Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Parquet files format #217

Merged
merged 1 commit into from
Apr 26, 2024
Merged

Fix Parquet files format #217

merged 1 commit into from
Apr 26, 2024

Conversation

AlexRuiz7
Copy link
Member

Description

This PR fixes the Parquet format for the Amazon Security Lake integration.

Issues Resolved

Closes #214

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@AlexRuiz7 AlexRuiz7 self-assigned this Apr 26, 2024
@AlexRuiz7 AlexRuiz7 requested a review from a team as a code owner April 26, 2024 14:40
@AlexRuiz7
Copy link
Member Author

Evidence


+---------------+-----------------+----------------+-------------------+-------------+---------+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+------------+-------------------------------------+--------------+---------------+-------------+------------------------------+------------+-----------------------------------------------------------------------------------------------+
|   activity_id | category_name   |   category_uid | class_name        |   class_uid |   count | message                       | finding_info                                                                                                                                                                                                                                                                                                                      | metadata                                                                                                                                                | raw_data   | resources                           |   risk_score |   severity_id |   status_id | time                         |   type_uid | unmapped                                                                                      |
|---------------+-----------------+----------------+-------------------+-------------+---------+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+------------+-------------------------------------+--------------+---------------+-------------+------------------------------+------------+-----------------------------------------------------------------------------------------------|
|             1 | Findings        |              2 | Detection Finding |        2004 |      17 | Audit: Command: /usr/sbin/sh  | {'analytic': {'category': 'audit, audit_command', 'name': 'N/A', 'type_id': 1, 'uid': '80790'}, 'attacks': {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'}, 'title': 'Audit: Command: /usr/sbin/sh', 'types': array(['N/A'], dtype=object), 'uid': '1580123327.49031'}  | {'log_name': 'Security events', 'log_provider': 'Wazuh', 'product': {'lang': 'en', 'name': 'Wazuh', 'vendor_name': 'Wazuh, Inc,.'}, 'version': '1.1.0'} |            | [{'name': 'Ubuntu', 'uid': '004'}]  |            3 |             1 |          99 | 2024-04-26T14:13:10.039+0000 |     200401 | {'data_sources': array(['', 'wazuh-manager'], dtype=object), 'nist': array([], dtype=object)} |
|             1 | Findings        |              2 | Detection Finding |        2004 |       0 | Sample alert 1                | {'analytic': {'category': 'ciscat', 'name': 'N/A', 'type_id': 1, 'uid': '4746'}, 'attacks': {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'}, 'title': 'Sample alert 1', 'types': array(['N/A'], dtype=object), 'uid': '1580123327.49031'}                               | {'log_name': 'Security events', 'log_provider': 'Wazuh', 'product': {'lang': 'en', 'name': 'Wazuh', 'vendor_name': 'Wazuh, Inc,.'}, 'version': '1.1.0'} |            | [{'name': 'Windows', 'uid': '006'}] |           10 |             3 |          99 | 2024-04-26T14:13:25.199+0000 |     200401 | {'data_sources': array(['', 'wazuh-manager'], dtype=object), 'nist': array([], dtype=object)} |
|             1 | Findings        |              2 | Detection Finding |        2004 |      11 | Audit: Command: /usr/sbin/id  | {'analytic': {'category': 'audit, audit_command', 'name': 'N/A', 'type_id': 1, 'uid': '80784'}, 'attacks': {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'}, 'title': 'Audit: Command: /usr/sbin/id', 'types': array(['N/A'], dtype=object), 'uid': '1580123327.49031'}  | {'log_name': 'Security events', 'log_provider': 'Wazuh', 'product': {'lang': 'en', 'name': 'Wazuh', 'vendor_name': 'Wazuh, Inc,.'}, 'version': '1.1.0'} |            | [{'name': 'Centos', 'uid': '005'}]  |            3 |             1 |          99 | 2024-04-26T14:13:03.845+0000 |     200401 | {'data_sources': array(['', 'wazuh-manager'], dtype=object), 'nist': array([], dtype=object)} |
|             1 | Findings        |              2 | Detection Finding |        2004 |      17 | Audit: Command: /usr/sbin/sh  | {'analytic': {'category': 'audit, audit_command', 'name': 'N/A', 'type_id': 1, 'uid': '80790'}, 'attacks': {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'}, 'title': 'Audit: Command: /usr/sbin/sh', 'types': array(['N/A'], dtype=object), 'uid': '1580123327.49031'}  | {'log_name': 'Security events', 'log_provider': 'Wazuh', 'product': {'lang': 'en', 'name': 'Wazuh', 'vendor_name': 'Wazuh, Inc,.'}, 'version': '1.1.0'} |            | [{'name': 'RHEL7', 'uid': '001'}]   |            3 |             1 |          99 | 2024-04-26T14:13:20.151+0000 |     200401 | {'data_sources': array(['', 'wazuh-manager'], dtype=object), 'nist': array([], dtype=object)} |
|             1 | Findings        |              2 | Detection Finding |        2004 |       3 | Audit: Command: /usr/sbin/ssh | {'analytic': {'category': 'audit, audit_command', 'name': 'N/A', 'type_id': 1, 'uid': '80791'}, 'attacks': {'tactic': {'name': 'N/A', 'uid': 'N/A'}, 'technique': {'name': 'N/A', 'uid': 'N/A'}, 'version': 'v13.1'}, 'title': 'Audit: Command: /usr/sbin/ssh', 'types': array(['N/A'], dtype=object), 'uid': '1580123327.49031'} | {'log_name': 'Security events', 'log_provider': 'Wazuh', 'product': {'lang': 'en', 'name': 'Wazuh', 'vendor_name': 'Wazuh, Inc,.'}, 'version': '1.1.0'} |            | [{'name': 'RHEL7', 'uid': '001'}]   |            3 |             1 |          99 | 2024-04-26T14:13:15.111+0000 |     200401 | {'data_sources': array(['', 'wazuh-manager'], dtype=object), 'nist': array([], dtype=object)} |
+---------------+-----------------+----------------+-------------------+-------------+---------+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+------------+-------------------------------------+--------------+---------------+-------------+------------------------------+------------+-----------------------------------------------------------------------------------------------+

@AlexRuiz7 AlexRuiz7 mentioned this pull request Apr 26, 2024
Closed
2 tasks
@AlexRuiz7 AlexRuiz7 merged commit 4f4d40f into 4.9.0 Apr 26, 2024
8 checks passed
@AlexRuiz7 AlexRuiz7 deleted the 214-fix-parquet-format branch April 26, 2024 15:39
AlexRuiz7 added a commit that referenced this pull request Jun 28, 2024
@AlexRuiz7
Fix Parquet files format (#217)
a737e06
AlexRuiz7 added a commit that referenced this pull request Aug 20, 2024
@AlexRuiz7
Fix Parquet files format (#217)
dc50c5e
AlexRuiz7 added a commit that referenced this pull request Sep 9, 2024
@AlexRuiz7
Fix Parquet files format (#217)
6127124
AlexRuiz7 added a commit that referenced this pull request Sep 9, 2024
@AlexRuiz7
Fix Parquet files format (#217)
8aa9d52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@f-galland f-galland f-galland approved these changes

Assignees

@AlexRuiz7 AlexRuiz7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bad Parquet format on Amazon Security Lake integration
2 participants
@AlexRuiz7 @f-galland