diff --git a/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8.md b/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8.md index b18d2936d1..94db317902 100644 --- a/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8.md +++ b/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8.md @@ -34,7 +34,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I ```json { - "message": "\"0\" \"1\" \"ad.corp\" \"ad.corp\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate \nTemplates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=corp\" \"1996840\" \"2\" \n\"R-CERTIF-TEMPLATE-MISCONFIG\" \"76485473\" \"DisplayName\"=\"DSC UCN Export\" \"DomainName\"=\"ad.corp\" \n\"DangerousAceList\"=\"[{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-34\n5849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.corp\\\\AC750-DSI-SDAT-Espace de \ntravail-FOO-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-109881018\n9-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693739-515\",\"Item3\":\"ad.corp\\\\Ordinateurs du \ndomaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\"\n,\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.corp\\\\AC750-DSI-SDAT-Espace de \ntravail-FOO-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}]\" \n\"TrustEnrollServiceAceOptionChecked\"=\"\u2610\" \"TrustEnrollServicesList\"=\"\u29b0\" \"ApproveCertifTestOptionChecked\"=\"\u2610\" \n\"EnrollmentFlagDeviantAces\"=\"?\" \"EnrollmentFlagAttributeMisconfigured\"=\"?\" \"RaSignatureAttributeDeviantAces\"=\"\u274c\ufe0f\" \n\"RaSignatureAttributeMisconfigured\"=\"\u274c\ufe0f\" \"EkuAttributeDeviantAces\"=\"\u274c\ufe0f\" \"EkuContainAuthAttribute\"=\"\u2714\ufe0f\" \n\"EkuContainAuthList\"=\"\u29b0\" \"SanConfigCsrOptionChecked\"=\"\u2612\" \"CertificateNameDeviantAces\"=\"\u274c\ufe0f\" \n\"SanConfigCsrMisconfigured\"=\"\u2714\ufe0f\"", + "message": "\"0\" \"1\" \"ad.corp\" \"ad.corp\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate \nTemplates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=corp\" \"1996840\" \"2\" \n\"R-CERTIF-TEMPLATE-MISCONFIG\" \"76485473\" \"DisplayName\"=\"DSC UCN Export\" \"DomainName\"=\"ad.corp\" \n\"DangerousAceList\"=\"[{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-34\n5849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.corp\\\\Espace de \ntravail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-109881018\n9-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693739-515\",\"Item3\":\"ad.corp\\\\Ordinateurs du \ndomaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\"\n,\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.corp\\\\Espace de \ntravail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}]\" \n\"TrustEnrollServiceAceOptionChecked\"=\"\u2610\" \"TrustEnrollServicesList\"=\"\u29b0\" \"ApproveCertifTestOptionChecked\"=\"\u2610\" \n\"EnrollmentFlagDeviantAces\"=\"?\" \"EnrollmentFlagAttributeMisconfigured\"=\"?\" \"RaSignatureAttributeDeviantAces\"=\"\u274c\ufe0f\" \n\"RaSignatureAttributeMisconfigured\"=\"\u274c\ufe0f\" \"EkuAttributeDeviantAces\"=\"\u274c\ufe0f\" \"EkuContainAuthAttribute\"=\"\u2714\ufe0f\" \n\"EkuContainAuthList\"=\"\u29b0\" \"SanConfigCsrOptionChecked\"=\"\u2612\" \"CertificateNameDeviantAces\"=\"\u274c\ufe0f\" \n\"SanConfigCsrMisconfigured\"=\"\u2714\ufe0f\"", "event": { "kind": "alert", "outcome": "success" @@ -50,7 +50,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I "ADobject": "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=corp", "ApproveCertifTestOptionChecked": "\u2610", "CertificateNameDeviantAces": "\u274c\ufe0f", - "DangerousAceList": "{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.corp\\\\AC750-DSI-SDAT-Espace de travail-FOO-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693739-515\",\"Item3\":\"ad.corp\\\\Ordinateurs du domaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.corp\\\\AC750-DSI-SDAT-Espace de travail-FOO-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}", + "DangerousAceList": "{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.corp\\\\Espace de travail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693739-515\",\"Item3\":\"ad.corp\\\\Ordinateurs du domaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.corp\\\\Espace de travail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}", "DisplayName": "DSC UCN Export", "DomainName": "ad.corp", "EkuAttributeDeviantAces": "\u274c\ufe0f", @@ -84,7 +84,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I ```json { - "message": "\"0\" \"1\" \"ad.domain\" \"ad.domain\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \"1996839\" \"2\" \"R-CERTIF-TEMPLATE-ACL\" \"76485473\" \n \"DistinguishedName\"=\"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \n \"DangerousAceList\"=\"[{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.domain\\\\AC750-DSI-FOO-Espace de \n travail-GSW-Adm\",\"Item4\":[{\"Item1\":\"Modify permissions\",\"Item2\":\"\"},{\"Item1\":\"Modify owner\",\"Item2\":\"\"},{\"Item1\":\"Write all properties\",\"Item2\":\"\"}]}]\"", + "message": "\"0\" \"1\" \"ad.domain\" \"ad.domain\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \"1996839\" \"2\" \"R-CERTIF-TEMPLATE-ACL\" \"76485473\" \n \"DistinguishedName\"=\"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \n \"DangerousAceList\"=\"[{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.domain\\\\Espace de \n travail-Adm\",\"Item4\":[{\"Item1\":\"Modify permissions\",\"Item2\":\"\"},{\"Item1\":\"Modify owner\",\"Item2\":\"\"},{\"Item1\":\"Write all properties\",\"Item2\":\"\"}]}]\"", "event": { "kind": "alert", "outcome": "success" @@ -98,7 +98,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I "ADdomainName": "ad.domain", "ADforestName": "ad.domain", "ADobject": "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain", - "DangerousAceList": "{\"Item1\": \"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item2\": \"S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item3\": \"urdom.ad.domain\\\\AC750-DSI-FOO-Espace de travail-GSW-Adm\", \"Item4\": [{\"Item1\": \"Modify permissions\", \"Item2\": \"\"}, {\"Item1\": \"Modify owner\", \"Item2\": \"\"}, {\"Item1\": \"Write all properties\", \"Item2\": \"\"}]}", + "DangerousAceList": "{\"Item1\": \"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item2\": \"S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item3\": \"test.ad.domain\\\\Espace de travail-Adm\", \"Item4\": [{\"Item1\": \"Modify permissions\", \"Item2\": \"\"}, {\"Item1\": \"Modify owner\", \"Item2\": \"\"}, {\"Item1\": \"Write all properties\", \"Item2\": \"\"}]}", "DistinguishedName": "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain", "alertID": 1, "alertSeverityLevel": "critical", @@ -120,7 +120,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I ```json { - "message": "\"0\" \"1\" \"ad.domain\" \"ad.domain\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \"1996840\" \"2\" \n\"R-CERTIF-TEMPLATE-MISCONFIG\" \"76485473\" \"DisplayName\"=\"DSC UCN Export\" \"DomainName\"=\"ad.domain\" \n\"DangerousAceList\"=\"[{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item\n3\":\"urdom.ad.domain\\\\AC750-DSI-SDAT-Espace de travail-GSW-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693\n739-515\",\"Item3\":\"ad.domain\\\\Ordinateurs du domaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"u\nrdom.ad.domain\\\\AC750-DSI-SDAT-Espace de travail-GSW-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}]\" \"TrustEnrollServiceAceOptionChecked\"=\"\u2610\" \n\"TrustEnrollServicesList\"=\"\u29b0\" \"ApproveCertifTestOptionChecked\"=\"\u2610\" \"EnrollmentFlagDeviantAces\"=\"?\" \"EnrollmentFlagAttributeMisconfigured\"=\"?\" \"RaSignatureAttributeDeviantAces\"=\"\u274c\ufe0f\" \n\"RaSignatureAttributeMisconfigured\"=\"\u274c\ufe0f\" \"EkuAttributeDeviantAces\"=\"\u274c\ufe0f\" \"EkuContainAuthAttribute\"=\"\u2714\ufe0f\" \"EkuContainAuthList\"=\"\u29b0\" \"SanConfigCsrOptionChecked\"=\"\u2612\" \n\"CertificateNameDeviantAces\"=\"\u274c\ufe0f\" \"SanConfigCsrMisconfigured\"=\"\u2714\ufe0f\"", + "message": "\"0\" \"1\" \"ad.domain\" \"ad.domain\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \"1996840\" \"2\" \n\"R-CERTIF-TEMPLATE-MISCONFIG\" \"76485473\" \"DisplayName\"=\"DSC UCN Export\" \"DomainName\"=\"ad.domain\" \n\"DangerousAceList\"=\"[{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item\n3\":\"test.ad.domain\\\\Espace de travail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693\n739-515\",\"Item3\":\"ad.domain\\\\Ordinateurs du domaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended \nright\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.domain\\\\Espace de travail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}]\" \"TrustEnrollServiceAceOptionChecked\"=\"\u2610\" \n\"TrustEnrollServicesList\"=\"\u29b0\" \"ApproveCertifTestOptionChecked\"=\"\u2610\" \"EnrollmentFlagDeviantAces\"=\"?\" \"EnrollmentFlagAttributeMisconfigured\"=\"?\" \"RaSignatureAttributeDeviantAces\"=\"\u274c\ufe0f\" \n\"RaSignatureAttributeMisconfigured\"=\"\u274c\ufe0f\" \"EkuAttributeDeviantAces\"=\"\u274c\ufe0f\" \"EkuContainAuthAttribute\"=\"\u2714\ufe0f\" \"EkuContainAuthList\"=\"\u29b0\" \"SanConfigCsrOptionChecked\"=\"\u2612\" \n\"CertificateNameDeviantAces\"=\"\u274c\ufe0f\" \"SanConfigCsrMisconfigured\"=\"\u2714\ufe0f\"", "event": { "kind": "alert", "outcome": "success" @@ -136,7 +136,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I "ADobject": "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain", "ApproveCertifTestOptionChecked": "\u2610", "CertificateNameDeviantAces": "\u274c\ufe0f", - "DangerousAceList": "{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.domain\\\\AC750-DSI-SDAT-Espace de travail-GSW-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693739-515\",\"Item3\":\"ad.domain\\\\Ordinateurs du domaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.domain\\\\AC750-DSI-SDAT-Espace de travail-GSW-Adm\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}", + "DangerousAceList": "{\"Item1\":\"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.domain\\\\Espace de travail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515\",\"Item2\":\"S-1-5-21-1098810189-8133351-2328693739-515\",\"Item3\":\"ad.domain\\\\Ordinateurs du domaine\",\"Item4\":[{\"Item1\":\"[Certificate Template] Extended right\",\"Item2\":\"Certificate-Enrollment\"}]},{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.domain\\\\Espace de travail\",\"Item4\":[{\"Item1\":\"[Certificate Template] Write all properties\",\"Item2\":\"\"}]}", "DisplayName": "DSC UCN Export", "DomainName": "ad.domain", "EkuAttributeDeviantAces": "\u274c\ufe0f", @@ -170,7 +170,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I ```json { - "message": "\"0\" \"1\" \"ad.domain\" \"ad.domain\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \"1996839\" \"2\" \"R-CERTIF-TEMPLATE-ACL\" \n\"76485473\" \"DistinguishedName\"=\"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \n\"DangerousAceList\"=\"[{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"urdom.ad.domain\\\\AC750-DSI-SDAT-Espace de \ntravail-GSW-Adm\",\"Item4\":[{\"Item1\":\"Modify permissions\",\"Item2\":\"\"},{\"Item1\":\"Modify owner\",\"Item2\":\"\"},{\"Item1\":\"Write all properties\",\"Item2\":\"\"}]}]\"", + "message": "\"0\" \"1\" \"ad.domain\" \"ad.domain\" \"C-PKI-DANG-ACCESS\" \"critical\" \"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \"1996839\" \"2\" \"R-CERTIF-TEMPLATE-ACL\" \n\"76485473\" \"DistinguishedName\"=\"CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain\" \n\"DangerousAceList\"=\"[{\"Item1\":\"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item2\":\"S-1-5-21-1229472208-2678311744-2345022811-345849\",\"Item3\":\"test.ad.domain\\\\Espace de \ntravail\",\"Item4\":[{\"Item1\":\"Modify permissions\",\"Item2\":\"\"},{\"Item1\":\"Modify owner\",\"Item2\":\"\"},{\"Item1\":\"Write all properties\",\"Item2\":\"\"}]}]\"", "event": { "kind": "alert", "outcome": "success" @@ -184,7 +184,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I "ADdomainName": "ad.domain", "ADforestName": "ad.domain", "ADobject": "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain", - "DangerousAceList": "{\"Item1\": \"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item2\": \"S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item3\": \"urdom.ad.domain\\\\AC750-DSI-SDAT-Espace de travail-GSW-Adm\", \"Item4\": [{\"Item1\": \"Modify permissions\", \"Item2\": \"\"}, {\"Item1\": \"Modify owner\", \"Item2\": \"\"}, {\"Item1\": \"Write all properties\", \"Item2\": \"\"}]}", + "DangerousAceList": "{\"Item1\": \"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item2\": \"S-1-5-21-1229472208-2678311744-2345022811-345849\", \"Item3\": \"test.ad.domain\\\\Espace de travail\", \"Item4\": [{\"Item1\": \"Modify permissions\", \"Item2\": \"\"}, {\"Item1\": \"Modify owner\", \"Item2\": \"\"}, {\"Item1\": \"Write all properties\", \"Item2\": \"\"}]}", "DistinguishedName": "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain", "alertID": 1, "alertSeverityLevel": "critical", diff --git a/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8_sample.md b/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8_sample.md index 1f1e0f0fc3..70295fc9e9 100644 --- a/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8_sample.md +++ b/_shared_content/operations_center/integrations/generated/44d41a2b-96cb-4d37-84e0-4f0c0f9138b8_sample.md @@ -11,14 +11,14 @@ In this section, you will find examples of raw logs as generated natively by the Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=corp" "1996840" "2" "R-CERTIF-TEMPLATE-MISCONFIG" "76485473" "DisplayName"="DSC UCN Export" "DomainName"="ad.corp" "DangerousAceList"="[{"Item1":"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-34 - 5849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"urdom.ad.corp\\AC750-DSI-SDAT-Espace de - travail-FOO-Adm","Item4":[{"Item1":"[Certificate Template] Extended + 5849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"test.ad.corp\\Espace de + travail","Item4":[{"Item1":"[Certificate Template] Extended right","Item2":"Certificate-Enrollment"}]},{"Item1":"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-109881018 9-8133351-2328693739-515","Item2":"S-1-5-21-1098810189-8133351-2328693739-515","Item3":"ad.corp\\Ordinateurs du domaine","Item4":[{"Item1":"[Certificate Template] Extended right","Item2":"Certificate-Enrollment"}]},{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849" - ,"Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"urdom.ad.corp\\AC750-DSI-SDAT-Espace de - travail-FOO-Adm","Item4":[{"Item1":"[Certificate Template] Write all properties","Item2":""}]}]" + ,"Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"test.ad.corp\\Espace de + travail","Item4":[{"Item1":"[Certificate Template] Write all properties","Item2":""}]}]" "TrustEnrollServiceAceOptionChecked"="☐" "TrustEnrollServicesList"="⦰" "ApproveCertifTestOptionChecked"="☐" "EnrollmentFlagDeviantAces"="?" "EnrollmentFlagAttributeMisconfigured"="?" "RaSignatureAttributeDeviantAces"="❌️" "RaSignatureAttributeMisconfigured"="❌️" "EkuAttributeDeviantAces"="❌️" "EkuContainAuthAttribute"="✔️" @@ -33,8 +33,8 @@ In this section, you will find examples of raw logs as generated natively by the ``` "0" "1" "ad.domain" "ad.domain" "C-PKI-DANG-ACCESS" "critical" "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain" "1996839" "2" "R-CERTIF-TEMPLATE-ACL" "76485473" "DistinguishedName"="CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain" - "DangerousAceList"="[{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"urdom.ad.domain\\AC750-DSI-FOO-Espace de - travail-GSW-Adm","Item4":[{"Item1":"Modify permissions","Item2":""},{"Item1":"Modify owner","Item2":""},{"Item1":"Write all properties","Item2":""}]}]" + "DangerousAceList"="[{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"test.ad.domain\\Espace de + travail-Adm","Item4":[{"Item1":"Modify permissions","Item2":""},{"Item1":"Modify owner","Item2":""},{"Item1":"Write all properties","Item2":""}]}]" ``` @@ -45,11 +45,10 @@ In this section, you will find examples of raw logs as generated natively by the "0" "1" "ad.domain" "ad.domain" "C-PKI-DANG-ACCESS" "critical" "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain" "1996840" "2" "R-CERTIF-TEMPLATE-MISCONFIG" "76485473" "DisplayName"="DSC UCN Export" "DomainName"="ad.domain" "DangerousAceList"="[{"Item1":"OA;;CR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item - 3":"urdom.ad.domain\\AC750-DSI-SDAT-Espace de travail-GSW-Adm","Item4":[{"Item1":"[Certificate Template] Extended + 3":"test.ad.domain\\Espace de travail","Item4":[{"Item1":"[Certificate Template] Extended right","Item2":"Certificate-Enrollment"}]},{"Item1":"OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-1098810189-8133351-2328693739-515","Item2":"S-1-5-21-1098810189-8133351-2328693 739-515","Item3":"ad.domain\\Ordinateurs du domaine","Item4":[{"Item1":"[Certificate Template] Extended - right","Item2":"Certificate-Enrollment"}]},{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"u - rdom.ad.domain\\AC750-DSI-SDAT-Espace de travail-GSW-Adm","Item4":[{"Item1":"[Certificate Template] Write all properties","Item2":""}]}]" "TrustEnrollServiceAceOptionChecked"="☐" + right","Item2":"Certificate-Enrollment"}]},{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"test.ad.domain\\Espace de travail","Item4":[{"Item1":"[Certificate Template] Write all properties","Item2":""}]}]" "TrustEnrollServiceAceOptionChecked"="☐" "TrustEnrollServicesList"="⦰" "ApproveCertifTestOptionChecked"="☐" "EnrollmentFlagDeviantAces"="?" "EnrollmentFlagAttributeMisconfigured"="?" "RaSignatureAttributeDeviantAces"="❌️" "RaSignatureAttributeMisconfigured"="❌️" "EkuAttributeDeviantAces"="❌️" "EkuContainAuthAttribute"="✔️" "EkuContainAuthList"="⦰" "SanConfigCsrOptionChecked"="☒" "CertificateNameDeviantAces"="❌️" "SanConfigCsrMisconfigured"="✔️" @@ -62,8 +61,8 @@ In this section, you will find examples of raw logs as generated natively by the ``` "0" "1" "ad.domain" "ad.domain" "C-PKI-DANG-ACCESS" "critical" "CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain" "1996839" "2" "R-CERTIF-TEMPLATE-ACL" "76485473" "DistinguishedName"="CN=DSCUCNExport,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=ad,DC=domain" - "DangerousAceList"="[{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"urdom.ad.domain\\AC750-DSI-SDAT-Espace de - travail-GSW-Adm","Item4":[{"Item1":"Modify permissions","Item2":""},{"Item1":"Modify owner","Item2":""},{"Item1":"Write all properties","Item2":""}]}]" + "DangerousAceList"="[{"Item1":"A;;LCRPWPRCWDWO;;;S-1-5-21-1229472208-2678311744-2345022811-345849","Item2":"S-1-5-21-1229472208-2678311744-2345022811-345849","Item3":"test.ad.domain\\Espace de + travail","Item4":[{"Item1":"Modify permissions","Item2":""},{"Item1":"Modify owner","Item2":""},{"Item1":"Write all properties","Item2":""}]}]" ```