From 64b9d4281c76f77e887fc02a7e866b345c623073 Mon Sep 17 00:00:00 2001 From: Daniel Miakotkin <55418063+danielmkn@users.noreply.github.com> Date: Tue, 4 Jun 2024 07:12:21 -0700 Subject: [PATCH] JFrog Cloud integration, add artifactory access log (#2367) --- jfrog_platform_cloud/README.md | 1 + .../jfrog_platform_cloud_overview.json | 1789 ++++++++++++++--- .../assets/logs/jfrog_artifactory.yaml | 261 ++- .../assets/logs/jfrog_artifactory_tests.yaml | 404 ++-- 4 files changed, 1916 insertions(+), 539 deletions(-) diff --git a/jfrog_platform_cloud/README.md b/jfrog_platform_cloud/README.md index 6e4e955d2a..ff4ea34aa6 100644 --- a/jfrog_platform_cloud/README.md +++ b/jfrog_platform_cloud/README.md @@ -14,6 +14,7 @@ This integration streams the following artifactory logs to Datadog: - **access-audit.log** - **artifactory-request.log** +- **artifactory-access.log** - **access-security-audit.log** These logs will allow customers to readily know who accessed what repositories and how often. The logs will also show what IP addresses accessed those repositories. Log types such as traffic.log, artifactory-access.log and more request logs will be added to this integration in future updates. diff --git a/jfrog_platform_cloud/assets/dashboards/jfrog_platform_cloud_overview.json b/jfrog_platform_cloud/assets/dashboards/jfrog_platform_cloud_overview.json index bded0fdfb6..d421ee6d62 100644 --- a/jfrog_platform_cloud/assets/dashboards/jfrog_platform_cloud_overview.json +++ b/jfrog_platform_cloud/assets/dashboards/jfrog_platform_cloud_overview.json @@ -98,8 +98,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -178,8 +176,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -248,8 +244,6 @@ "title": "Top requests by IP address", "title_size": "16", "title_align": "left", - "time": - {}, "type": "toplist", "requests": [ @@ -339,7 +333,7 @@ "definition": { "type": "note", - "content": "Then number of Artifactory requests with HTTP response code matching 4xx.", + "content": "The number of Artifactory requests with HTTP response code matching 4xx.", "background_color": "green", "font_size": "14", "text_align": "center", @@ -397,8 +391,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -535,8 +527,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -605,8 +595,6 @@ "title": "User request activity", "title_size": "16", "title_align": "left", - "time": - {}, "type": "toplist", "requests": [ @@ -759,8 +747,6 @@ "title": "Log volume, number of records", "title_size": "16", "title_align": "left", - "time": - {}, "requests": [ { @@ -858,16 +844,7 @@ "group_by": [ { - "facet": "@http.url", - "limit": 10, - "sort": - { - "order": "desc", - "aggregation": "count" - } - }, - { - "facet": "@usr.id", + "facet": "@http.url_details.path", "limit": 10, "sort": { @@ -876,7 +853,7 @@ } }, { - "facet": "@jfrog.cloud.tenant_id", + "facet": "@jfrog.cloud.instance_name", "limit": 10, "sort": { @@ -896,7 +873,7 @@ ], "search": { - "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.request -@http.url:/api/v1/system/* -@http.url:/api/v1/metrics* -@http.url:/api/xray/* -@http.url:/api/xrayRepo/* -@http.url:/api/system/* -@http.url:/api/auth/* -@http.url:/api/docker/*/token -@http.url:/api/storage* -@http.url:/api/replications* -@http.url:\"/api/repositories\" -@http.url:/api/subscription/* -@http.url:/api/jobs* -@http.url:/api/retention* -@http.url:\"/ui/auth/canAnnotate\"" + "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.request -@http.url_details.path:/api/v1/system/* -@http.url_details.path:/api/v1/metrics* -@http.url_details.path:/api/xray/* -@http.url_details.path:/api/xrayRepo/* -@http.url_details.path:/api/system/* -@http.url_details.path:/api/auth/* -@http.url_details.path:/api/docker/*/token -@http.url_details.path:/api/storage* -@http.url_details.path:/api/replications* -@http.url_details.path:\"/api/repositories\" -@http.url_details.path:/api/subscription/* -@http.url_details.path:/api/jobs* -@http.url_details.path:/api/retention* -@http.url_details.path:\"/ui/auth/canAnnotate\"" }, "storage": "hot" } @@ -904,14 +881,21 @@ "formulas": [ { - "formula": "query1", - "limit": + "formula": "query1" + } + ], + "sort": + { + "count": 1000, + "order_by": + [ { - "count": 10000, + "type": "formula", + "index": 0, "order": "desc" } - } - ] + ] + } } ], "custom_links": @@ -995,12 +979,7 @@ "formulas": [ { - "formula": "query1", - "limit": - { - "count": 10, - "order": "desc" - } + "formula": "query1" } ], "queries": @@ -1030,11 +1009,23 @@ ], "search": { - "query": "@jfrog.cloud.repo:*?* service:jfrog.saas.rt.artifactory.request" + "query": "source:jfrog_artifactory @jfrog.cloud.repo:*?* service:jfrog.saas.rt.artifactory.request @http.method:(HEAD OR PUT) @http.url_details.path:*/manifests/*" } } ], - "response_format": "scalar" + "response_format": "scalar", + "sort": + { + "count": 10, + "order_by": + [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } } ], "style": @@ -1111,7 +1102,7 @@ ], "search": { - "query": "@jfrog.cloud.repo:*?* service:jfrog.saas.rt.artifactory.request" + "query": "source:jfrog_artifactory @jfrog.cloud.repo:*?* service:jfrog.saas.rt.artifactory.request @http.method:(HEAD OR PUT) @http.url_details.path:*/manifests/*" } } ], @@ -1230,7 +1221,7 @@ ], "search": { - "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.request @http.url:*api/docker*" + "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.request @http.url_details.path:*api/docker* @http.method:(HEAD OR PUT) @http.url_details.path:*/manifests/*" }, "storage": "hot" } @@ -1238,14 +1229,21 @@ "formulas": [ { - "formula": "query1", - "limit": + "formula": "query1" + } + ], + "sort": + { + "count": 100, + "order_by": + [ { - "count": 100, + "type": "formula", + "index": 0, "order": "desc" } - } - ] + ] + } } ], "custom_links": @@ -1323,7 +1321,7 @@ ], "search": { - "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.request @http.url:*api/docker*" + "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.request @http.url_details.path:*api/docker* @http.method:(HEAD OR PUT) @http.url_details.path:*/manifests/*" } } ], @@ -1416,7 +1414,7 @@ "id": 2477922006930220, "definition": { - "title": "Operations (Audit Logs)", + "title": "Operations (Audit and Access Logs)", "background_color": "vivid_green", "show_title": true, "type": "group", @@ -1430,8 +1428,6 @@ "title": "Operations by users", "title_size": "16", "title_align": "left", - "time": - {}, "requests": [ { @@ -1529,8 +1525,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -1661,8 +1655,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -1756,8 +1748,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -1851,8 +1841,6 @@ "value", "sum" ], - "time": - {}, "type": "timeseries", "requests": [ @@ -1988,201 +1976,1516 @@ "width": 4, "height": 1 } - } - ] - }, - "layout": - { - "x": 0, - "y": 23, - "width": 12, - "height": 9 - } - }, - { - "id": 5251851887096738, - "definition": - { - "title": "Artifactory access security audit events ", - "title_size": "16", - "title_align": "left", - "show_legend": true, - "legend_layout": "auto", - "legend_columns": - [ - "avg", - "min", - "max", - "value", - "sum" - ], - "time": - {}, - "type": "timeseries", - "requests": - [ + }, { - "formulas": - [ - { - "formula": "query1" - } - ], - "queries": - [ - { - "data_source": "logs", - "name": "query1", - "indexes": - [ - "*" - ], - "compute": - { - "aggregation": "count" - }, - "group_by": - [], - "search": - { - "query": "source:jfrog_artifactory service:jfrog.saas.rt.access.security.audit" - }, - "storage": "hot" - } - ], - "response_format": "timeseries", - "style": + "id": 5251851887096738, + "definition": { - "palette": "semantic", - "line_type": "solid", - "line_width": "normal" + "title": "Artifactory access security audit events ", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": + [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": + [ + { + "formulas": + [ + { + "formula": "query1" + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [], + "search": + { + "query": "source:jfrog_artifactory service:jfrog.saas.rt.access.security.audit" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": + { + "palette": "semantic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] }, - "display_type": "bars" - } - ] - }, - "layout": - { - "x": 0, - "y": 0, - "width": 6, - "height": 3 - } - }, - { - "id": 6324405992194226, - "definition": - { - "title": "Artifactory access audit events ", - "title_size": "16", - "title_align": "left", - "show_legend": true, - "legend_layout": "auto", - "legend_columns": - [ - "avg", - "min", - "max", - "value", - "sum" - ], - "time": - {}, - "type": "timeseries", - "requests": - [ + "layout": + { + "x": 0, + "y": 8, + "width": 6, + "height": 3 + } + }, { - "formulas": - [ - { - "formula": "query1" - } - ], - "queries": - [ - { - "data_source": "logs", - "name": "query1", - "indexes": - [ - "*" - ], - "compute": - { - "aggregation": "count" - }, - "group_by": - [], - "search": + "id": 6324405992194226, + "definition": + { + "title": "Artifactory access audit events ", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": + [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": + [ { - "query": "source:jfrog_artifactory service:jfrog.saas.rt.access.audit" - }, - "storage": "hot" - } - ], - "response_format": "timeseries", - "style": + "formulas": + [ + { + "formula": "query1" + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [], + "search": + { + "query": "source:jfrog_artifactory service:jfrog.saas.rt.access.audit" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": + { + "palette": "semantic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": + { + "x": 6, + "y": 8, + "width": 6, + "height": 3 + } + }, + { + "id": 2295515437988666, + "definition": { - "palette": "semantic", - "line_type": "solid", - "line_width": "normal" + "type": "note", + "content": " Total number of access security audit logs streamed to DataDog.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false }, - "display_type": "bars" - } - ] - }, - "layout": - { - "x": 6, - "y": 0, - "width": 6, - "height": 3 - } - }, - { - "id": 2295515437988666, - "definition": - { - "type": "note", - "content": " Total number of access security audit logs streamed to DataDog.", - "background_color": "green", - "font_size": "14", - "text_align": "center", - "vertical_align": "center", - "show_tick": false, - "tick_pos": "50%", - "tick_edge": "left", - "has_padding": false + "layout": + { + "x": 0, + "y": 11, + "width": 6, + "height": 1 + } + }, + { + "id": 2113340899650454, + "definition": + { + "type": "note", + "content": " Total number of access audit logs streamed to DataDog.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 6, + "y": 11, + "width": 6, + "height": 1 + } + }, + { + "id": 3596681096391102, + "definition": + { + "title": "Action types", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": + [ + { + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@jfrog.cloud.action_response", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.access" + }, + "storage": "hot" + } + ], + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "response_format": "scalar" + } + ], + "style": + { + "display": + { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": + { + "x": 0, + "y": 12, + "width": 4, + "height": 3 + } + }, + { + "id": 1107790110311534, + "definition": + { + "title": "Action types, no NA", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": + [ + { + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@jfrog.cloud.action_response", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.access -@usr.id:NA" + }, + "storage": "hot" + } + ], + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "response_format": "scalar" + } + ], + "style": + { + "display": + { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": + { + "x": 4, + "y": 12, + "width": 4, + "height": 3 + } + }, + { + "id": 4205154410194246, + "definition": + { + "title": "Accepted deploys by username", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": + [ + { + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"ACCEPTED DEPLOY\"" + }, + "storage": "hot" + } + ], + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "response_format": "scalar" + } + ], + "style": + { + "display": + { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": + { + "x": 8, + "y": 12, + "width": 4, + "height": 3 + } + }, + { + "id": 1033484241783706, + "definition": + { + "type": "note", + "content": "Actions by type.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 0, + "y": 15, + "width": 4, + "height": 1 + } + }, + { + "id": 3455818049236428, + "definition": + { + "type": "note", + "content": "Actions by type, excluding NA users.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 4, + "y": 15, + "width": 4, + "height": 1 + } + }, + { + "id": 2058312962280890, + "definition": + { + "type": "note", + "content": "Top list of deployed artifacts by username.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 8, + "y": 15, + "width": 4, + "height": 1 + } + }, + { + "id": 1341172384303516, + "definition": + { + "title": "Denied actions by IP", + "title_size": "16", + "title_align": "left", + "requests": + [ + { + "response_format": "scalar", + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:DENIED*" + }, + "storage": "hot" + } + ], + "style": + { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": + { + "type": "automatic" + } + }, + "layout": + { + "x": 0, + "y": 16, + "width": 4, + "height": 3 + } + }, + { + "id": 3353599207237470, + "definition": + { + "title": "Denied actions by IP, no NA", + "title_size": "16", + "title_align": "left", + "requests": + [ + { + "response_format": "scalar", + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:DENIED* -@usr.id:NA" + }, + "storage": "hot" + } + ], + "style": + { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": + { + "type": "automatic" + } + }, + "layout": + { + "x": 4, + "y": 16, + "width": 4, + "height": 3 + } + }, + { + "id": 3655855608472182, + "definition": + { + "title": "Denied logins by username", + "title_size": "16", + "title_align": "left", + "requests": + [ + { + "response_format": "scalar", + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"DENIED LOGIN\"" + }, + "storage": "hot" + } + ], + "style": + { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": + { + "type": "automatic" + } + }, + "layout": + { + "x": 8, + "y": 16, + "width": 4, + "height": 3 + } + }, + { + "id": 5592607983359890, + "definition": + { + "type": "note", + "content": "All types of denied actions by IP address.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 0, + "y": 19, + "width": 4, + "height": 1 + } + }, + { + "id": 5829159961616044, + "definition": + { + "type": "note", + "content": "All types of denied actions by IP address, excluding NA users.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 4, + "y": 19, + "width": 4, + "height": 1 + } + }, + { + "id": 5198324813995334, + "definition": + { + "type": "note", + "content": "Denied logins by username.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 8, + "y": 19, + "width": 4, + "height": 1 + } + }, + { + "id": 2074184904240294, + "definition": + { + "title": "Denied logins by username, no NA", + "title_size": "16", + "title_align": "left", + "requests": + [ + { + "response_format": "scalar", + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"DENIED LOGIN\" -@usr.id:NA" + }, + "storage": "hot" + } + ], + "style": + { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": + { + "type": "automatic" + } + }, + "layout": + { + "x": 0, + "y": 20, + "width": 4, + "height": 3 + } + }, + { + "id": 383644367746952, + "definition": + { + "title": "Denied downloads by username and instance", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": + [ + { + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@repository_path", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@jfrog.cloud.instance_name", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"DENIED DOWNLOAD\"" + }, + "storage": "hot" + } + ], + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 1000, + "order": "desc" + } + } + ], + "response_format": "scalar" + } + ], + "style": + { + "display": + { + "type": "stacked" + }, + "scaling": "absolute" + } + }, + "layout": + { + "x": 4, + "y": 20, + "width": 4, + "height": 3 + } + }, + { + "id": 2185644837800014, + "definition": + { + "title": "Top users (over time)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": + [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": + [ + { + "formulas": + [ + { + "formula": "query1" + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory service:jfrog.saas.rt.artifactory.access" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": + { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": + { + "x": 8, + "y": 20, + "width": 4, + "height": 3 + } + }, + { + "id": 459035956765784, + "definition": + { + "type": "note", + "content": "Denied logins by username, excluding NA users.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 0, + "y": 23, + "width": 4, + "height": 1 + } + }, + { + "id": 5718262370064838, + "definition": + { + "type": "note", + "content": "Denied downloads by username and instance name.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 4, + "y": 23, + "width": 4, + "height": 1 + } + }, + { + "id": 7358561038658014, + "definition": + { + "type": "note", + "content": "Top users activity, timeseries.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 8, + "y": 23, + "width": 4, + "height": 1 + } + }, + { + "id": 1450557222117854, + "definition": + { + "title": "Denied logins by IP", + "title_size": "16", + "title_align": "left", + "requests": + [ + { + "response_format": "scalar", + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"DENIED LOGIN\"" + }, + "storage": "hot" + } + ], + "style": + { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": + { + "type": "automatic" + } + }, + "layout": + { + "x": 0, + "y": 24, + "width": 4, + "height": 3 + } + }, + { + "id": 1847158599565212, + "definition": + { + "title": "Denied logins by IP, no NA", + "title_size": "16", + "title_align": "left", + "requests": + [ + { + "response_format": "scalar", + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 10, + "order": "desc" + } + } + ], + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"DENIED LOGIN\" -@usr.id:NA" + }, + "storage": "hot" + } + ], + "style": + { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": + { + "type": "automatic" + } + }, + "layout": + { + "x": 4, + "y": 24, + "width": 4, + "height": 3 + } + }, + { + "id": 4912442587893846, + "definition": + { + "title": "Accepted deployments by username and instance", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": + [ + { + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@repository_path", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@jfrog.cloud.instance_name", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"ACCEPTED DEPLOY\"" + }, + "storage": "hot" + } + ], + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 1000, + "order": "desc" + } + } + ], + "response_format": "scalar" + } + ], + "style": + { + "display": + { + "type": "stacked" + }, + "scaling": "absolute" + } + }, + "layout": + { + "x": 8, + "y": 24, + "width": 4, + "height": 3 + } + }, + { + "id": 4018089721220852, + "definition": + { + "type": "note", + "content": "Denied logins per IP address.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 0, + "y": 27, + "width": 4, + "height": 1 + } + }, + { + "id": 4942076628282626, + "definition": + { + "type": "note", + "content": "Denied logins per IP address, excluding NA users.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 4, + "y": 27, + "width": 4, + "height": 1 + } + }, + { + "id": 8465364030975940, + "definition": + { + "type": "note", + "content": "Accepted deployments by username and instance name.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 8, + "y": 27, + "width": 4, + "height": 1 + } + }, + { + "id": 1271382445096390, + "definition": + { + "title": "Accepted downloads by username and instance", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": + [ + { + "queries": + [ + { + "data_source": "logs", + "name": "query1", + "indexes": + [ + "*" + ], + "compute": + { + "aggregation": "count" + }, + "group_by": + [ + { + "facet": "@repository_path", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@jfrog.cloud.instance_name", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@usr.id", + "limit": 10, + "sort": + { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": + { + "query": "source:jfrog_artifactory @jfrog.cloud.action_response:\"ACCEPTED DOWNLOAD\"" + }, + "storage": "hot" + } + ], + "formulas": + [ + { + "formula": "query1", + "limit": + { + "count": 1000, + "order": "desc" + } + } + ], + "response_format": "scalar" + } + ], + "style": + { + "display": + { + "type": "stacked" + }, + "scaling": "absolute" + } + }, + "layout": + { + "x": 0, + "y": 28, + "width": 4, + "height": 3 + } + }, + { + "id": 6560456722318720, + "definition": + { + "type": "note", + "content": "Accepted downloads by username and instance name.", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": + { + "x": 0, + "y": 31, + "width": 4, + "height": 1 + } + } + ] }, "layout": { "x": 0, - "y": 3, - "width": 6, - "height": 1 - } - }, - { - "id": 2113340899650454, - "definition": - { - "type": "note", - "content": " Total number of access audit logs streamed to DataDog.", - "background_color": "green", - "font_size": "14", - "text_align": "center", - "vertical_align": "center", - "show_tick": false, - "tick_pos": "50%", - "tick_edge": "left", - "has_padding": false - }, - "layout": - { - "x": 6, - "y": 3, - "width": 6, - "height": 1 + "y": 23, + "width": 12, + "height": 33 } } ], diff --git a/jfrog_platform_cloud/assets/logs/jfrog_artifactory.yaml b/jfrog_platform_cloud/assets/logs/jfrog_artifactory.yaml index fdcdb52aba..4190252dfa 100644 --- a/jfrog_platform_cloud/assets/logs/jfrog_artifactory.yaml +++ b/jfrog_platform_cloud/assets/logs/jfrog_artifactory.yaml @@ -2,20 +2,15 @@ id: jfrog_artifactory metric_id: jfrog-platform-cloud backend_only: false facets: - - facetType: range - groups: - - Measure - name: Duration - path: duration + - groups: + - User + name: User ID + path: usr.id source: log - type: double - unit: - family: time - name: nanosecond - groups: - - Event - name: Event Name - path: evt.name + - Web Access + name: URL Path + path: http.url_details.path source: log - groups: - Web Access @@ -27,96 +22,160 @@ facets: name: Status Code path: http.status_code source: log - - groups: - - Web Access - name: URL Path - path: http.url - source: log - groups: - Web Access name: User-Agent path: http.useragent source: log - - groups: - - Source Code - name: Thread Name - path: logger.thread_name - source: log - groups: - Web Access name: Client IP path: network.client.ip source: log - - groups: - - User - name: User ID - path: usr.id + - facetType: range + groups: + - Measure + name: Duration + path: duration source: log + type: double + unit: + family: time + name: nanosecond - groups: + - Event + name: Event Name + path: evt.name + source: log + - facetType: list + groups: - JFrog Cloud - name: Tenant ID - path: jfrog.cloud.tenant_id + name: Action Response + path: jfrog.cloud.action_response source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud - name: Data Changed - path: jfrog.cloud.data_changed + name: Audit Data Changed + path: jfrog.cloud.audit_data_changed source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud - name: Request Duration - path: jfrog.cloud.duration + name: Company Name + path: jfrog.cloud.company_name source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud - name: Request Content Length - path: jfrog.cloud.request_content_length + name: Entity Name + path: jfrog.cloud.entity_name source: log - - groups: + type: string + - facetType: list + groups: + - JFrog Cloud + name: Event Type + path: jfrog.cloud.evt.type + source: log + type: string + - facetType: list + groups: + - JFrog Cloud + name: Image Name + path: jfrog.cloud.image + source: log + type: string + - facetType: list + groups: + - JFrog Cloud + name: Instance Name + path: jfrog.cloud.instance_name + source: log + type: string + - facetType: list + groups: - JFrog Cloud name: Logged Principal path: jfrog.cloud.logged_principal source: log - - groups: + type: string + - description: Artifactory package type + facetType: list + groups: - JFrog Cloud - name: Token ID - path: jfrog.cloud.token_id + name: Package Type + path: jfrog.cloud.package_type source: log - - groups: + type: double + - description: Artifactory Project Name + facetType: list + groups: - JFrog Cloud - name: Repository Name - path: jfrog.cloud.repo + name: Project Name + path: jfrog.cloud.project_key source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud - name: Image Name - path: jfrog.cloud.image + name: Repository Name + path: jfrog.cloud.repo source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud - name: Entity Name - path: jfrog.cloud.entity_name + name: Repository path (Access) + path: jfrog.cloud.repo_path source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud - name: Event Name - path: jfrog.cloud.evt.name + name: Request Content Length + path: jfrog.cloud.request_content_length source: log - - groups: + type: string + - facetType: list + groups: - JFrog Cloud name: Response Content Length path: jfrog.cloud.response_content_length source: log - - groups: - - JFrog Cloud - name: Event Type - path: jfrog.cloud.evt.type - source: log - - groups: + type: string + - description: |- + The name of the audited service: + - jfob - Observability + - jfac - Access + - jfrou - Router + - jffe - Frontend + - jfrt - Artifactory + - jfcon - JFLink + facetType: list + groups: - JFrog Cloud name: Subject (Audit) path: jfrog.cloud.subject source: log + type: string + - facetType: list + groups: + - JFrog Cloud + name: Tenant ID + path: jfrog.cloud.tenant_id + source: log + type: string + - facetType: list + groups: + - JFrog Cloud + name: Token ID + path: jfrog.cloud.token_id + source: log + type: string pipeline: type: pipeline name: JFrog Artifactory Cloud @@ -125,7 +184,8 @@ pipeline: query: source:jfrog_artifactory processors: - type: trace-id-remapper - name: Define `trace_id`, `request_Uber-Trace-Id` as the official trace ID of the log + name: Define `trace_id`, `request_Uber-Trace-Id` as the official trace ID of the + log enabled: true sources: - trace_id @@ -142,17 +202,19 @@ pipeline: sources: - service - type: date-remapper - name: Define `time`, `log_timestamp`, `@timestamp` as the official date of the log + name: Define `time`, `log_timestamp`, `@timestamp` as the official date of the + log enabled: true sources: - time - log_timestamp - - '@timestamp' + - "@timestamp" - type: attribute-remapper - name: Map `entity_name` to `jfrog.cloud.entity_name` + name: Map `entity_name`, `entityname` to `jfrog.cloud.entity_name` enabled: true sources: - entity_name + - entityname sourceType: attribute target: jfrog.cloud.entity_name targetType: attribute @@ -199,10 +261,12 @@ pipeline: preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `logged_principal` to `jfrog.cloud.logged_principal` + name: Map `logged_principal`, `loggedinprincipal` to + `jfrog.cloud.logged_principal` enabled: true sources: - logged_principal + - loggedinprincipal sourceType: attribute target: jfrog.cloud.logged_principal targetType: attribute @@ -216,6 +280,7 @@ pipeline: sourceType: attribute target: jfrog.cloud.request_content_length targetType: attribute + targetFormat: integer preserveSource: false overrideOnConflict: false - type: attribute-remapper @@ -226,6 +291,7 @@ pipeline: sourceType: attribute target: jfrog.cloud.response_content_length targetType: attribute + targetFormat: integer preserveSource: false overrideOnConflict: false - type: attribute-remapper @@ -259,12 +325,13 @@ pipeline: preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `data_changed` to `jfrog.cloud.data_changed` + name: Map `data_changed`, `datachanged` to `jfrog.cloud.audit_data_changed` enabled: true sources: - data_changed + - datachanged sourceType: attribute - target: jfrog.cloud.data_changed + target: jfrog.cloud.audit_data_changed targetType: attribute preserveSource: false overrideOnConflict: false @@ -281,12 +348,12 @@ pipeline: preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `request_url` to `http.url` + name: Map `request_url` to `http.url_details.path` enabled: true sources: - request_url sourceType: attribute - target: http.url + target: http.url_details.path targetType: attribute preserveSource: false overrideOnConflict: false @@ -302,10 +369,9 @@ pipeline: preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `DownstreamStatus`, `return_status` to `http.status_code` + name: Map `return_status` to `http.status_code` enabled: true sources: - - DownstreamStatus - return_status sourceType: attribute target: http.status_code @@ -324,7 +390,8 @@ pipeline: preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `ClientAddr`, `ip`, `ip_address`, `remote_address` to `network.client.ip` + name: Map `ClientAddr`, `ip`, `ip_address`, `remote_address` to + `network.client.ip` enabled: true sources: - ClientAddr @@ -346,16 +413,6 @@ pipeline: targetType: attribute preserveSource: false overrideOnConflict: false - - type: attribute-remapper - name: Map `thread` to `logger.thread_name` - enabled: true - sources: - - thread - sourceType: attribute - target: logger.thread_name - targetType: attribute - preserveSource: false - overrideOnConflict: false - type: attribute-remapper name: Map `request_duration`, `Duration` to `duration` enabled: true @@ -377,3 +434,43 @@ pipeline: targetType: attribute preserveSource: false overrideOnConflict: false + - type: attribute-remapper + name: Map `company_name` to `jfrog.cloud.company_name` + enabled: true + sources: + - company_name + sourceType: attribute + target: jfrog.cloud.company_name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `instance_name` to `jfrog.cloud.instance_name` + enabled: true + sources: + - instance_name + sourceType: attribute + target: jfrog.cloud.instance_name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `action_response` to `jfrog.cloud.action_response` + enabled: true + sources: + - action_response + sourceType: attribute + target: jfrog.cloud.action_response + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `repository_path` to `jfrog.cloud.repo_path` + enabled: true + sources: + - repository_path + sourceType: attribute + target: jfrog.cloud.repo_path + targetType: attribute + preserveSource: false + overrideOnConflict: false diff --git a/jfrog_platform_cloud/assets/logs/jfrog_artifactory_tests.yaml b/jfrog_platform_cloud/assets/logs/jfrog_artifactory_tests.yaml index 996576945f..cbf2add15f 100644 --- a/jfrog_platform_cloud/assets/logs/jfrog_artifactory_tests.yaml +++ b/jfrog_platform_cloud/assets/logs/jfrog_artifactory_tests.yaml @@ -1,234 +1,210 @@ id: "jfrog_artifactory" tests: - - - sample: |- - { - "tenant_id" : "b0r4mbvkakcf3", - "hostname" : "jfrog-cloud", - "ddtags" : "owner:partnershipstag1", - "service" : "jfrog.saas.rt.artifactory.request", - "message" : { - "log_timestamp" : "2023-11-15T00:41:07.985Z", - "trace_id" : "9610c3603b327217", - "remote_address" : "127.0.0.1", - "request_method" : "GET", - "source" : "jfrog_artifactory", - "response_content_length" : "-1", - "request_url" : "/api/v1/system/liveness", - "request_user_agent" : "curl/7.76.1", - "request_content_length" : "0", - "request_duration" : "0", - "log_source" : "jfrog.saas.rt.artifactory.request", - "return_status" : "200", - "username" : "non_authenticated_user" - }, - "ddsource" : "jfrog_artifactory" - } - result: - custom: - ddsource: "jfrog_artifactory" - ddtags: "owner:partnershipstag1" - duration: "0" - host: "jfrog-cloud" - http: - method: "GET" - status_code: "200" - url: "/api/v1/system/liveness" - useragent: "curl/7.76.1" - jfrog: - cloud: - request_content_length: "0" - response_content_length: "-1" - tenant_id: "b0r4mbvkakcf3" - log_source: "jfrog.saas.rt.artifactory.request" - log_timestamp: "2023-11-15T00:41:07.985Z" - network: - client: - ip: "127.0.0.1" - service: "jfrog.saas.rt.artifactory.request" - source: "jfrog_artifactory" - usr: - id: "non_authenticated_user" - message: |- + - + sample: |- { - "tenant_id" : "b0r4mbvkakcf3", + "tenant_id" : "partnership-test-company-0", "hostname" : "jfrog-cloud", - "ddtags" : "owner:partnershipstag1", - "service" : "jfrog.saas.rt.artifactory.request", + "instance_name" : "instance1", + "ddtags" : "key1:val1,key2:val2,key3:val3", + "service" : "jfrog.saas.rt.artifactory.access", + "company_name" : "JFrog Test Company", "message" : { - "log_timestamp" : "2023-11-15T00:41:07.985Z", - "trace_id" : "9610c3603b327217", - "remote_address" : "127.0.0.1", - "request_method" : "GET", - "source" : "jfrog_artifactory", - "response_content_length" : "-1", - "request_url" : "/api/v1/system/liveness", - "request_user_agent" : "curl/7.76.1", - "request_content_length" : "0", - "request_duration" : "0", - "log_source" : "jfrog.saas.rt.artifactory.request", - "return_status" : "200", - "username" : "non_authenticated_user" + "log_timestamp" : "2024-04-22T18:46:18.610Z", + "action_response" : "ACCEPTED DELETE", + "log_type" : "artifactory-access", + "trace_id" : "7d4c40fbd47e5459", + "repository_path" : "generic-local:jfrog_platform_cloud_logs_2.png", + "user_name" : "danielmi", + "ip_address" : "255.255.255.1", + "message" : "for client", + "type" : "token" }, "ddsource" : "jfrog_artifactory" } - service: "jfrog.saas.rt.artifactory.request" - tags: - - "source:LOGS_SOURCE" - timestamp: 1700008867985 - trace_id: "9610c3603b327217" - - - sample: |- - { - "tenant_id" : "b0r4mbvkakcf3", - "hostname" : "jfrog-cloud", - "ddtags" : "owner:partnershipstag1", - "service" : "jfrog.saas.rt.artifactory.request", - "message" : { - "log_timestamp" : "2023-11-15T00:41:17.896Z", - "trace_id" : "b05db4d5ae4fc51a", - "remote_address" : "127.0.0.1", - "request_method" : "GET", - "source" : "jfrog_artifactory", - "response_content_length" : "-1", - "request_url" : "/api/v1/system/liveness", - "request_user_agent" : "curl/7.76.1", - "request_content_length" : "0", - "request_duration" : "0", - "log_source" : "jfrog.saas.rt.artifactory.request", - "return_status" : "200", - "username" : "non_authenticated_user" - }, - "ddsource" : "jfrog_artifactory" - } - result: - custom: - ddsource: "jfrog_artifactory" - ddtags: "owner:partnershipstag1" - duration: "0" - host: "jfrog-cloud" - http: - method: "GET" - status_code: "200" - url: "/api/v1/system/liveness" - useragent: "curl/7.76.1" - jfrog: - cloud: - request_content_length: "0" - response_content_length: "-1" - tenant_id: "b0r4mbvkakcf3" - log_source: "jfrog.saas.rt.artifactory.request" - log_timestamp: "2023-11-15T00:41:17.896Z" - network: - client: - ip: "127.0.0.1" - service: "jfrog.saas.rt.artifactory.request" - source: "jfrog_artifactory" - usr: - id: "non_authenticated_user" - message: |- + result: + custom: + ddsource: "jfrog_artifactory" + ddtags: "key1:val1,key2:val2,key3:val3" + host: "jfrog-cloud" + jfrog: + cloud: + action_response: "ACCEPTED DELETE" + company_name: "JFrog Test Company" + instance_name: "instance1" + repo_path: "generic-local:jfrog_platform_cloud_logs_2.png" + tenant_id: "partnership-test-company-0" + log_timestamp: "2024-04-22T18:46:18.610Z" + log_type: "artifactory-access" + message: "for client" + network: + client: + ip: "255.255.255.1" + service: "jfrog.saas.rt.artifactory.access" + type: "token" + usr: + id: "danielmi" + message: |- + { + "tenant_id" : "partnership-test-company-0", + "hostname" : "jfrog-cloud", + "instance_name" : "instance1", + "ddtags" : "key1:val1,key2:val2,key3:val3", + "service" : "jfrog.saas.rt.artifactory.access", + "company_name" : "JFrog Test Company", + "message" : { + "log_timestamp" : "2024-04-22T18:46:18.610Z", + "action_response" : "ACCEPTED DELETE", + "log_type" : "artifactory-access", + "trace_id" : "7d4c40fbd47e5459", + "repository_path" : "generic-local:jfrog_platform_cloud_logs_2.png", + "user_name" : "danielmi", + "ip_address" : "255.255.255.1", + "message" : "for client", + "type" : "token" + }, + "ddsource" : "jfrog_artifactory" + } + service: "jfrog.saas.rt.artifactory.access" + tags: + - "source:LOGS_SOURCE" + timestamp: 1713811578610 + trace_id: "7d4c40fbd47e5459" + - + sample: |- { - "tenant_id" : "b0r4mbvkakcf3", + "tenant_id" : "partnership-test-company-0", "hostname" : "jfrog-cloud", - "ddtags" : "owner:partnershipstag1", - "service" : "jfrog.saas.rt.artifactory.request", + "instance_name" : "instance1", + "ddtags" : "key1:val1,key2:val2,key3:val3", + "service" : "jfrog.saas.rt.access.security.audit", + "company_name" : "JFrog Test Company", "message" : { - "log_timestamp" : "2023-11-15T00:41:17.896Z", - "trace_id" : "b05db4d5ae4fc51a", - "remote_address" : "127.0.0.1", - "request_method" : "GET", - "source" : "jfrog_artifactory", - "response_content_length" : "-1", - "request_url" : "/api/v1/system/liveness", - "request_user_agent" : "curl/7.76.1", - "request_content_length" : "0", - "request_duration" : "0", - "log_source" : "jfrog.saas.rt.artifactory.request", - "return_status" : "200", - "username" : "non_authenticated_user" + "log_timestamp" : "2024-02-06T22:15:11.665Z", + "trace_id" : "6420b6d27625d991", + "data_changed" : "{\"added\":{\"owner\":\"jfob@01h90ampkvn2wy0e10sgyx174d\",\"created\":\"1706739014223\",\"expirationTime\":\"1706739134223\",\"subject\":\"jfob@01h90ampkvn2wy0e10sgyx174d\",\"scope\":\"api:* applied-permissions/admin\",\"id\":\"0634d4e8-5338-4f65-9310-ddfe4f4e8401\",\"type\":\"generic\"}}", + "event_type" : "C", + "entity_name" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "user_name" : "UNKNOWN", + "logged_principal" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "ip_address" : "UNKNOWN", + "event" : "TKN" }, "ddsource" : "jfrog_artifactory" } - service: "jfrog.saas.rt.artifactory.request" - tags: - - "source:LOGS_SOURCE" - timestamp: 1700008877896 - trace_id: "b05db4d5ae4fc51a" - - - sample: |- - { - "tenant_id" : "b0r4mbvkakcf3", - "hostname" : "jfrog-cloud", - "ddtags" : "owner:partnershipstag1", - "service" : "jfrog.saas.rt.artifactory.request", - "message" : { - "log_timestamp" : "2023-11-15T00:41:37.857Z", - "trace_id" : "d4328165e6fe6921", - "remote_address" : "127.0.0.1", - "request_method" : "GET", - "source" : "jfrog_artifactory", - "response_content_length" : "-1", - "request_url" : "/api/v1/system/liveness", - "request_user_agent" : "curl/7.76.1", - "request_content_length" : "0", - "request_duration" : "1", - "log_source" : "jfrog.saas.rt.artifactory.request", - "return_status" : "200", - "username" : "non_authenticated_user" - }, - "ddsource" : "jfrog_artifactory" - } - result: - custom: - ddsource: "jfrog_artifactory" - ddtags: "owner:partnershipstag1" - duration: "1" - host: "jfrog-cloud" - http: - method: "GET" - status_code: "200" - url: "/api/v1/system/liveness" - useragent: "curl/7.76.1" - jfrog: - cloud: - request_content_length: "0" - response_content_length: "-1" - tenant_id: "b0r4mbvkakcf3" - log_source: "jfrog.saas.rt.artifactory.request" - log_timestamp: "2023-11-15T00:41:37.857Z" - network: - client: - ip: "127.0.0.1" - service: "jfrog.saas.rt.artifactory.request" - source: "jfrog_artifactory" - usr: - id: "non_authenticated_user" - message: |- + result: + custom: + ddsource: "jfrog_artifactory" + ddtags: "key1:val1,key2:val2,key3:val3" + evt: + name: "TKN" + host: "jfrog-cloud" + jfrog: + cloud: + audit_data_changed: "{\"added\":{\"owner\":\"jfob@01h90ampkvn2wy0e10sgyx174d\",\"created\":\"1706739014223\",\"expirationTime\":\"1706739134223\",\"subject\":\"jfob@01h90ampkvn2wy0e10sgyx174d\",\"scope\":\"api:* applied-permissions/admin\",\"id\":\"0634d4e8-5338-4f65-9310-ddfe4f4e8401\",\"type\":\"generic\"}}" + company_name: "JFrog Test Company" + entity_name: "jfob@01h90ampkvn2wy0e10sgyx174d" + evt: + type: "C" + instance_name: "instance1" + logged_principal: "jfob@01h90ampkvn2wy0e10sgyx174d" + tenant_id: "partnership-test-company-0" + log_timestamp: "2024-02-06T22:15:11.665Z" + network: + client: + ip: "UNKNOWN" + service: "jfrog.saas.rt.access.security.audit" + usr: + id: "UNKNOWN" + message: |- + { + "tenant_id" : "partnership-test-company-0", + "hostname" : "jfrog-cloud", + "instance_name" : "instance1", + "ddtags" : "key1:val1,key2:val2,key3:val3", + "service" : "jfrog.saas.rt.access.security.audit", + "company_name" : "JFrog Test Company", + "message" : { + "log_timestamp" : "2024-02-06T22:15:11.665Z", + "trace_id" : "6420b6d27625d991", + "data_changed" : "{\"added\":{\"owner\":\"jfob@01h90ampkvn2wy0e10sgyx174d\",\"created\":\"1706739014223\",\"expirationTime\":\"1706739134223\",\"subject\":\"jfob@01h90ampkvn2wy0e10sgyx174d\",\"scope\":\"api:* applied-permissions/admin\",\"id\":\"0634d4e8-5338-4f65-9310-ddfe4f4e8401\",\"type\":\"generic\"}}", + "event_type" : "C", + "entity_name" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "user_name" : "UNKNOWN", + "logged_principal" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "ip_address" : "UNKNOWN", + "event" : "TKN" + }, + "ddsource" : "jfrog_artifactory" + } + service: "jfrog.saas.rt.access.security.audit" + tags: + - "source:LOGS_SOURCE" + timestamp: 1707257711665 + trace_id: "6420b6d27625d991" + - + sample: |- { - "tenant_id" : "b0r4mbvkakcf3", + "tenant_id" : "partnership-test-company-0", "hostname" : "jfrog-cloud", - "ddtags" : "owner:partnershipstag1", - "service" : "jfrog.saas.rt.artifactory.request", + "instance_name" : "instance1", + "ddtags" : "key1:val1,key2:val2,key3:val3", + "service" : "jfrog.saas.rt.access.audit", + "company_name" : "JFrog Test Company", "message" : { - "log_timestamp" : "2023-11-15T00:41:37.857Z", - "trace_id" : "d4328165e6fe6921", - "remote_address" : "127.0.0.1", - "request_method" : "GET", - "source" : "jfrog_artifactory", - "response_content_length" : "-1", - "request_url" : "/api/v1/system/liveness", - "request_user_agent" : "curl/7.76.1", - "request_content_length" : "0", - "request_duration" : "1", - "log_source" : "jfrog.saas.rt.artifactory.request", - "return_status" : "200", - "username" : "non_authenticated_user" + "log_timestamp" : "2024-02-08T22:21:11.665Z", + "refreshable" : false, + "expirationtime" : "1706739134223", + "token_id" : "0634d4e8-5338-4f65-9310-ddfe4f4e8401", + "subject" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "user_name" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "event" : "created", + "issuer" : "jfob@01h90ampkvn2wy0e10sgyx174d" }, "ddsource" : "jfrog_artifactory" } - service: "jfrog.saas.rt.artifactory.request" - tags: - - "source:LOGS_SOURCE" - timestamp: 1700008897857 - trace_id: "d4328165e6fe6921" - + result: + custom: + ddsource: "jfrog_artifactory" + ddtags: "key1:val1,key2:val2,key3:val3" + evt: + name: "created" + expirationtime: "1706739134223" + host: "jfrog-cloud" + issuer: "jfob@01h90ampkvn2wy0e10sgyx174d" + jfrog: + cloud: + company_name: "JFrog Test Company" + instance_name: "instance1" + subject: "jfob@01h90ampkvn2wy0e10sgyx174d" + tenant_id: "partnership-test-company-0" + token_id: "0634d4e8-5338-4f65-9310-ddfe4f4e8401" + log_timestamp: "2024-02-08T22:21:11.665Z" + refreshable: false + service: "jfrog.saas.rt.access.audit" + usr: + id: "jfob@01h90ampkvn2wy0e10sgyx174d" + message: |- + { + "tenant_id" : "partnership-test-company-0", + "hostname" : "jfrog-cloud", + "instance_name" : "instance1", + "ddtags" : "key1:val1,key2:val2,key3:val3", + "service" : "jfrog.saas.rt.access.audit", + "company_name" : "JFrog Test Company", + "message" : { + "log_timestamp" : "2024-02-08T22:21:11.665Z", + "refreshable" : false, + "expirationtime" : "1706739134223", + "token_id" : "0634d4e8-5338-4f65-9310-ddfe4f4e8401", + "subject" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "user_name" : "jfob@01h90ampkvn2wy0e10sgyx174d", + "event" : "created", + "issuer" : "jfob@01h90ampkvn2wy0e10sgyx174d" + }, + "ddsource" : "jfrog_artifactory" + } + service: "jfrog.saas.rt.access.audit" + tags: + - "source:LOGS_SOURCE" + timestamp: 1707430871665 \ No newline at end of file