Skip to content

Commit

Permalink
Merge pull request #485 from Cargill/okta_list
Browse files Browse the repository at this point in the history 
some Okta messages have list target fields
  • Loading branch information
@lyradc
lyradc authored Feb 15, 2024
2 parents 69173ec + 860e611 commit c89abce
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions config/processors/api_audit_okta.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,17 +34,21 @@ filter {
"[okta][displayMessage]" => "[event][category]"
"[okta][severity]" => "[log][level]"

"[okta][client][userAgent][os]" => "[user_agent][os][name]"
"[okta][client][userAgent][os]" => "[user_agent][os][name]"
"[okta][client][userAgent][rawUserAgent]" => "[user_agent][original]"
"[okta][client][userAgent][browser]" => "[user_agent][name]"
"[okta][securityContext][domain]" => "[source][domain]"
"[okta][transaction][type]" => "[user][type]"
"[okta][actor][alternateId]" => "[source][user][email]"
"[okta][target][id]" => "[destination][user][id]"
"[okta][target][alternateId]" => "[destination][user][email]"
"[okta][target][displayName]" => "[destination][user][full_name]"

"[okta][target][0][id]" => "[destination][user][id]"
"[okta][target][0][alternateId]" => "[destination][user][email]"
"[okta][target][0][displayName]" => "[destination][user][full_name]"

"[okta][actor][id]" => "[user][effective][id]"
"[okta][actor][displayName]" => "[user][full_name]"
Expand All @@ -67,7 +71,7 @@ filter {
rename => { "[okta][target][0][alternateId]" => "[destination][user][email]" }
}
}
# "2022-03-22T12:20:30.498Z"
# "2022-03-22T12:20:30.498Z"
date {
match => ["[event][created]", "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"]
timezone => "GMT"
Expand Down

0 comments on commit c89abce

Please sign in to comment.