Skip to content

Britivte Audit

britive_audit

About

Britive is an identity access management and policy enforcement platform for all your cloud infrastructure and platform services. Empowering organizations with rapid, secure access so they can accelerate the adoption of cloud infrastructure, apps, and data.‚Äč JIT and PAM Solutions.

Product Details

Vendor URL: Britive

Product Type: Cloud IAM

Product Tier: Tier II

Integration Method: JSON

Integration URL: N/A

Log Guide: Britive API Guide

Parser Details

Log Format: JSON

Expected Normalization Rate: near 99%

Data Label: BRITIVE_AUDIT_API

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
actor.userId principal.user.userid
actor.userName principal.user.user_display_name
client.displayName principal.hostname
client.ipAddress principal.ip
client.userAgent network.http.user_agent
event.displayName security_result.action_details
event.eventType metadata.product_event_type
result.success security_result.outcomes
target.applicationName target.user.attribute.labels
target.applicationSessionId target.user.attribute.labels
target.displayName target.user.user_display_name
target.targetId target.user.user_id
tenantId metadata.product_log_id

Product Event Types

Event UDM Event Classification
all GENERIC_EVENT

Log Sample

{ "actor": { "credential": { "id": "123456789", "name": "systemuser", "type": "Bearer" }, "displayName": "System User", "role": "admin", "type": "Admin User", "userId": "systemuser", "username": "systemuser" }, "client": { "additionalInfo": {}, "browser": null, "device": null, "displayName": "The Example System User", "ipAddress": "10.0.0.145", "platform": null, "userAgent": null }, "event": { "additionalInfo": {}, "displayName": "Example Application Name", "eventType": "example.read" }, "id": "", "result": { "message": null, "success": true }, "target": { "additionalInfo": {}, "applicationName": "AWS", "applicationSessionId": "abcdef1234567890", "displayName": "AWS | Application Name Example", "environmentGroupName": null, "environmentName": "102940536596 (Aera-UAT)", "parentEnvironmentGroupName": null, "targetId": "abcdefghijklmnopqr" }, "tenantId": "0xabcdefg123456", "timestamp": "2023-11-02T16:53:12.098+0000" }

Sample Parsing

metadata.product_log_id: "0xabcdefg123456"
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "Britive"
metadata.product_name: "Britive Audit API"
metadata.product_event_type: "example.read"
principal.hostname: "The Example System User"
principal.user.userid: "systemuser"
principal.user.user_display_name: "systemuser"
principal.ip: "10.0.0.145"
target.user.userid: "abcdefghijklmnopqr"
target.user.user_display_name: "AWS | Application Name Example"
target.user.attribute.labels["applicationSessionId"]: "abcdef1234567890"
target.user.attribute.labels["applicationName"]: "AWS"
security_result.action_details: "Example Application Name"

Rules

Coming Soon