Cybersecurity talk: CSAF examples

This site contains list of CSAF examples. More samples will be present over the time. Currently, the focus is given on CSAF in JSON, but almost any method of transfer is possible (syslog, REST API ...). Please focus on the content, any delimiter can be chosen and object can be enclosed in other ways than in {}.

The first example tries to follow the same coloring scheme and distinction as in the schema definition

Example 1 with color distinction

{

"Device": {

"vendor": "Cisco",

"product": "ASA",

"version": "5525-X",

"OS": "IOS 14",

"module": "Firepower",

"feature": "WEB protection",

"device_name": "badassfw",

"device_IP": "10.20.255.1",

"policy": "block_porn",

"rule": "24",

"action": "blocked",

"Priority": {

"severity": "High",

"credibility": "Med",

"relevance": "10",

"Alert": {

"time": "2019/06/05 13:02:14.171",

"category": ["WEB","Traffic blocked","web access blocked"],

"name": "Porn site access",

"id": "100237"

"link": "http://10.20.255.1/alerts?id=100237"

"domain": "Tenant1",

"region": "CZ",

"target": ["freevideo.cz","adm_user","10.101.24.23"],

"artifacts": {

"username": "adm_user",

"src_IP": "10.101.24.23",

"src_port": "50435",

"dst_IP": "80.188.244.72",

"dst_port": "443",

"domain": "freevideo.cz",

"url": "https://freevideo.cz/big_gang_bang_theory",

"status": "active",

"tactics": ["defense evasion","execution"],

"techniques": "Web service"

"rawData": "null",

"associated_events": [

{

"time":"2019/06/05 13:02:11.171",

"name":"blocked web traffic",

"target":["freevideo.cz"],

"artifacts": {

"username": "adm_user",

"src_IP": "10.101.24.23",

"src_port": "50435",

"dst_IP": "80.188.244.72",

"dst_port": "80",

"domain": "freevideo.cz",

"url": "freevideo.cz",

"count": 1,

"rawData": "empty"

{

"time":"2019/06/05 13:02:12.171",

"name":"blocked web traffic",

"target":["https://freevideo.cz"],

"artifacts": {

"username": "adm_user",

"src_IP": "10.101.24.23",

"src_port": "50435",

"dst_IP": "80.188.244.72",

"dst_port": "443",

"domain": "freevideo.cz",

"url": "https://freevideo.cz/",

"count": 1,

"rawData": "empty"},

{

"time":"2019/06/05 13:02:13.171",

"name":"blocked web traffic",

"target":["https://freevideo.cz/big_gang_bankg_theory"],

"artifacts": {

"username": "adm_user",

"src_IP": "10.101.24.23",

"src_port": "50435",

"dst_IP": "80.188.244.72",

"dst_port": "443",

"domain": "freevideo.cz",

"url": "https://freevideo.cz/big_gang_bang_theory",

"count": 1,

"rawData": "empty"},

]

}

Example 2

{

"Device": {

"product": "AuditVault",

"device_name": "oracleauditvault",

"device_IP": "10.20.25.101",

"policy": "select star",

"action": "alert",

"Priority": {

"severity": "Medium",

"Alert": {

"time": "2020/02/02 10:22:14.153",

"category": ["DB","access","select"],

"name": "select star",

"target": ["etl_live","sysdba","10.10.24.23"],

"artifacts": {

"username": "sysdba",

"src_IP": "10.10.24.23",

"src_port": "56449",

"dst_IP": "10.18.24.72",

"dst_port": "1514",

"database": "etl_live",

"table": "users",

"rawData": "select * from users;",

}

Cybersecurity talk

Stránky

středa 25. března 2020

CSAF examples

Example 1 with color distinction

Example 2

Žádné komentáře:

Okomentovat