Britivte Audit¶
About¶
Britive is an identity access management and policy enforcement platform for all your cloud infrastructure and platform services. Empowering organizations with rapid, secure access so they can accelerate the adoption of cloud infrastructure, apps, and data. JIT and PAM Solutions.
Product Details¶
Vendor URL: Britive
Product Type: Cloud IAM
Product Tier: Tier II
Integration Method: JSON
Integration URL: N/A
Log Guide: Britive API Guide
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 99%
Data Label: BRITIVE_AUDIT_API
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| actor.userId | principal.user.userid |
| actor.userName | principal.user.user_display_name |
| client.displayName | principal.hostname |
| client.ipAddress | principal.ip |
| client.userAgent | network.http.user_agent |
| event.displayName | security_result.action_details |
| event.eventType | metadata.product_event_type |
| result.success | security_result.outcomes |
| target.applicationName | target.user.attribute.labels |
| target.applicationSessionId | target.user.attribute.labels |
| target.displayName | target.user.user_display_name |
| target.targetId | target.user.user_id |
| tenantId | metadata.product_log_id |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all | GENERIC_EVENT |
Log Sample¶
{ "actor": { "credential": { "id": "123456789", "name": "systemuser", "type": "Bearer" }, "displayName": "System User", "role": "admin", "type": "Admin User", "userId": "systemuser", "username": "systemuser" }, "client": { "additionalInfo": {}, "browser": null, "device": null, "displayName": "The Example System User", "ipAddress": "10.0.0.145", "platform": null, "userAgent": null }, "event": { "additionalInfo": {}, "displayName": "Example Application Name", "eventType": "example.read" }, "id": "", "result": { "message": null, "success": true }, "target": { "additionalInfo": {}, "applicationName": "AWS", "applicationSessionId": "abcdef1234567890", "displayName": "AWS | Application Name Example", "environmentGroupName": null, "environmentName": "102940536596 (Aera-UAT)", "parentEnvironmentGroupName": null, "targetId": "abcdefghijklmnopqr" }, "tenantId": "0xabcdefg123456", "timestamp": "2023-11-02T16:53:12.098+0000" }
Sample Parsing¶
metadata.product_log_id: "0xabcdefg123456"
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "Britive"
metadata.product_name: "Britive Audit API"
metadata.product_event_type: "example.read"
principal.hostname: "The Example System User"
principal.user.userid: "systemuser"
principal.user.user_display_name: "systemuser"
principal.ip: "10.0.0.145"
target.user.userid: "abcdefghijklmnopqr"
target.user.user_display_name: "AWS | Application Name Example"
target.user.attribute.labels["applicationSessionId"]: "abcdef1234567890"
target.user.attribute.labels["applicationName"]: "AWS"
security_result.action_details: "Example Application Name"
Rules¶
Coming Soon