-------- ATTEMPTING TO VALIDATE FILE: ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.parquet-------- Validating Against OCSF Event Class: 2004 Validating Against OCSF Version: 1.1.0 Validating Against OCSF Profiles: [] ------------------------------- INPUT RECORD ------------------------------ { "activity_id": 1, "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "count": 17, "finding_info": { "analytic": { "category": "audit, audit_command", "name": "N/A", "type_id": 1, "uid": "80790" }, "attacks": { "tactic": { "name": "N/A", "uid": "N/A" }, "technique": { "name": "N/A", "uid": "N/A" }, "version": "v13.1" }, "title": "Audit: Command: /usr/sbin/sh", "types": [ "N/A" ], "uid": "1580123327.49031" }, "message": "Audit: Command: /usr/sbin/sh", "metadata": { "log_name": "Security events", "log_provider": "Wazuh", "product": { "lang": "en", "name": "Wazuh", "vendor_name": "Wazuh, Inc,." }, "version": "1.1.0", "profiles": [] }, "raw_data": "", "resources": [ { "name": "Ubuntu", "uid": "004" } ], "risk_score": 3, "severity_id": 1, "status_id": 99, "time": "2024-04-26T14:13:10.039+0000", "type_uid": 200401, "unmapped": { "data_sources": [ "", "wazuh-manager" ], "nist": [] } } ---------------------------------- OUTPUT --------------------------------- INVALID OCSF. --------------------------------------------------------------------------- {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} is not of type 'array' Failed validating 'type' in schema['properties']['finding_info']['properties']['attacks']: {'items': {'$ref': '#/$defs/attack'}, 'title': 'MITRE ATT&CK® Details', 'type': 'array'} On instance['finding_info']['attacks']: {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} --------------------------------------------------------------------------- '2024-04-26T14:13:10.039+0000' is not of type 'integer' Failed validating 'type' in schema['properties']['time']: {'title': 'Event Time', 'type': 'integer'} On instance['time']: '2024-04-26T14:13:10.039+0000' --------------------------------------------------------------------------- --------------------------------- METRICS --------------------------------- WARN: The OCSF log has: 5.41% of its keys in unmapped. WARN: THERE IS NO FILE WITH NAME ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.source IN parquet/inputs - SKIPPING METRICS FOR DROPPED RECORDS. Validating Against OCSF Event Class: 2004 Validating Against OCSF Version: 1.1.0 Validating Against OCSF Profiles: [] ------------------------------- INPUT RECORD ------------------------------ { "activity_id": 1, "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "count": 0, "finding_info": { "analytic": { "category": "ciscat", "name": "N/A", "type_id": 1, "uid": "4746" }, "attacks": { "tactic": { "name": "N/A", "uid": "N/A" }, "technique": { "name": "N/A", "uid": "N/A" }, "version": "v13.1" }, "title": "Sample alert 1", "types": [ "N/A" ], "uid": "1580123327.49031" }, "message": "Sample alert 1", "metadata": { "log_name": "Security events", "log_provider": "Wazuh", "product": { "lang": "en", "name": "Wazuh", "vendor_name": "Wazuh, Inc,." }, "version": "1.1.0", "profiles": [] }, "raw_data": "", "resources": [ { "name": "Windows", "uid": "006" } ], "risk_score": 10, "severity_id": 3, "status_id": 99, "time": "2024-04-26T14:13:25.199+0000", "type_uid": 200401, "unmapped": { "data_sources": [ "", "wazuh-manager" ], "nist": [] } } ---------------------------------- OUTPUT --------------------------------- INVALID OCSF. --------------------------------------------------------------------------- {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} is not of type 'array' Failed validating 'type' in schema['properties']['finding_info']['properties']['attacks']: {'items': {'$ref': '#/$defs/attack'}, 'title': 'MITRE ATT&CK® Details', 'type': 'array'} On instance['finding_info']['attacks']: {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} --------------------------------------------------------------------------- '2024-04-26T14:13:25.199+0000' is not of type 'integer' Failed validating 'type' in schema['properties']['time']: {'title': 'Event Time', 'type': 'integer'} On instance['time']: '2024-04-26T14:13:25.199+0000' --------------------------------------------------------------------------- --------------------------------- METRICS --------------------------------- WARN: The OCSF log has: 5.41% of its keys in unmapped. WARN: THERE IS NO FILE WITH NAME ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.source IN parquet/inputs - SKIPPING METRICS FOR DROPPED RECORDS. Validating Against OCSF Event Class: 2004 Validating Against OCSF Version: 1.1.0 Validating Against OCSF Profiles: [] ------------------------------- INPUT RECORD ------------------------------ { "activity_id": 1, "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "count": 11, "finding_info": { "analytic": { "category": "audit, audit_command", "name": "N/A", "type_id": 1, "uid": "80784" }, "attacks": { "tactic": { "name": "N/A", "uid": "N/A" }, "technique": { "name": "N/A", "uid": "N/A" }, "version": "v13.1" }, "title": "Audit: Command: /usr/sbin/id", "types": [ "N/A" ], "uid": "1580123327.49031" }, "message": "Audit: Command: /usr/sbin/id", "metadata": { "log_name": "Security events", "log_provider": "Wazuh", "product": { "lang": "en", "name": "Wazuh", "vendor_name": "Wazuh, Inc,." }, "version": "1.1.0", "profiles": [] }, "raw_data": "", "resources": [ { "name": "Centos", "uid": "005" } ], "risk_score": 3, "severity_id": 1, "status_id": 99, "time": "2024-04-26T14:13:03.845+0000", "type_uid": 200401, "unmapped": { "data_sources": [ "", "wazuh-manager" ], "nist": [] } } ---------------------------------- OUTPUT --------------------------------- INVALID OCSF. --------------------------------------------------------------------------- {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} is not of type 'array' Failed validating 'type' in schema['properties']['finding_info']['properties']['attacks']: {'items': {'$ref': '#/$defs/attack'}, 'title': 'MITRE ATT&CK® Details', 'type': 'array'} On instance['finding_info']['attacks']: {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} --------------------------------------------------------------------------- '2024-04-26T14:13:03.845+0000' is not of type 'integer' Failed validating 'type' in schema['properties']['time']: {'title': 'Event Time', 'type': 'integer'} On instance['time']: '2024-04-26T14:13:03.845+0000' --------------------------------------------------------------------------- --------------------------------- METRICS --------------------------------- WARN: The OCSF log has: 5.41% of its keys in unmapped. WARN: THERE IS NO FILE WITH NAME ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.source IN parquet/inputs - SKIPPING METRICS FOR DROPPED RECORDS. Validating Against OCSF Event Class: 2004 Validating Against OCSF Version: 1.1.0 Validating Against OCSF Profiles: [] ------------------------------- INPUT RECORD ------------------------------ { "activity_id": 1, "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "count": 17, "finding_info": { "analytic": { "category": "audit, audit_command", "name": "N/A", "type_id": 1, "uid": "80790" }, "attacks": { "tactic": { "name": "N/A", "uid": "N/A" }, "technique": { "name": "N/A", "uid": "N/A" }, "version": "v13.1" }, "title": "Audit: Command: /usr/sbin/sh", "types": [ "N/A" ], "uid": "1580123327.49031" }, "message": "Audit: Command: /usr/sbin/sh", "metadata": { "log_name": "Security events", "log_provider": "Wazuh", "product": { "lang": "en", "name": "Wazuh", "vendor_name": "Wazuh, Inc,." }, "version": "1.1.0", "profiles": [] }, "raw_data": "", "resources": [ { "name": "RHEL7", "uid": "001" } ], "risk_score": 3, "severity_id": 1, "status_id": 99, "time": "2024-04-26T14:13:20.151+0000", "type_uid": 200401, "unmapped": { "data_sources": [ "", "wazuh-manager" ], "nist": [] } } ---------------------------------- OUTPUT --------------------------------- INVALID OCSF. --------------------------------------------------------------------------- {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} is not of type 'array' Failed validating 'type' in schema['properties']['finding_info']['properties']['attacks']: {'items': {'$ref': '#/$defs/attack'}, 'title': 'MITRE ATT&CK® Details', 'type': 'array'} On instance['finding_info']['attacks']: {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} --------------------------------------------------------------------------- '2024-04-26T14:13:20.151+0000' is not of type 'integer' Failed validating 'type' in schema['properties']['time']: {'title': 'Event Time', 'type': 'integer'} On instance['time']: '2024-04-26T14:13:20.151+0000' --------------------------------------------------------------------------- --------------------------------- METRICS --------------------------------- WARN: The OCSF log has: 5.41% of its keys in unmapped. WARN: THERE IS NO FILE WITH NAME ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.source IN parquet/inputs - SKIPPING METRICS FOR DROPPED RECORDS. Validating Against OCSF Event Class: 2004 Validating Against OCSF Version: 1.1.0 Validating Against OCSF Profiles: [] ------------------------------- INPUT RECORD ------------------------------ { "activity_id": 1, "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "count": 3, "finding_info": { "analytic": { "category": "audit, audit_command", "name": "N/A", "type_id": 1, "uid": "80791" }, "attacks": { "tactic": { "name": "N/A", "uid": "N/A" }, "technique": { "name": "N/A", "uid": "N/A" }, "version": "v13.1" }, "title": "Audit: Command: /usr/sbin/ssh", "types": [ "N/A" ], "uid": "1580123327.49031" }, "message": "Audit: Command: /usr/sbin/ssh", "metadata": { "log_name": "Security events", "log_provider": "Wazuh", "product": { "lang": "en", "name": "Wazuh", "vendor_name": "Wazuh, Inc,." }, "version": "1.1.0", "profiles": [] }, "raw_data": "", "resources": [ { "name": "RHEL7", "uid": "001" } ], "risk_score": 3, "severity_id": 1, "status_id": 99, "time": "2024-04-26T14:13:15.111+0000", "type_uid": 200401, "unmapped": { "data_sources": [ "", "wazuh-manager" ], "nist": [] } } ---------------------------------- OUTPUT --------------------------------- INVALID OCSF. --------------------------------------------------------------------------- {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} is not of type 'array' Failed validating 'type' in schema['properties']['finding_info']['properties']['attacks']: {'items': {'$ref': '#/$defs/attack'}, 'title': 'MITRE ATT&CK® Details', 'type': 'array'} On instance['finding_info']['attacks']: {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'} --------------------------------------------------------------------------- '2024-04-26T14:13:15.111+0000' is not of type 'integer' Failed validating 'type' in schema['properties']['time']: {'title': 'Event Time', 'type': 'integer'} On instance['time']: '2024-04-26T14:13:15.111+0000' --------------------------------------------------------------------------- --------------------------------- METRICS --------------------------------- WARN: The OCSF log has: 5.41% of its keys in unmapped. WARN: THERE IS NO FILE WITH NAME ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.source IN parquet/inputs - SKIPPING METRICS FOR DROPPED RECORDS.