From 81ea988ef007379eb72a2bc780207d79cf2ab294 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Wed, 30 Oct 2024 10:06:28 +1030 Subject: [PATCH] mimecast: squelch test errors associated with timezone short IDs The BST short ID is associated with three timezones, resulting in the potential for three different Zulu timestamps, depending on which BST is chosen by the date processor. Fix this for tests by using a non-ambigous timezone short ID (which happily also agrees with the geoip data that we use). There is no correct fix that can be applied since the set of ambigous short IDs is large and knowing which to apply would depend on knowledge of the origin of the data (which may be possible, though complex with the geoip data, but also may not be depending on how strongly tied to geographical location the TZ of the timestamp is). The correct fix is for the data source to not use short IDs. We do not control this. --- .../_dev/test/pipeline/test-audit-events.log | 14 +++---- .../test-audit-events.log-expected.json | 38 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log index cc8397df06fd..5602d0ea565a 100644 --- a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log +++ b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log @@ -1,8 +1,8 @@ {"auditType":"Threat Intel Feed Download","category":"reporting_logs","eventInfo":"Threat intel multiple feeds download - malware_customer_csv_20211018094502564.zip, Date: 2021-10-18, Time: 08:45:02+0000, IP: 67.43.156.15, Application: Integrations","eventTime":"2021-10-18T08:45:02+0000","id":"eNqrVipOTS4tSs1MUbJS8im3dA5NjAxJTPP0svD1jioo9IsINgxL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxpbmRhoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWACCXK48","user":"johndoe@example.com"} {"id": "eNqrVipOTS4tSs1MUbJS8nbx8CoyTPFN9akM9K5KqnQyi8z2DgtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxoaG5grKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADbWK70","auditType": "Threat Intel Feed Download","user": "johndoe@example","eventTime": "2021-10-10T22:51:57+0000","eventInfo": "Threat intel multiple feeds download - malware_grid_csv_20211010235157027.zip, Date: 2021-10-10, Time: 22:51:57+0000, IP: 67.43.156.15, Application: Azure Sentinel","category": "reporting_logs"} -{"id": "eNqrVipOTS4tSs1MUbJSivD0cisuyAirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A","auditType": "User Logged On","user": "johndoe@example.com","eventTime": "2021-10-11T17:17:30+0000","eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:30 BST, IP: 67.43.156.15, Application: Administration Console, Method: Two Step Auth, 2FA: TOTP","category": "authentication_logs"} -{"id":"eNqrVipOTS4tSs1MUbJSSsos9DMJTPLyMA6NcCt2TA1OCwjLcwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhsqaOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAC8tK60","auditType":"Logon Requires Challenge","user":"johndoe@example.com","eventTime":"2021-10-11T17:17:26+0000","eventInfo":"Intermediate authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:26 BST, IP: 67.43.156.15, Application: Administration Console, Method: Office 365, 2FA: TOTP","category":"authentication_logs"} -{ "id": "eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI", "auditType": "User Logged On", "user": "johndoe@example.com", "eventTime": "2021-10-11T16:03:38+0000", "eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 17:03:38 BST, IP: 67.43.156.15, Application: Administration Console, Method: Cloud", "category": "authentication_logs"} +{"id": "eNqrVipOTS4tSs1MUbJSivD0cisuyAirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A","auditType": "User Logged On","user": "johndoe@example.com","eventTime": "2021-10-11T17:17:30+0000","eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:30 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Two Step Auth, 2FA: TOTP","category": "authentication_logs"} +{"id":"eNqrVipOTS4tSs1MUbJSSsos9DMJTPLyMA6NcCt2TA1OCwjLcwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhsqaOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAC8tK60","auditType":"Logon Requires Challenge","user":"johndoe@example.com","eventTime":"2021-10-11T17:17:26+0000","eventInfo":"Intermediate authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:26 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Office 365, 2FA: TOTP","category":"authentication_logs"} +{ "id": "eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI", "auditType": "User Logged On", "user": "johndoe@example.com", "eventTime": "2021-10-11T16:03:38+0000", "eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 17:03:38 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Cloud", "category": "authentication_logs"} { "id": "eNqrVipOTS4tSs1MUbJSCkg09A93r0rNi9FPynHJ9gwJzyrzT8sJS_PXNg12dQt3j_QMr4oyi_SO0Xf1jswtM7TINncxTNTO97OsNPQqqAwNU9JRSixNySzJyU8HmWhsaGlsZGJsaqyjlFxaXJKfm1qUnJ-SCrTK2cTM0dwUqLwstag4Mz9PycqwFgCMPCxu", "auditType": "Mimecast Support Login", "user": "johdoe@example.local", "eventTime": "2021-10-11T15:39:17+0000", "eventInfo": "Action Performed - johdoe@example.local logged into this account. by johdoe@example.local Date: 2021-10-11 Time: 16:39:17 +0100 IP: 67.43.156.15 Application: Administration Console", "category": "mimecast_access_logs"} {"id":"eNqrVipOTS4tSs1MUbJSynStcDUudE51LQtJKc-M0TfwMjas8nQLS_PXNg12dQt3j_QMr4oyi_SO0Xf1jswtM7TINncxTNTO97OsNPQqqAwNU9JRSixNySzJyU8HmWhsaGliZGhgYqSjlFxaXJKfm1qUnJ-SCrTK2cTM0dwUqLwstag4Mz9PycqwFgBLJCvK","auditType":"Mimecast Support Login","user":"johndoe@example.local","eventTime":"2021-10-19T11:46:40+0000","eventInfo":"Action Performed - johdoe@example.local logged into this account. by johdoe@example.local Date: 2021-10-19 Time: 12:46:40 +0100 IP: 67.43.156.15 Application: Administration Console","category":"mimecast_access_logs"} {"id":"eNqrVipOTS4tSs1MUbJS0nYKziswMy_18smyMDAs9w8P8PPNNAxL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmxopqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAOifKw8","auditType":"Message Action","user":"johndoe@example.com","eventTime":"2021-10-11T15:36:01+0000","eventInfo":"Viewed Message - Source: Search, From: johndoe@example.com, To: johndoe@example.com, Subject: Test on Tues 28th Sept, Processed: 2021-09-28 07:59:23+0000, Viewed Content: True, Date: 2021-10-11, Time: 15:36:01+0000, IP: 67.43.156.15, Application: mimecast-case-review","category":"case_review_logs"} @@ -10,10 +10,10 @@ {"id":"eNqrVipOTS4tSs1MUbJSMk9PdXYMzywJrLLMzdT2TfVN8S8zNgxL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkbGFmoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWACyMK6M","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-11T14:46:10+0000","eventInfo":"Creating the auditLog entry for failed authentication, emailAddress :com.example.sdk.address.Address@4a3bcd11[accountCode=ABC123,accountId=75,internal=false,emailAddress=johndoe@gmail.com,domainName=gmail.com,name=johndoe@gmail.com,aliasFor=0,type=0,journalService=false,id=275078533,aliases={},alternateAddresses={},alternateAliases={}] remote IP : 67.43.156.15 application : LFS","category":"authentication_logs"} {"id":"eNqrVipOTS4tSs1MUbJSKnU29DVI9XJJMs6wMC9LqnAMccoxcwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkZGZqoqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPQMKys","auditType":"Completed Directory Sync","user":"","eventTime":"2021-10-11T13:21:06+0000","eventInfo":"No changes found.","category":"account_logs"} {"id":"eNqrVipOTS4tSs1MUbJSSiwLM8srLCvJzg8s8HbydCpz0Y6oCAtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaG5ooKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAHTYLDo","auditType":"Case Action","user":"johndoe@example.com","eventTime":"2021-10-12T09:19:53+0000","eventInfo":"Viewed Case - Case: Class Action, Date: 2021-10-12, Time: 09:19:53+0000, IP: 67.43.156.15, Application: mimecast-case-review","category":"case_review_logs"} -{"id":"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:55+0000","eventInfo":"Failed authentication for johndoe@example.com , Date: 2021-10-12, Time: 09:47:55 BST, IP: 67.43.156.15, Application: mimecast-moa, Method: Office 365, Reason: Wrong password","category":"authentication_logs"} +{"id":"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:55+0000","eventInfo":"Failed authentication for johndoe@example.com , Date: 2021-10-12, Time: 09:47:55 BTT, IP: 67.43.156.15, Application: mimecast-moa, Method: Office 365, Reason: Wrong password","category":"authentication_logs"} {"id":"eNqrVipOTS4tSs1MUbJSSnJMinKNMMtyDg3xKw2rDM91DC-JdAtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRooaOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAEQYK9w","auditType":"Existing Archive Task Changed","user":"johdoe@example.com","eventTime":"2021-10-12T08:47:54+0000","eventInfo":"Successfully updated 3 'Sync and Recover' tasks associated with legacy connection (\"365\") to new migrated connector (\"Sync and Recover - 365\"), Date: 2021-10-12, Time: 08:47:54+0000, IP: 67.43.156.15, Application: Administration Console","category":"archive_service_logs"} {"id":"eNoVzc0KgkAUQOF3uVsFuZma7qQ0UqiFqChuZH7M0iZmHMOid8_2h-98QDGiJespBDBgYwn-4orcHMrr_JqUWdjFBb8YThbF5bE6le_ardLGitJqnHF39w7YGuLsL5g8l7wAE1pN-2kQ3V-00bdt3KBrAtFqEiOTRFC2rvZbN_ScNZ-ZVL14QIDfH41XLGM","auditType":"Connectors Management","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:53+0000","eventInfo":"Connector creation for Microsoft O365\nName: Sync and Recover - 365, Description: null, Product: Sync and Recover, App (provider): Microsoft O365\nSuccess: true, Date: 2021-10-12, Time: 08:47:53+0000, IP: 67.43.156.15, Application: Administration Console","category":"integrations_and_apis"} -{"id":"eNqrVipOTS4tSs1MUbJSynAJ8yuoyA4z9ygMNyv21C42MC9IDwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkbmFhoqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADk2K8U","auditType":"Page Data Exports","user":"johndoe@example.com","eventTime":"2021-10-12T02:27:18+0000","eventInfo":"[Export type : Download,Name :watchlist_view,Requested By :johndoe@example.com,Export time :Tue Oct 12 03:27:18 BST 2021,IP Address :67.43.156.15,Columns exported :Name|Email|Department|Number of Videos|,File name : export_at_watchlist_view_1634005638160.xlsx,File Size: 6864,File type : .xlsx], Date: 2021-10-12, Time: 02:27:18+0000, IP: 67.43.156.15, Application: mimecast-matfe","category":"account_logs"} +{"id":"eNqrVipOTS4tSs1MUbJSynAJ8yuoyA4z9ygMNyv21C42MC9IDwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkbmFhoqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADk2K8U","auditType":"Page Data Exports","user":"johndoe@example.com","eventTime":"2021-10-12T02:27:18+0000","eventInfo":"[Export type : Download,Name :watchlist_view,Requested By :johndoe@example.com,Export time :Tue Oct 12 03:27:18 BTT 2021,IP Address :67.43.156.15,Columns exported :Name|Email|Department|Number of Videos|,File name : export_at_watchlist_view_1634005638160.xlsx,File Size: 6864,File type : .xlsx], Date: 2021-10-12, Time: 02:27:18+0000, IP: 67.43.156.15, Application: mimecast-matfe","category":"account_logs"} {"id":"eNqrVipOTS4tSs1MUbJSMi8zSc3J8M4Od_NwjdHPMDYzdfGO8MkJS_PXNg12dQt3j_QMr4oyi_SO0Xf1jswtM7TINncxTNTO97OsNPQqqAwNU9JRSixNySzJyU8HmWhsaGlsZGppaKajlFxaXJKfm1qUnJ-SCrTK2cTM0dwUqLwstag4Mz9PycqwFgAmqSuF","auditType":"Custom Report Definition Created","user":"johndoe@example.local","eventTime":"2021-10-11T19:53:41+0000","eventInfo":"Action Performed - Custom Report Definition Created with name \"Terri test\" and description \"all user - per email report\" by johndoe@example.local Date: 2021-10-11 Time: 20:53:41 +0100 IP: 67.43.156.15 Application: Administration Console","category":"reporting_logs"} {"id":"eNqrVipOTS4tSs1MUbJSCij080lzDChMMjXw8o3IjnCLDIrRT8wJS_PXNg12dQt3j_QMr4oyi_SO0Xf1jswtM7TINncxTNTO97OsNPQqqAwNU9JRSixNySzJyU8HmWhsaGlsZGpiYaqjlFxaXJKfm1qUnJ-SCrTK2cTM0dwUqLwstag4Mz9PycqwFgBNvCvh","auditType":"Folder Log Entry","user":"johndoe@example.com","eventTime":"2021-10-11T18:23:10+0000","eventInfo":"Action Performed - Deleted New Folder by johndoe@example.com Date: 2021-10-11 Time: 19:23:10 +0100 IP: 67.43.156.15 Application: Administration Console","category":"profile_group_logs"} {"id":"eNqrVipOTS4tSs1MUbJSCtF28jc2DDLwd_d1NM7ULnLzdnPzdwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxiCAQ6SsmlxSX5ualFyfkpqUCbnE3MHM1NgcrLUouKM_PzlKwMawGTZipR","auditType":"User Password Changed","user":"johndoe@example.com","eventTime":"2021-10-12T19:56:55+0000","eventInfo":"Password reset for user: johndoe@example.com User Password Changed, Remote IP is null","category":"user_account_and_role_logs"} @@ -28,7 +28,7 @@ {"id":"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:55+0000","eventInfo":"Failed authentication for johndoe@example.com , Date: 2022-01-11, Time: 21:48:01 GMT, IP: 67.43.156.15, Application: POP-POP2, Method: Cloud, Reason: Wrong Password","category":"authentication_logs"} { "id": "eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI", "auditType": "User Logged On", "user": "johndoe@example.com", "eventTime": "2021-10-11T16:03:38+0000", "eventInfo": "Succesfully enrolled user for user device enrollment, Remote IP is 67.43.156.15", "category": "authentication_logs"} {"id":"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:55+0000","eventInfo": "User johndoe@example.com attempted to access the mimecast-matfe but does not have the required permissions to do so, Date : 2022-03-29, Time : 13:31:03+0000, IP : 67.43.156.15, Application : API, Remote IP is 67.43.156.15","category":"authentication_logs"} -{"id":"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:55+0000","eventInfo": "Failed authentication for johndoe@example.com , Date: 2022-03-29, Time: 19:33:05 BST, IP: : 67.43.156.15,, Application: SMTP-MTA2, Reason: Account locked","category":"authentication_logs"} +{"id":"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg","auditType":"Logon Authentication Failed","user":"johndoe@example.com","eventTime":"2021-10-12T08:47:55+0000","eventInfo": "Failed authentication for johndoe@example.com , Date: 2022-03-29, Time: 19:33:05 BTT, IP: : 67.43.156.15,, Application: SMTP-MTA2, Reason: Account locked","category":"authentication_logs"} {"auditType":"Logon Authentication Failed","category":"authentication_logs","eventInfo":"Failed authentication for john.doe@contoso.com , Date: 2023-05-01, Time: 13:50:07 GMT-04:00, IP: 67.43.156.3, Application: MfO, Method: SP-initiated SAML, Reason: Account disabled","eventTime":"2023-05-01T17:50:07+0000","id":"eNoVzlETgTAAwPHvstfcaRHWnYdZpUiElQcvWVPdlbnVSM53xwf43-__Bg1nSvIyAxZIaEb8fKEF9Bq4wito7LxeW676y5oUU3QMt1XCcD9ZxPazOg-JUyxpXt9Jl-Sa0ft1tFyHqh-Fpm3vVoXusg32ZOS1rrPvrs-DPCFH19IAy9nKn4MBSFVWtpXI__h4bExHBoJoAJhqWlFzyUTGf1eEHjCEOobI_DUPLptS3IAFP1_HBjvt","user":"john.doe@contoso.com"} -{"auditType":"User Logged On","category":"authentication_logs","eventInfo":"Successful authentication for john.smith@example.com \u003cSmith, John\u003e, Date: 2024-07-01, Time: 13:56:25 BST, IP: 81.2.69.144, Application: MPP, Method: SP-initiated SAML","eventTime":"2024-07-01T12:56:25+0000","id":"eNpVj21LhEAUhf_LfN2VnRl1RpclCNirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A","user":"john.smith@example.com"} +{"auditType":"User Logged On","category":"authentication_logs","eventInfo":"Successful authentication for john.smith@example.com \u003cSmith, John\u003e, Date: 2024-07-01, Time: 13:56:25 BTT, IP: 81.2.69.144, Application: MPP, Method: SP-initiated SAML","eventTime":"2024-07-01T12:56:25+0000","id":"eNpVj21LhEAUhf_LfN2VnRl1RpclCNirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A","user":"john.smith@example.com"} {"meta":{"status":200,"pagination":{"pageSize":10,"totalCount":449,"pageToken":"next-page"}},"data":[],"fail":[]} diff --git a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json index a32c9ff81870..ab8b418db16f 100644 --- a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json +++ b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json @@ -128,15 +128,15 @@ }, "event": { "action": "user-logged-on", - "created": "2021-10-11T07:17:30.000Z", + "created": "2021-10-11T12:17:30.000Z", "id": "eNqrVipOTS4tSs1MUbJSivD0cisuyAirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A", - "original": "{\"id\": \"eNqrVipOTS4tSs1MUbJSivD0cisuyAirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A\",\"auditType\": \"User Logged On\",\"user\": \"johndoe@example.com\",\"eventTime\": \"2021-10-11T17:17:30+0000\",\"eventInfo\": \"Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:30 BST, IP: 67.43.156.15, Application: Administration Console, Method: Two Step Auth, 2FA: TOTP\",\"category\": \"authentication_logs\"}" + "original": "{\"id\": \"eNqrVipOTS4tSs1MUbJSivD0cisuyAirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A\",\"auditType\": \"User Logged On\",\"user\": \"johndoe@example.com\",\"eventTime\": \"2021-10-11T17:17:30+0000\",\"eventInfo\": \"Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:30 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Two Step Auth, 2FA: TOTP\",\"category\": \"authentication_logs\"}" }, "mimecast": { "2FA": "TOTP", "application": "Administration Console", "category": "authentication_logs", - "eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:30 BST, IP: 67.43.156.15, Application: Administration Console, Method: Two Step Auth, 2FA: TOTP", + "eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:30 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Two Step Auth, 2FA: TOTP", "method": "Two Step Auth" }, "related": { @@ -179,15 +179,15 @@ }, "event": { "action": "logon-requires-challenge", - "created": "2021-10-11T07:17:26.000Z", + "created": "2021-10-11T12:17:26.000Z", "id": "eNqrVipOTS4tSs1MUbJSSsos9DMJTPLyMA6NcCt2TA1OCwjLcwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhsqaOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAC8tK60", - "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSSsos9DMJTPLyMA6NcCt2TA1OCwjLcwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhsqaOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAC8tK60\",\"auditType\":\"Logon Requires Challenge\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-11T17:17:26+0000\",\"eventInfo\":\"Intermediate authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:26 BST, IP: 67.43.156.15, Application: Administration Console, Method: Office 365, 2FA: TOTP\",\"category\":\"authentication_logs\"}" + "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSSsos9DMJTPLyMA6NcCt2TA1OCwjLcwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhsqaOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAC8tK60\",\"auditType\":\"Logon Requires Challenge\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-11T17:17:26+0000\",\"eventInfo\":\"Intermediate authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:26 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Office 365, 2FA: TOTP\",\"category\":\"authentication_logs\"}" }, "mimecast": { "2FA": "TOTP", "application": "Administration Console", "category": "authentication_logs", - "eventInfo": "Intermediate authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:26 BST, IP: 67.43.156.15, Application: Administration Console, Method: Office 365, 2FA: TOTP", + "eventInfo": "Intermediate authentication for johndoe@example.com , Date: 2021-10-11, Time: 18:17:26 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Office 365, 2FA: TOTP", "method": "Office 365" }, "related": { @@ -230,14 +230,14 @@ }, "event": { "action": "user-logged-on", - "created": "2021-10-11T06:03:38.000Z", + "created": "2021-10-11T11:03:38.000Z", "id": "eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI", - "original": "{ \"id\": \"eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI\", \"auditType\": \"User Logged On\", \"user\": \"johndoe@example.com\", \"eventTime\": \"2021-10-11T16:03:38+0000\", \"eventInfo\": \"Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 17:03:38 BST, IP: 67.43.156.15, Application: Administration Console, Method: Cloud\", \"category\": \"authentication_logs\"}" + "original": "{ \"id\": \"eNqrVipOTS4tSs1MUbJS8o0ILw8pL_cyqQosLi-MzKjKcvMzCwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkYmZorKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAIqvLHI\", \"auditType\": \"User Logged On\", \"user\": \"johndoe@example.com\", \"eventTime\": \"2021-10-11T16:03:38+0000\", \"eventInfo\": \"Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 17:03:38 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Cloud\", \"category\": \"authentication_logs\"}" }, "mimecast": { "application": "Administration Console", "category": "authentication_logs", - "eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 17:03:38 BST, IP: 67.43.156.15, Application: Administration Console, Method: Cloud", + "eventInfo": "Successful authentication for johndoe@example.com , Date: 2021-10-11, Time: 17:03:38 BTT, IP: 67.43.156.15, Application: Administration Console, Method: Cloud", "method": "Cloud" }, "related": { @@ -617,15 +617,15 @@ }, "event": { "action": "logon-authentication-failed", - "created": "2021-10-11T22:47:55.000Z", + "created": "2021-10-12T03:47:55.000Z", "id": "eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg", - "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg\",\"auditType\":\"Logon Authentication Failed\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-12T08:47:55+0000\",\"eventInfo\":\"Failed authentication for johndoe@example.com , Date: 2021-10-12, Time: 09:47:55 BST, IP: 67.43.156.15, Application: mimecast-moa, Method: Office 365, Reason: Wrong password\",\"category\":\"authentication_logs\"}", + "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg\",\"auditType\":\"Logon Authentication Failed\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-12T08:47:55+0000\",\"eventInfo\":\"Failed authentication for johndoe@example.com , Date: 2021-10-12, Time: 09:47:55 BTT, IP: 67.43.156.15, Application: mimecast-moa, Method: Office 365, Reason: Wrong password\",\"category\":\"authentication_logs\"}", "reason": "Wrong password" }, "mimecast": { "application": "mimecast-moa", "category": "authentication_logs", - "eventInfo": "Failed authentication for johndoe@example.com , Date: 2021-10-12, Time: 09:47:55 BST, IP: 67.43.156.15, Application: mimecast-moa, Method: Office 365, Reason: Wrong password", + "eventInfo": "Failed authentication for johndoe@example.com , Date: 2021-10-12, Time: 09:47:55 BTT, IP: 67.43.156.15, Application: mimecast-moa, Method: Office 365, Reason: Wrong password", "method": "Office 365" }, "related": { @@ -768,7 +768,7 @@ "action": "page-data-exports", "created": "2021-10-12T02:27:18.000Z", "id": "eNqrVipOTS4tSs1MUbJSynAJ8yuoyA4z9ygMNyv21C42MC9IDwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkbmFhoqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADk2K8U", - "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSynAJ8yuoyA4z9ygMNyv21C42MC9IDwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkbmFhoqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADk2K8U\",\"auditType\":\"Page Data Exports\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-12T02:27:18+0000\",\"eventInfo\":\"[Export type : Download,Name :watchlist_view,Requested By :johndoe@example.com,Export time :Tue Oct 12 03:27:18 BST 2021,IP Address :67.43.156.15,Columns exported :Name|Email|Department|Number of Videos|,File name : export_at_watchlist_view_1634005638160.xlsx,File Size: 6864,File type : .xlsx], Date: 2021-10-12, Time: 02:27:18+0000, IP: 67.43.156.15, Application: mimecast-matfe\",\"category\":\"account_logs\"}" + "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSynAJ8yuoyA4z9ygMNyv21C42MC9IDwtL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkbmFhoqOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADk2K8U\",\"auditType\":\"Page Data Exports\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-12T02:27:18+0000\",\"eventInfo\":\"[Export type : Download,Name :watchlist_view,Requested By :johndoe@example.com,Export time :Tue Oct 12 03:27:18 BTT 2021,IP Address :67.43.156.15,Columns exported :Name|Email|Department|Number of Videos|,File name : export_at_watchlist_view_1634005638160.xlsx,File Size: 6864,File type : .xlsx], Date: 2021-10-12, Time: 02:27:18+0000, IP: 67.43.156.15, Application: mimecast-matfe\",\"category\":\"account_logs\"}" }, "file": { "extension": ".xlsx", @@ -778,7 +778,7 @@ "mimecast": { "application": "mimecast-matfe", "category": "account_logs", - "eventInfo": "[Export type : Download,Name :watchlist_view,Requested By :johndoe@example.com,Export time :Tue Oct 12 03:27:18 BST 2021,IP Address :67.43.156.15,Columns exported :Name|Email|Department|Number of Videos|,File name : export_at_watchlist_view_1634005638160.xlsx,File Size: 6864,File type : .xlsx], Date: 2021-10-12, Time: 02:27:18+0000, IP: 67.43.156.15, Application: mimecast-matfe" + "eventInfo": "[Export type : Download,Name :watchlist_view,Requested By :johndoe@example.com,Export time :Tue Oct 12 03:27:18 BTT 2021,IP Address :67.43.156.15,Columns exported :Name|Email|Department|Number of Videos|,File name : export_at_watchlist_view_1634005638160.xlsx,File Size: 6864,File type : .xlsx], Date: 2021-10-12, Time: 02:27:18+0000, IP: 67.43.156.15, Application: mimecast-matfe" }, "related": { "ip": [ @@ -1492,13 +1492,13 @@ "action": "logon-authentication-failed", "created": "2022-03-29T19:33:05.000Z", "id": "eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg", - "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg\",\"auditType\":\"Logon Authentication Failed\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-12T08:47:55+0000\",\"eventInfo\": \"Failed authentication for johndoe@example.com , Date: 2022-03-29, Time: 19:33:05 BST, IP: : 67.43.156.15,, Application: SMTP-MTA2, Reason: Account locked\",\"category\":\"authentication_logs\"}", + "original": "{\"id\":\"eNqrVipOTS4tSs1MUbJSMvCrMHX2MzL1yLFITjJNd8rO9wiJyAlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxsaGRkoKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWAPktKzg\",\"auditType\":\"Logon Authentication Failed\",\"user\":\"johndoe@example.com\",\"eventTime\":\"2021-10-12T08:47:55+0000\",\"eventInfo\": \"Failed authentication for johndoe@example.com , Date: 2022-03-29, Time: 19:33:05 BTT, IP: : 67.43.156.15,, Application: SMTP-MTA2, Reason: Account locked\",\"category\":\"authentication_logs\"}", "reason": "Account locked" }, "mimecast": { "application": "SMTP-MTA2", "category": "authentication_logs", - "eventInfo": "Failed authentication for johndoe@example.com , Date: 2022-03-29, Time: 19:33:05 BST, IP: : 67.43.156.15,, Application: SMTP-MTA2, Reason: Account locked" + "eventInfo": "Failed authentication for johndoe@example.com , Date: 2022-03-29, Time: 19:33:05 BTT, IP: : 67.43.156.15,, Application: SMTP-MTA2, Reason: Account locked" }, "related": { "ip": [ @@ -1591,14 +1591,14 @@ }, "event": { "action": "user-logged-on", - "created": "2024-07-01T02:56:25.000Z", + "created": "2024-07-01T07:56:25.000Z", "id": "eNpVj21LhEAUhf_LfN2VnRl1RpclCNirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A", - "original": "{\"auditType\":\"User Logged On\",\"category\":\"authentication_logs\",\"eventInfo\":\"Successful authentication for john.smith@example.com \\u003cSmith, John\\u003e, Date: 2024-07-01, Time: 13:56:25 BST, IP: 81.2.69.144, Application: MPP, Method: SP-initiated SAML\",\"eventTime\":\"2024-07-01T12:56:25+0000\",\"id\":\"eNpVj21LhEAUhf_LfN2VnRl1RpclCNirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A\",\"user\":\"john.smith@example.com\"}" + "original": "{\"auditType\":\"User Logged On\",\"category\":\"authentication_logs\",\"eventInfo\":\"Successful authentication for john.smith@example.com \\u003cSmith, John\\u003e, Date: 2024-07-01, Time: 13:56:25 BTT, IP: 81.2.69.144, Application: MPP, Method: SP-initiated SAML\",\"eventTime\":\"2024-07-01T12:56:25+0000\",\"id\":\"eNpVj21LhEAUhf_LfN2VnRl1RpclCNirMgpxDy12dPNMMcn1zQlL89c2DXZ1C3eP9AyvijKL9I7Rd_WOzC0ztMg2dzFM1M73s6w09CqoDA1T0lFKLE3JLMnJTwcZaGxoaWxkamhiqKOUXFpckp-bWpScn5IKtMnZxMzR3BSovCy1qDgzP0_JyrAWADo9K8A\",\"user\":\"john.smith@example.com\"}" }, "mimecast": { "application": "MPP", "category": "authentication_logs", - "eventInfo": "Successful authentication for john.smith@example.com , Date: 2024-07-01, Time: 13:56:25 BST, IP: 81.2.69.144, Application: MPP, Method: SP-initiated SAML", + "eventInfo": "Successful authentication for john.smith@example.com , Date: 2024-07-01, Time: 13:56:25 BTT, IP: 81.2.69.144, Application: MPP, Method: SP-initiated SAML", "method": "SP-initiated SAML" }, "related": { diff --git a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index 019cf35e226e..01868038b45e 100644 --- a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -236,7 +236,7 @@ processors: if: 'ctx?.file?.name != null && ctx?.event?.action == "threat-intel-feed-download"' - script: lang: painless - source: | + source: | ctx.file.extension = ctx.file.parts[ctx.file.parts.length-1]; if: 'ctx?.file?.parts !=null && ctx?.file?.parts.length > 1' - set: