You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spot.apache.org by na...@apache.org on 2018/01/10 03:41:05 UTC
[1/6] incubator-spot git commit: Change "user_image" field to String
type
Repository: incubator-spot
Updated Branches:
refs/heads/SPOT-181_ODM a263e90dc -> 1e94da9b5
Change "user_image" field to String type
BINARY data type isn't supported by Impala. String as a data type is a safer option.
Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/0c6e8fe1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/0c6e8fe1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/0c6e8fe1
Branch: refs/heads/SPOT-181_ODM
Commit: 0c6e8fe1e371d41ba3da3acd7b6cb3b562b7af9c
Parents: d923259
Author: Tadd Wood <ta...@arcadiadata.com>
Authored: Fri Oct 6 10:05:16 2017 -0700
Committer: Tadd Wood <ta...@arcadiadata.com>
Committed: Fri Oct 6 10:05:16 2017 -0700
----------------------------------------------------------------------
spot-setup/odm/create_user_context_avro.sql | 2 +-
spot-setup/odm/create_user_context_pqt.sql | 2 +-
spot-setup/odm/user_context.avsc | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/0c6e8fe1/spot-setup/odm/create_user_context_avro.sql
----------------------------------------------------------------------
diff --git a/spot-setup/odm/create_user_context_avro.sql b/spot-setup/odm/create_user_context_avro.sql
index 1e73f19..b7ef6b1 100644
--- a/spot-setup/odm/create_user_context_avro.sql
+++ b/spot-setup/odm/create_user_context_avro.sql
@@ -23,7 +23,7 @@ user_last_logon bigint,
user_logon_count int,
user_last_reset bigint,
user_expiration bigint,
-user_image binary,
+user_image string,
user_id string,
user_name string,
user_name_first string,
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/0c6e8fe1/spot-setup/odm/create_user_context_pqt.sql
----------------------------------------------------------------------
diff --git a/spot-setup/odm/create_user_context_pqt.sql b/spot-setup/odm/create_user_context_pqt.sql
index 21843ed..93b4f07 100644
--- a/spot-setup/odm/create_user_context_pqt.sql
+++ b/spot-setup/odm/create_user_context_pqt.sql
@@ -23,7 +23,7 @@ user_last_logon bigint,
user_logon_count int,
user_last_reset bigint,
user_expiration bigint,
-user_img binary,
+user_image string,
user_id string,
user_name string,
user_name_first string,
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/0c6e8fe1/spot-setup/odm/user_context.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/user_context.avsc b/spot-setup/odm/user_context.avsc
index 9c9f7e5..058c271 100644
--- a/spot-setup/odm/user_context.avsc
+++ b/spot-setup/odm/user_context.avsc
@@ -10,7 +10,7 @@
{"name":"user_logon_count", "type":["null","int"],"doc":"Number of times account has logged on","default":null},
{"name":"user_last_reset", "type":["null","long"],"doc":"Timestamp from when user last reset password","default":null},
{"name":"user_expiration", "type":["null","long"],"doc":"Date/time when user expires","default":null},
- {"name":"user_image", "type":["null","binary"],"doc":"Image data for user","default":null},
+ {"name":"user_image", "type":["null","string"],"doc":"Image data for user","default":null},
{"name":"user_id", "type":["null","string"],"doc":"Unique user id","default":null},
{"name":"user_name", "type":["null","string"],"doc":"Username in event log/alert","default":null},
{"name":"user_name_first", "type":["null","string"],"doc":"First name","default":null},
[6/6] incubator-spot git commit: Merge 'pr/124' into SPOT-181_ODM,
SPOT-234 aims to close apache/incubator-spot#124
Posted by na...@apache.org.
Merge 'pr/124' into SPOT-181_ODM, SPOT-234 aims to close apache/incubator-spot#124
Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/1e94da9b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/1e94da9b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/1e94da9b
Branch: refs/heads/SPOT-181_ODM
Commit: 1e94da9b568e17cde8c9d910f4fd2e206fbbde5c
Parents: a263e90 5c18a1d
Author: natedogs911 <na...@gmail.com>
Authored: Tue Jan 9 19:38:49 2018 -0800
Committer: natedogs911 <na...@gmail.com>
Committed: Tue Jan 9 19:38:49 2018 -0800
----------------------------------------------------------------------
spot-setup/odm/create_event_pqt.sql | 16 ++++++-------
spot-setup/odm/create_user_context_avro.sql | 2 +-
spot-setup/odm/create_user_context_pqt.sql | 2 +-
spot-setup/odm/endpoint_context.avsc | 24 ++++++++++----------
spot-setup/odm/event.avsc | 22 +++++++++---------
spot-setup/odm/threat_intelligence_context.avsc | 24 ++++++++++----------
spot-setup/odm/user_context.avsc | 6 ++---
spot-setup/odm/vulnerability_context.avsc | 2 +-
8 files changed, 49 insertions(+), 49 deletions(-)
----------------------------------------------------------------------
[3/6] incubator-spot git commit: Modify bytes and packets field types
Posted by na...@apache.org.
Modify bytes and packets field types
Bigint is a safer choice for this fields in case the byte or packet size exceeds the Integer type numerical limit
Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/06f62e77
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/06f62e77
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/06f62e77
Branch: refs/heads/SPOT-181_ODM
Commit: 06f62e77f36d0f0f9b912104c2af6488e567e598
Parents: 050ce09
Author: Tadd Wood <ta...@arcadiadata.com>
Authored: Sat Dec 2 17:32:45 2017 -0800
Committer: Tadd Wood <ta...@arcadiadata.com>
Committed: Sat Dec 2 17:32:45 2017 -0800
----------------------------------------------------------------------
spot-setup/odm/create_event_pqt.sql | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/06f62e77/spot-setup/odm/create_event_pqt.sql
----------------------------------------------------------------------
diff --git a/spot-setup/odm/create_event_pqt.sql b/spot-setup/odm/create_event_pqt.sql
index ffd888c..cb8ed87 100644
--- a/spot-setup/odm/create_event_pqt.sql
+++ b/spot-setup/odm/create_event_pqt.sql
@@ -39,8 +39,8 @@ category string,
query string,
service string,
state string,
-in_bytes int,
-out_bytes int,
+in_bytes bigint,
+out_bytes bigint,
xref string,
version string,
api string,
@@ -250,8 +250,8 @@ irc_command string,
irc_value string,
irc_additional_data string,
-- Flow
-flow_in_packets int,
-flow_out_packets int,
+flow_in_packets bigint,
+flow_out_packets bigint,
flow_conn_state string,
flow_history string,
flow_src_dscp string,
[4/6] incubator-spot git commit: Clean-up naming conventions for
other timestamp fields
Posted by na...@apache.org.
Clean-up naming conventions for other timestamp fields
Added underscores to make the fields a little more readable and also match the naming convention of other fields in the data model.
Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/ef7bc918
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/ef7bc918
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/ef7bc918
Branch: refs/heads/SPOT-181_ODM
Commit: ef7bc91822abed8410d358d030b24b1d147a9e11
Parents: 06f62e7
Author: Tadd Wood <ta...@arcadiadata.com>
Authored: Sat Dec 2 17:37:19 2017 -0800
Committer: Tadd Wood <ta...@arcadiadata.com>
Committed: Sat Dec 2 17:37:19 2017 -0800
----------------------------------------------------------------------
spot-setup/odm/create_event_pqt.sql | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/ef7bc918/spot-setup/odm/create_event_pqt.sql
----------------------------------------------------------------------
diff --git a/spot-setup/odm/create_event_pqt.sql b/spot-setup/odm/create_event_pqt.sql
index cb8ed87..5a2322d 100644
--- a/spot-setup/odm/create_event_pqt.sql
+++ b/spot-setup/odm/create_event_pqt.sql
@@ -18,10 +18,10 @@ DROP TABLE IF EXISTS ${VAR:ODM_DBNAME}.${VAR:ODM_TABLENAME};
CREATE EXTERNAL TABLE IF NOT EXISTS ${VAR:ODM_DBNAME}.${VAR:ODM_TABLENAME} (
-- Common
event_time bigint,
-begintime bigint,
-endtime bigint,
-event_insertime bigint,
-lastupdatetime bigint,
+begin_time bigint,
+end_time bigint,
+event_insert_time bigint,
+last_update_time bigint,
duration float,
event_id string,
name string,
[5/6] incubator-spot git commit: Update avro schema with field name
and type changes
Posted by na...@apache.org.
Update avro schema with field name and type changes
- bytes and flow packets fields have been updated to "long" types
- timestamp field names now conform better to naming convention styles used in other fields in the data model.
Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/5c18a1df
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/5c18a1df
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/5c18a1df
Branch: refs/heads/SPOT-181_ODM
Commit: 5c18a1df33dedaf2cc0d2bc2ebd0491a6c227014
Parents: ef7bc91
Author: Tadd Wood <ta...@arcadiadata.com>
Authored: Sat Dec 2 17:41:58 2017 -0800
Committer: Tadd Wood <ta...@arcadiadata.com>
Committed: Sat Dec 2 17:41:58 2017 -0800
----------------------------------------------------------------------
spot-setup/odm/event.avsc | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/5c18a1df/spot-setup/odm/event.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/event.avsc b/spot-setup/odm/event.avsc
index 44c1513..00047e5 100644
--- a/spot-setup/odm/event.avsc
+++ b/spot-setup/odm/event.avsc
@@ -5,10 +5,10 @@
"type": "record",
"fields": [
{"name":"event_time","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
- {"name":"begintime","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
- {"name":"endtime","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
- {"name":"event_insertime","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
- {"name":"lastupdatetime","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
+ {"name":"begin_time","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
+ {"name":"end_time","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
+ {"name":"event_insert_time","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
+ {"name":"last_update_time","type":["null","long"],"doc":"timestamp of event (UTC)", "default": null},
{"name":"duration", "type":["null","float"],"doc":"Time duration (milliseconds)", "default": null},
{"name":"event_id", "type":["null","string"],"doc":"Unique identifier for event", "default": null},
{"name":"name", "type":["null","string"],"doc":"Name of event", "default": null},
@@ -26,8 +26,8 @@
{"name":"query", "type":["null","string"],"doc":"Query (DNS query, URI query, SQL query, etc.)", "default": null},
{"name":"service", "type":["null","string"],"doc":"(i.e. service name, type of service)", "default": null},
{"name":"state", "type":["null","string"],"doc":"State of object", "default": null},
- {"name":"in_bytes", "type":["null","int"],"doc":"Bytes in", "default": null},
- {"name":"out_bytes", "type":["null","int"],"doc":"Bytes out", "default": null},
+ {"name":"in_bytes", "type":["null","long"],"doc":"Bytes in", "default": null},
+ {"name":"out_bytes", "type":["null","long"],"doc":"Bytes out", "default": null},
{"name":"xref", "type":["null","string"],"doc":"External reference to public description", "default": null},
{"name":"version", "type":["null","string"],"doc":"Version", "default": null},
{"name":"api", "type":["null","string"],"doc":"API label", "default": null},
@@ -221,8 +221,8 @@
{"name":"irc_command", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"irc_value", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"irc_additional_data", "type":["null","string"],"doc":"TBD", "default": null},
- {"name":"flow_in_packets", "type":["null","int"],"doc":"TBD", "default": null},
- {"name":"flow_out_packets", "type":["null","int"],"doc":"TBD", "default": null},
+ {"name":"flow_in_packets", "type":["null","long"],"doc":"TBD", "default": null},
+ {"name":"flow_out_packets", "type":["null","long"],"doc":"TBD", "default": null},
{"name":"flow_conn_state", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"flow_history", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"flow_src_dscp", "type":["null","string"],"doc":"TBD", "default": null},
[2/6] incubator-spot git commit: Change complex types to Strings in
Avro schema literals
Posted by na...@apache.org.
Change complex types to Strings in Avro schema literals
Map and Array complex Avro Types currently have no Impala equivalent, which means we can't actually use them in the Avro tables if we plan to query them from Impala (Querying these tables with complex types works fine in Hive). For now, exposing field with complex types as Strings seems to be the safest route. Its unclear whether this will be resolved in future version of Impala.
Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/050ce091
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/050ce091
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/050ce091
Branch: refs/heads/SPOT-181_ODM
Commit: 050ce091644d783169f00860d209841f8d17ab8a
Parents: 0c6e8fe
Author: Tadd Wood <ta...@arcadiadata.com>
Authored: Fri Oct 6 10:16:45 2017 -0700
Committer: Tadd Wood <ta...@arcadiadata.com>
Committed: Fri Oct 6 10:16:45 2017 -0700
----------------------------------------------------------------------
spot-setup/odm/endpoint_context.avsc | 24 ++++++++++----------
spot-setup/odm/event.avsc | 6 ++---
spot-setup/odm/threat_intelligence_context.avsc | 24 ++++++++++----------
spot-setup/odm/user_context.avsc | 4 ++--
spot-setup/odm/vulnerability_context.avsc | 2 +-
5 files changed, 30 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/050ce091/spot-setup/odm/endpoint_context.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/endpoint_context.avsc b/spot-setup/odm/endpoint_context.avsc
index 9fa923c..f9e690a 100644
--- a/spot-setup/odm/endpoint_context.avsc
+++ b/spot-setup/odm/endpoint_context.avsc
@@ -12,24 +12,24 @@
{"name":"end_os_version", "type":["null","string"],"doc":"Version of OS","default":null},
{"name":"end_os_sp", "type":["null","string"],"doc":"Service pack","default":null},
{"name":"end_tz", "type":["null","string"],"doc":"Timezone","default":null},
- {"name":"end_hotfixes", "type":["null",{"type":"array", "items":"string"}],"doc":"Applied hotfixes","default":null},
- {"name":"end_disks", "type":["null",{"type":"array", "items":"string"}],"doc":"Available disks","default":null},
- {"name":"end_removeables", "type":["null",{"type":"array", "items":"string"}],"doc":"Removable media devices","default":null},
- {"name":"end_nics", "type":["null",{"type":"array", "items":"string"}],"doc":"Network interfaces","default":null},
- {"name":"end_drivers", "type":["null",{"type":"array", "items":"string"}],"doc":"Installed kernel drivers","default":null},
- {"name":"end_users", "type":["null",{"type":"array", "items":"string"}],"doc":"Local user accounts","default":null},
+ {"name":"end_hotfixes", "type":["null","string"],"doc":"Applied hotfixes","default":null},
+ {"name":"end_disks", "type":["null","string"],"doc":"Available disks","default":null},
+ {"name":"end_removeables", "type":["null","string"],"doc":"Removable media devices","default":null},
+ {"name":"end_nics", "type":["null","string"],"doc":"Network interfaces","default":null},
+ {"name":"end_drivers", "type":["null","string"],"doc":"Installed kernel drivers","default":null},
+ {"name":"end_users", "type":["null","string"],"doc":"Local user accounts","default":null},
{"name":"end_host", "type":["null","string"],"doc":"Hostname of endpoint","default":null},
{"name":"end_mac", "type":["null","string"],"doc":"MAC address of endpoint","default":null},
{"name":"end_owner", "type":["null","string"],"doc":"Endpoint owner (name)","default":null},
- {"name":"end_vulns", "type":["null",{"type":"array", "items":"string"}],"doc":"Vulnerability identifiers (CVE identifier)","default":null},
+ {"name":"end_vulns", "type":["null","string"],"doc":"Vulnerability identifiers (CVE identifier)","default":null},
{"name":"end_loc", "type":["null","string"],"doc":"Location","default":null},
{"name":"end_departm", "type":["null","string"],"doc":"Department","default":null},
{"name":"end_company", "type":["null","string"],"doc":"Distinguished name","default":null},
- {"name":"end_regs", "type":["null",{"type":"array", "items":"string"}],"doc":"Applicable regulations","default":null},
- {"name":"end_svcs", "type":["null",{"type":"array", "items":"string"}],"doc":"Services running on system","default":null},
- {"name":"end_procs", "type":["null",{"type":"array", "items":"string"}],"doc":"Processes","default":null},
+ {"name":"end_regs", "type":["null","string"],"doc":"Applicable regulations","default":null},
+ {"name":"end_svcs", "type":["null","string"],"doc":"Services running on system","default":null},
+ {"name":"end_procs", "type":["null","string"],"doc":"Processes","default":null},
{"name":"end_criticality", "type":["null","string"],"doc":"Criticality of device","default":null},
- {"name":"end_apps", "type":["null",{"type":"array", "items":"string"}],"doc":"Applications running on system","default":null},
+ {"name":"end_apps", "type":["null","string"],"doc":"Applications running on system","default":null},
{"name":"end_desc", "type":["null","string"],"doc":"Endpoint descriptor","default":null},
{"name":"dvc_type", "type":["null","string"],"doc":"Device type that generated the log","default":null},
{"name":"dvc_vendor", "type":["null","string"],"doc":"Vendor","default":null},
@@ -38,7 +38,7 @@
{"name":"end_uuid", "type":["null","string"],"doc":"Universally unique identifier","default":null},
{"name":"end_risk", "type":["null","float"],"doc":"Risk score","default":null},
{"name":"end_memtotal", "type":["null","int"],"doc":"Total memory (bytes)","default":null},
- {"name":"additional_attrs", "type":["null",{"type":"map","values":["null","string"]}],"default":null,"doc":"Additional attributes of endpoint"}
+ {"name":"additional_attrs", "type":["null","string"],"default":null,"doc":"Additional attributes of endpoint"}
],
"doc": "A view schema for storing Apache Spot Endpoint Context data."
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/050ce091/spot-setup/odm/event.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/event.avsc b/spot-setup/odm/event.avsc
index 50dc033..44c1513 100644
--- a/spot-setup/odm/event.avsc
+++ b/spot-setup/odm/event.avsc
@@ -41,7 +41,7 @@
{"name":"sensitivity", "type":["null","string"],"doc":"Sensitivity label", "default": null},
{"name":"count", "type":["null","int"],"doc":"Generic count", "default": null},
{"name":"company", "type":["null","string"],"doc":"Company label", "default": null},
- {"name":"additional_attrs","type":["null",{"type":"map","values":["null","string"]}],"default":null, "doc":"Additional attributes of the event"},
+ {"name":"additional_attrs","type":["null","string"],"default":null, "doc":"Additional attributes of the event"},
{"name":"totrust", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"fromtrust", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"rule", "type":["null","string"],"doc":"TBD", "default": null},
@@ -136,7 +136,7 @@
{"name":"http_request_user_name", "type":["null","string"],"doc":"username from event", "default": null},
{"name":"http_request_password", "type":["null","string"],"doc":"Password from event", "default": null},
{"name":"http_request_proxied", "type":["null","string"],"doc":"TBD", "default": null},
- {"name":"http_request_headers", "type":["null",{"type":"map","values":["null","string"]}],"default":null,"doc":"HTTP request headers"},
+ {"name":"http_request_headers", "type":["null","string"],"default":null,"doc":"HTTP request headers"},
{"name":"http_response_status_code", "type":["null","int"],"doc":"HTTP response status code", "default": null},
{"name":"http_response_status_msg", "type":["null","string"],"doc":"HTTP response status message", "default": null},
{"name":"http_response_body_len", "type":["null","int"],"doc":"Length of response body", "default": null},
@@ -144,7 +144,7 @@
{"name":"http_response_info_msg", "type":["null","string"],"doc":"HTTP response info message", "default": null},
{"name":"http_response_resp_fuids", "type":["null","string"],"doc":"Response FUIDS", "default": null},
{"name":"http_response_mime_types", "type":["null","string"],"doc":"Mime types", "default": null},
- {"name":"http_response_headers", "type":["null",{"type":"map","values":["null","string"]}],"default":null,"doc":"Response headers"},
+ {"name":"http_response_headers", "type":["null","string"],"default":null,"doc":"Response headers"},
{"name":"smtp_trans_depth", "type":["null","int"],"doc":"Depth of email into SMTP exchange", "default": null},
{"name":"smtp_headers_helo", "type":["null","string"],"doc":"Helo header", "default": null},
{"name":"smtp_headers_mailfrom", "type":["null","string"],"doc":"Mailfrom header", "default": null},
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/050ce091/spot-setup/odm/threat_intelligence_context.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/threat_intelligence_context.avsc b/spot-setup/odm/threat_intelligence_context.avsc
index 11a3985..b054cfd 100644
--- a/spot-setup/odm/threat_intelligence_context.avsc
+++ b/spot-setup/odm/threat_intelligence_context.avsc
@@ -13,22 +13,22 @@
{"name":"ti_severity", "type":["null","string"],"doc":"Nation State, Targeted, Advanced, Commodity, Other", "default": null},
{"name":"ti_category", "type":["null","string"],"doc":"Ecrime, Hacktivism, Geo Pollitical, Foreign Intelligence Service", "default": null},
{"name":"ti_campaign_name", "type":["null","string"],"doc":"Internal Campaign designation", "default": null},
- {"name":"ti_deployed_location", "type":["null",{"type":"array", "items":"string"}],"doc":"Where this indicator should be matched for applicability (Core, Perimeter, Network, Endpoint, Logs, ALL, etc)", "default": null},
+ {"name":"ti_deployed_location", "type":["null","string"],"doc":"Where this indicator should be matched for applicability (Core, Perimeter, Network, Endpoint, Logs, ALL, etc)", "default": null},
{"name":"ti_associated_incidents", "type":["null","string"],"doc":"Known Associated Incident ID's", "default": null},
{"name":"ti_adversarial_identification_group", "type":["null","string"],"doc":"Adversary Group designation usually provided by the provider.", "default": null},
{"name":"ti_adversarial_identification_tactics", "type":["null","string"],"doc":"Known Adversary Tactics as indicated by the source provider.", "default": null},
{"name":"ti_adversarial_identification_reports", "type":["null","string"],"doc":"Linked Adversary reports."},
{"name":"ti_phase", "type":["null","string"],"doc":"Discovery, Weaponization, Delivery, C2, Exploitation, Actions on Objectives, etc", "default": null},
{"name":"ti_indicator_cve", "type":["null","string"],"doc":"MITRE CVE Link(s)", "default": null},
- {"name":"ti_indicator_ip4", "type":["null",{"type":"array", "items":"long"}],"doc":"CIDR noted IPv4 Address Indicated by Threat Intelligence", "default": null},
- {"name":"ti_indicator_ip4_str", "type":["null",{"type":"array", "items":"string"}],"doc":"CIDR noted IPv4 Address Indicated by Threat Intelligence", "default": null},
- {"name":"ti_indicator_ip6", "type":["null",{"type":"array", "items":"long"}],"doc":"IPv6 Address Indicated by Threat Intelligence", "default": null},
- {"name":"ti_indicator_ip6_str", "type":["null",{"type":"array", "items":"string"}],"doc":"IPv6 Address Indicated by Threat Intelligence", "default": null},
+ {"name":"ti_indicator_ip4", "type":["null","string"],"doc":"CIDR noted IPv4 Address Indicated by Threat Intelligence", "default": null},
+ {"name":"ti_indicator_ip4_str", "type":["null","string"],"doc":"CIDR noted IPv4 Address Indicated by Threat Intelligence", "default": null},
+ {"name":"ti_indicator_ip6", "type":["null","string"],"doc":"IPv6 Address Indicated by Threat Intelligence", "default": null},
+ {"name":"ti_indicator_ip6_str", "type":["null","string"],"doc":"IPv6 Address Indicated by Threat Intelligence", "default": null},
{"name":"ti_indicator_domain", "type":["null","string"],"doc":"Domain Name(s)", "default": null},
{"name":"ti_indicator_hostname", "type":["null","string"],"doc":"Host or Subdomain Name(es)", "default": null},
- {"name":"ti_indicator_email", "type":["null",{"type":"array", "items":"string"}],"doc":"Email addresses associated with Indicator", "default": null},
- {"name":"ti_indicator_url", "type":["null",{"type":"array", "items":"string"}],"doc":"URL(s) associated with indicatorv", "default": null},
- {"name":"ti_indicator_uri", "type":["null",{"type":"array", "items":"string"}],"doc":"URI(s) associated with indicator", "default": null},
+ {"name":"ti_indicator_email", "type":["null","string"],"doc":"Email addresses associated with Indicator", "default": null},
+ {"name":"ti_indicator_url", "type":["null","string"],"doc":"URL(s) associated with indicatorv", "default": null},
+ {"name":"ti_indicator_uri", "type":["null","string"],"doc":"URI(s) associated with indicator", "default": null},
{"name":"ti_indicator_file_hash", "type":["null","string"],"doc":"File Hash Value associated with the indicator.", "default": null},
{"name":"ti_indicator_file_path", "type":["null","string"],"doc":"File Path Value associated with the indicator.", "default": null},
{"name":"ti_indicator_mutex", "type":["null","string"],"doc":"MUTEX Value associated with the indicator.", "default": null},
@@ -44,12 +44,12 @@
{"name":"ti_indicator_file_accessed", "type":["null","long"],"doc":"Date File value associated with the indicator was last accessed.", "default": null},
{"name":"ti_indicator_file_changed", "type":["null","long"],"doc":"Date File value associated with the indicator was last changed.", "default": null},
{"name":"ti_indicator_file_entropy", "type":["null","string"],"doc":"Calculated entropy value associated with the file indicated.", "default": null},
- {"name":"ti_indicator_file_attributes", "type":["null",{"type":"array", "items":"string"}],"doc":"Read Only, System, Hidden, Directory, Archive, Device, Temporary, SparseFile, Compressed, Encrypted, Index, Deleted, etc", "default": null},
+ {"name":"ti_indicator_file_attributes", "type":["null","string"],"doc":"Read Only, System, Hidden, Directory, Archive, Device, Temporary, SparseFile, Compressed, Encrypted, Index, Deleted, etc", "default": null},
{"name":"ti_indicator_user_name", "type":["null","string"],"doc":"username associated with the indicator.", "default": null},
{"name":"ti_indicator_security_id", "type":["null","string"],"doc":"if known securityID associated with the indicator.", "default": null},
- {"name":"ti_indicator_pe_info", "type":["null",{"type":"array", "items":"string"}],"doc":"Subsystem, BaseAddress, PETImeStamp, Expert, JumpCodes, DetectedAnomalies, DigitalSignatures,VersionInfo, ResourceInfo,Imported Modules", "default": null},
- {"name":"ti_indicator_pe_type", "type":["null",{"type":"array", "items":"string"}],"doc":"Executable, DLL, Invalid, Unknown, Native, Windows_GUI, OS2, POSIX, EFI, etc", "default": null},
- {"name":"ti_indicator_strings", "type":["null",{"type":"array", "items":"string"}],"doc":"Any strings associated with the file indicated that might be useful in identification or further indicator development or adversary identification.", "default": null},
+ {"name":"ti_indicator_pe_info", "type":["null","string"],"doc":"Subsystem, BaseAddress, PETImeStamp, Expert, JumpCodes, DetectedAnomalies, DigitalSignatures,VersionInfo, ResourceInfo,Imported Modules", "default": null},
+ {"name":"ti_indicator_pe_type", "type":["null","string"],"doc":"Executable, DLL, Invalid, Unknown, Native, Windows_GUI, OS2, POSIX, EFI, etc", "default": null},
+ {"name":"ti_indicator_strings", "type":["null","string"],"doc":"Any strings associated with the file indicated that might be useful in identification or further indicator development or adversary identification.", "default": null},
{"name":"ti_indicator_org", "type":["null","string"],"doc":"Name of the business that owns the IP address associated with the indicator", "default": null},
{"name":"ti_indicator_reg_name", "type":["null","string"],"doc":"Name of the person who registered the domain", "default": null},
{"name":"ti_indicator_reg_email", "type":["null","string"],"doc":"Email address of the person who registered the domain", "default": null},
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/050ce091/spot-setup/odm/user_context.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/user_context.avsc b/spot-setup/odm/user_context.avsc
index 058c271..b424535 100644
--- a/spot-setup/odm/user_context.avsc
+++ b/spot-setup/odm/user_context.avsc
@@ -26,12 +26,12 @@
{"name":"user_ou", "type":["null","string"],"doc":"Organizational unit","default":null},
{"name":"user_empid", "type":["null","string"],"doc":"Employee ID","default":null},
{"name":"user_title", "type":["null","string"],"doc":"Job Title","default":null},
- {"name":"user_groups", "type":["null",{"type":"array", "items":"string"}],"doc":"Groups to which the user belongs","default":null},
+ {"name":"user_groups", "type":["null","string"],"doc":"Groups to which the user belongs","default":null},
{"name":"dvc_type", "type":["null","string"],"doc":"Device type that generated the user context data","default":null},
{"name":"dvc_vendor", "type":["null","string"],"doc":"Vendor","default":null},
{"name":"user_risk", "type":["null","float"],"doc":"Risk score","default":null},
{"name":"dvc_version", "type":["null","string"],"doc":"Version","default":null},
- {"name":"additional_attrs", "type":["null",{"type":"map","values":["null","string"]}],"default":null,"doc":"Additional attributes of user"}
+ {"name":"additional_attrs", "type":["null","string"],"default":null,"doc":"Additional attributes of user"}
],
"doc": "A view schema for storing Apache Spot User Context data."
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/050ce091/spot-setup/odm/vulnerability_context.avsc
----------------------------------------------------------------------
diff --git a/spot-setup/odm/vulnerability_context.avsc b/spot-setup/odm/vulnerability_context.avsc
index 933b8d1..0b8afc8 100644
--- a/spot-setup/odm/vulnerability_context.avsc
+++ b/spot-setup/odm/vulnerability_context.avsc
@@ -12,7 +12,7 @@
{"name":"vuln_severity", "type":["null","string"],"doc":"TBD", "default": null},
{"name":"vuln_created", "type":["null","long"],"doc":"TBD", "default": null},
{"name":"vuln_updated", "type":["null","long"],"doc":"TBD", "default": null},
- {"name":"additional_attrs", "type":["null",{"type":"map","values":["null","string"]}],"default":null,"doc":"Additional attributes of vulnerability"}
+ {"name":"additional_attrs", "type":["null","string"],"default":null,"doc":"Additional attributes of vulnerability"}
],
"doc": "A view schema for storing Apache Spot Vulnerability Context data."
}
\ No newline at end of file