dsp.accellion
- Juan Tomás Alonso Nieto (Unlicensed)
- Former user (Deleted)
Introduction
The tags beginning with dsp.accellion identify events generated by Accellion.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as dsp.accellion. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
dsp | accellion | sft | events |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
| dsp.accellion.sft.events | dsp.accellion.sft.events |
Log samples
The following are sample logs sent to each of the dsp.accellion data tables. Also, find how the information will be parsed in your data table under each sample log.
Extra columns
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.
dsp.accellion.sft.events
2021-09-27 18:28:08.485 localhost=127.0.0.1=95.18.57.137 dsp.accellion.sft.events: Feb 4 03:25:25 sgqa-h123 rest_server.py: {"user_id": 1, "description": "Logged in", "successful": 1, "tenant_id": 0, "client_name": "testapp", "flag": 1, "user_type": "katherinejones", "data": {}, "user_ip": "lthompson", "application": "kiteworks", "app_host": "sgqa-.accc.gur", "client_device": "None", "url_host": "sgqa-.accc.gur", "user_agent": "liuregina", "client_id": "5d286ee0-9de0-5d94-b210-c1739a7e761a", "user_name": "christiangillespie", "event": "user_logged_in"}
2021-09-27 18:32:04.113 localhost=127.0.0.1=95.18.57.137 dsp.accellion.sft.events: Feb 4 03:25:25 sgqa-h123 rest_server.py: {"user_id": 3245, "description": "activities_test_folder_add_folder_top_1580499603: Created folder activities_test_folder_add_folder_nested_1580499604", "successful": 1, "tenant_id": 0, "client_name": "kiteworks Web User", "flag": 1, "user_type": "delgadomichael", "data": {"is_folder_upload": 0, "parent_folder": {"path": "activities_test_folder_add_folder_top_1580499603", "id": 39309, "name": "activities_test_folder_add_folder_top_1580499603"}, "session": "56c304986d7d84257d882bb7b6f317f40d9180f6", "folder": {"name": "activities_test_folder_add_folder_nested_1580499604", "path": "activities_test_folder_add_folder_top_1580499603/activities_test_folder_add_folder_nested_1580499604", "id": 39310}}, "user_ip": "edwardsheidi", "application": "kiteworks", "app_host": "sgqa-.accc.gur", "client_device": "None", "url_host": "sgqa-.accc.gur", "user_agent": "mwoods", "client_id": "kw_user", "user_name": "abutler", "event": "add_folder"}
2021-09-27 18:35:33.472 localhost=127.0.0.1=95.18.57.137 dsp.accellion.sft.events: Feb 4 03:25:25 sgqa-h123 rest_server.py: {"user_id": 3245, "description": "activities_test_folder_add_folder_top_1580499603: Created folder activities_test_folder_add_folder_nested_1580499604", "successful": 1, "tenant_id": 0, "client_name": "kiteworks Web User", "flag": 1, "user_type": "delgadomichael", "data": {"is_folder_upload": 0, "parent_folder": {"path": "activities_test_folder_add_folder_top_1580499603", "id": 39309, "name": "activities_test_folder_add_folder_top_1580499603"}, "session": "56c304986d7d84257d882bb7b6f317f40d9180f6", "folder": {"name": "activities_test_folder_add_folder_nested_1580499604", "path": "activities_test_folder_add_folder_top_1580499603/activities_test_folder_add_folder_nested_1580499604", "id": 39310}}, "user_ip": "edwardsheidi", "application": "kiteworks", "app_host": "sgqa-.accc.gur", "client_device": "None", "url_host": "sgqa-.accc.gur", "user_agent": "mwoods", "client_id": "kw_user", "user_name": "abutler", "event": "add_folder"}
2021-09-27 18:36:36.982 localhost=127.0.0.1=95.18.57.137 dsp.accellion.sft.events: Jan 31 19:40:36 sgqa-h123 rest_server.py: {"full_log": "File /var/log/kwlog/tws/cloud_handler.log was added.\nSymbolic path: /log/tws/cloud_handler.log.\n", "application": "kiteworks", "timestamp": "2020-02-05T09:50:03.467+0000", "agent": {"id": "000", "name": "sgqa-h123"}, "syscheck": {"gid_after": "501", "symbolic_path": "/log/tws/cloud_handler.log", "uid_after": "500", "perm_after": "100644", "uname_after": "prometheus", "path": "/var/log/kwlog/tws/cloud_handler.log", "gname_after": "prometheus", "event": "added"}, "manager": {"name": "sgqa-h123"}, "rule": {"firedtimes": 1, "description": "File added to the system.", "level": 5, "groups": ["local", "syslog", "ossec", "syscheck", "rootcheck", "syscheck"], "mail": false, "id": "554"}, "decoder": {"name": "syscheck_new_entry"}, "id": "1580896203.959", "location": "syscheck"}
And this is how the log would be parsed:
Field | Value | Type | Extra fields |
|---|---|---|---|
eventdate |
|
| |
host |
|
| |
| date_str |
| str | |
| server_name | "sgqa-h123" | str | |
| process | "rest_server.py" | str | |
user_id |
|
| |
description |
|
| |
successful |
|
| |
tenant_id |
|
| |
client_name |
|
| |
flag |
|
| |
user_type |
|
| |
data_is_folder_upload |
|
| |
data_parent_folder_path |
|
| |
data_parent_folder_id |
|
| |
data_parent_folder_name |
|
| |
data_session |
|
| |
data_folder_name |
|
| |
data_folder_path |
|
| |
data_folder_id |
|
| |
data_file_owner_id |
|
| |
data_file_owner_name |
|
| |
data_scanning_type |
|
| |
data_skipped |
|
| |
data_service_name |
|
| |
data_ec_source_id |
|
| |
data_ec_source_name |
|
| |
data_dlp_locked |
|
| |
data_prohibited |
|
| |
data_file_hash |
|
| |
data_file_name |
|
| |
data_file_hash_algo |
|
| |
data_file_mime |
|
| |
data_file_file_id |
|
| |
data_file_path |
|
| |
data_file_id |
|
| |
data_file_size |
|
| |
data_kp_xfer_transaction_id |
|
| |
data_status_reason |
|
| |
data_malicious |
|
| |
data_quarantined |
|
| |
data_notified |
|
| |
data_sw_version |
|
| |
data_email |
|
| |
data_dest_folder_name |
|
| |
data_dest_folder_path |
|
| |
data_dest_folder_id |
|
| |
data_source_file_path |
|
| |
data_source_file_file_id |
|
| |
data_source_file_id |
|
| |
data_source_file_name |
|
| |
data_version_added |
|
| |
data_source_folder_name |
|
| |
data_source_folder_path |
|
| |
data_source_folder_id |
|
| |
data_mail_sender |
|
| |
data_mail_secure_body |
|
| |
data_mail_self_copy |
|
| |
data_mail_email_package_id |
|
| |
data_mail_id |
|
| |
data_mail_subject |
|
| |
data_user_name |
|
| |
data_error_msg |
|
| |
data_token_type |
|
| |
data_role_name |
|
| |
data_enable |
|
| |
data_hostname |
|
| |
data_attachments |
|
| |
data_mime |
|
| |
data_name |
|
| |
data_node_ip |
|
| |
user_ip |
|
| |
application |
|
| |
app_host |
|
| |
client_device |
|
| |
url_host |
|
| |
user_agent |
|
| |
client_id |
|
| |
user_name |
|
| |
event |
|
| |
full_log |
|
| |
timestamp |
|
| |
agent_id |
|
| |
agent_name |
|
| |
syscheck_gid_after |
|
| |
syscheck_symbolic_path |
|
| |
syscheck_uid_after |
|
| |
syscheck_perm_after |
|
| |
syscheck_uname_after |
|
| |
syscheck_path |
|
| |
syscheck_gname_after |
|
| |
syscheck_event |
|
| |
manager_name |
|
| |
rule_firedtimes |
|
| |
rule_description |
|
| |
rule_level |
|
| |
rule_groups |
|
| |
rule_mail |
|
| |
rule_id |
|
| |
decoder_name |
|
| |
id |
|
| |
location |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
|
| ✓ |