148+
{
149+
"Name": "netskope_user_id_s",
150+
"Type": "String"
151+
},
152+
{
153+
"Name": "id_vlan_d",
154+
"Type": "Double"
155+
},
156+
{
157+
"Name": "vlan_d",
158+
"Type": "Double"
159+
},
160+
{
161+
"Name": "inner_vlan_d",
162+
"Type": "Double"
163+
},
164+
{
165+
"Name": "orig_inst_org_id_s",
166+
"Type": "String"
167+
},
168+
{
169+
"Name": "orig_inst_name_s",
170+
"Type": "String"
171+
},
172+
{
173+
"Name": "orig_inst_az_s",
174+
"Type": "String"
175+
},
176+
{
177+
"Name": "orig_inst_vpc_id_s",
178+
"Type": "String"
179+
},
180+
{
181+
"Name": "orig_inst_subnet_id_s",
182+
"Type": "String"
183+
},
184+
{
185+
"Name": "orig_inst_sg_ids_s",
186+
"Type": "String"
187+
},
188+
{
189+
"Name": "orig_inst_project_s",
190+
"Type": "String"
191+
},
192+
{
193+
"Name": "orig_inst_network_s",
194+
"Type": "String"
195+
},
196+
{
197+
"Name": "orig_inst_network_tags_s",
198+
"Type": "String"
199+
},
200+
{
201+
"Name": "orig_inst_id_s",
202+
"Type": "String"
203+
},
204+
{
205+
"Name": "orig_inst_resource_group_s",
206+
"Type": "String"
207+
},
208+
{
209+
"Name": "orig_inst_subscription_s",
210+
"Type": "String"
211+
},
212+
{
213+
"Name": "orig_inst_os_s",
214+
"Type": "String"
215+
},
216+
{
217+
"Name": "orig_inst_location_s",
218+
"Type": "String"
219+
},
220+
{
221+
"Name": "orig_inst_nsg_s",
222+
"Type": "String"
223+
},
224+
{
225+
"Name": "resp_inst_org_id_s",
226+
"Type": "String"
227+
},
228+
{
229+
"Name": "resp_inst_name_s",
230+
"Type": "String"
231+
},
232+
{
233+
"Name": "resp_inst_az_s",
234+
"Type": "String"
235+
},
236+
{
237+
"Name": "resp_inst_vpc_id_s",
238+
"Type": "String"
239+
},
240+
{
241+
"Name": "resp_inst_subnet_id_s",
242+
"Type": "String"
243+
},
244+
{
245+
"Name": "resp_inst_sg_ids_s",
246+
"Type": "String"
247+
},
248+
{
249+
"Name": "resp_inst_project_s",
250+
"Type": "String"
251+
},
252+
{
253+
"Name": "resp_inst_network_s",
254+
"Type": "String"
255+
},
256+
{
257+
"Name": "resp_inst_network_tags_s",
258+
"Type": "String"
259+
},
260+
{
261+
"Name": "resp_inst_id_s",
262+
"Type": "String"
263+
},
264+
{
265+
"Name": "resp_inst_resource_group_s",
266+
"Type": "String"
267+
},
268+
{
269+
"Name": "resp_inst_subscription_s",
270+
"Type": "String"
271+
},
272+
{
273+
"Name": "resp_inst_os_s",
274+
"Type": "String"
275+
},
276+
{
277+
"Name": "resp_inst_location_s",
278+
"Type": "String"
279+
},
280+
{
281+
"Name": "resp_inst_nsg_s",
282+
"Type": "String"
283+
}
284+
]
285+
}

0 commit comments

Comments
 (0)