Astrix¶
About¶
The Astrix Platform secures the biggest identity blindspot. In an infinite mesh of Non-Human Identities (NHIs), only Astrix provides governance and visibility into NHI privileges, accessed resources, owners, real-time behaviors, and associated risks.
Product Details¶
Vendor URL: Astrix
Product Type: Data Security
Product Tier: Tier I
Integration Method: Webhook
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: ASTRIX
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| account.account | principal.administrative_domain |
| account.platform | principal.cloud.environment |
| account.platform | principal.application |
| events-type | metadata.product_event_type |
| events-version | metadata.product_version |
| integration.admin-console-link | principal.url |
| integration.astrix-link | metadata.url_back_to_product |
| integration.exposure | security_result.detection_fields |
| integration.id | target.resource.product_object_id |
| integration.instances | target.resource.attribute.labels |
| integration.integration-types | target.resource.resource_subtype |
| integration.integration-types | security_result.category_details |
| integration.name | target.resource.name |
| integration.owner.email | principal.user.email_addresses |
| integration.owner.name | principal.user.user_display_name |
| integration.owner.role | principal.user.attribute.roles.name |
| integration.publisher | target.resource.parent |
| integration.risk | security_result.severity_details |
| integration.risk_breakdown.installed_by_admin | security_result.detection_fields |
| integration.risk_breakdown.installed_by_critical_mass | security_result.detection_fields |
| integration.risk_breakdown.installed_by_vip_user | security_result.detection_fields |
| integration.risk_breakdown.likelihood_level | security_result.detection_fields |
| integration.risk_breakdown.maintenance_level | security_result.detection_fields |
| integration.risk_breakdown.permissions_sensitivity | security_result.detection_fields |
| integration.risk_breakdown.reputation_indicator | security_result.detection_fields |
| integration.risk_breakdown.resources_sensitivity | security_result.detection_fields |
| integration.risk_breakdown.threat_analysis | security_result.detection_fields |
| integration.scopes | target.asset.attribute.permissions |
| integration.status | security_result.action_details |
| integration.supplier.astrix_link | target.url |
| integration.supplier.display_name | target.application |
| integration.supplier.home_page | target.resource.attribute.labels |
| integration.supplier.industries | target.resource.attribute.labels |
| integration.supplier.supplier_id | target.administrative_domain |
| issue.description | security_result.description |
| issue.finding | security_result.summary |
| issue.issue-type | security_result.rule_type |
| issue.remediation.link | security_result.about.url |
| issue.remediation.name | security_result.rule_name |
| issue.state | security_result.outcomes |
| source | metadata.product_name |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| integration-removed | RESOURCE_DELETION |
| issue_created, issue_resolved | STATUS_UPDATE |
| new-integration | RESOURCE_CREATION |
Log Sample¶
{"event":{"data":{"account":{"account":"example.com","platform":"google_workspace"},"integration":{"admin-console-link":"https://admin.google.com/ac/owl/list?tab=apps","astrix-link":"https://example.astrixsecurity.com/platforms/google_workspace?filters-integration=%7B%22id%22:%7B%22_in%22:%5B%22585679408659%22%5D%7D%7D\u0026integration=2e9b7c6547c7620baf57de64d2c78091d0ca9ff62b7cd4f627f95638f4403886\u0026referer=webhook_notifier","comment":null,"description":null,"exposure":"High","id":"585679408659","installation-time":"2024-09-05T16:04:56.49+00:00","instances":1,"integration-types":["oauth_app"],"is-in-public-marketplace":false,"is-installed":true,"is-internal":true,"is-link-accessible":false,"is-organization-installation":null,"is-published":false,"is-reviewed":false,"last-api-access":"2024-09-05T16:04:56.49+00:00","marketplace-link":null,"name":"RefreshSlidesWithSheetData","owner":{"email":"johndoe@example.com","name":"John Doe","role":"User"},"platform":"google_workspace","publisher":"johndoe@example.com","risk":"Medium","risk_breakdown":{"exposure_level":"High","installed_by_admin":false,"installed_by_critical_mass":"No","installed_by_vip_user":false,"likelihood_level":"Medium","maintenance_level":"Proper","permissions_sensitivity":"High","reputation_indicator":"Internal","resources_sensitivity":null,"threat_analysis":"Not Detected"},"scopes":[{"description":"View your Google Spreadsheets","documentation":null,"exposure":"High","name":"spreadsheets.readonly"},{"description":"View and manage your Google Slides presentations","documentation":null,"exposure":"High","name":"presentations"}],"status":"pending_review","supplier":null,"usage":"Minor","users":{"active-users":1,"total-users":1,"users":[{"email":"johndoe@example.com","id":"113570317963736742424","installation_timestamp":"2024-09-06T02:37:22.358","is_active":true,"name":"John Doe","role":"User"}]}},"issue":{"astrix-link":"https://example.astrixsecurity.com/platforms/google_workspace?filters-integration=%7B%22id%22:%7B%22_in%22:%5B%22585679408659%22%5D%7D%7D\u0026integration=2e9b7c6547c7620baf57de64d2c78091d0ca9ff62b7cd4f627f95638f4403886\u0026referer=webhook_notifier","comment":null,"create-time":"2024-12-04T16:49:28.790Z","description":"","extra-info":{},"finding":"Minor Usage","integration-users":{"active-users":1,"total-users":1,"users":[{"email":"johndoe@example.com","id":"113570317963736742424","installation_timestamp":"2024-09-06T02:37:22.358","is_active":true,"name":"John Doe","role":"User"}]},"issue-type":"Usage","remediation":null,"severity":"Low","state":"Open"}},"event-type":"issue_created","event-version":"0.1.3","source":"Astrix Security","timestamp":"2024-12-04T16:56:48.830Z"}}
Sample Parsing¶
metadata.event_type = "STATUS_UPDATE"
metadata.product_event_type = "issue_created"
metadata.product_name = "Astrix Security"
metadata.product_version = "0.1.3"
metadata.url_back_to_product = "https://example.astrixsecurity.com/platforms/google_workspace?filters-integration=%7B%22id%22:%7B%22_in%22:%5B%22585679408659%22%5D%7D%7D&integration=2e9b7c6547c7620baf57de64d2c78091d0ca9ff62b7cd4f627f95638f4403886&referer=webhook_notifier"
principal.administrative_domain = "example.com"
principal.application = "google_workspace"
principal.cloud.environment = "GOOGLE_CLOUD_PLATFORM"
principal.hostname = "example.com"
principal.url = "https://admin.google.com/ac/owl/list?tab=apps"
principal.user.attribute.roles.name = "Member"
principal.user.email_addresses = "johndoe@example.com"
principal.user.user_display_name = "John Doe"
security_result.action_details = "pending_review"
security_result.category_details = "oauth_app"
security_result.detection_fields.key = "Exposure"
security_result.detection_fields.value = "High"
security_result.detection_fields.key = "installed_by_admin"
security_result.detection_fields.value = "false"
security_result.detection_fields.key = "installed_by_critical_mass"
security_result.detection_fields.value = "No"
security_result.detection_fields.key = "installed_by_vip_user"
security_result.detection_fields.value = "false"
security_result.detection_fields.key = "likelihood_level"
security_result.detection_fields.value = "Medium"
security_result.detection_fields.key = "maintenance_level"
security_result.detection_fields.value = "Proper"
security_result.detection_fields.key = "permissions_sensitivity"
security_result.detection_fields.value = "High"
security_result.detection_fields.key = "reputation_indicator"
security_result.detection_fields.value = "Internal"
security_result.detection_fields.key = "threat_analysis"
security_result.detection_fields.value = "Not Detected"
security_result.outcomes.key = "State"
security_result.outcomes.value = "Open"
security_result.rule_type = "Usage"
security_result.severity = "MEDIUM"
security_result.severity_details = "Medium"
security_result.summary = "Minor Usage"
target.asset.attribute.permissions.description = "View your Google Spreadsheets"
target.asset.attribute.permissions.name = "spreadsheets.readonly"
target.asset.attribute.permissions.description = "View and manage your Google Slides presentations"
target.asset.attribute.permissions.name = "presentations"
target.resource.attribute.labels.key = "Instances"
target.resource.attribute.labels.value = "1"
target.resource.name = "RefreshSlidesWithSheetData"
target.resource.parent = "johndoe@example.com"
target.resource.product_object_id = "585679408659"
target.resource.resource_subtype = "oauth_app"