Culture AI¶
About¶
CultureAI takes a data-driven approach to allow security & awareness teams to manage the cyber security risks their workforce create. CultureAI comntinuously monitors security risks created by your workforce, then uses the insights to help you automatically manage risks so people prevent breaches, not cause them.
Product Details¶
Vendor URL: Culture AI
Product Type: Security Awareness
Product Tier: Tier II
Integration Method: Custom
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 90%
Data Label: CULTURE_AI
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| commmon.employee.email | principal.user.email_addresses |
| commmon.employee.forename | principal.user.first_name |
| commmon.employee.id | principal.user.employee_id |
| commmon.employee.jobTitle | principal.user.title |
| commmon.metadata.department | principal.user.department |
| commmon.metadata.displayName | principal.user.user_display_name |
| commmon.metadata.division | principal.user.department |
| commmon.metadata.userName | principal.user.userid |
| commmon.surname | principal.user.last_name |
| dataSource | principal.application |
| event.type | metadata.product_event_type |
| link | security_result.url_back_to_product |
| receipt.email | network.email.to |
| specific.recipients.0.email | network.email.from |
| specific.subject | network.email.subject |
| vuln.hostname | security_result.about.hostname |
| vuln.url | security_result.about.url |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all logs | GENERIC_EVENT |
Log Sample¶
{"event":{"id":57792,"occurrenceId":1952596,"pushId":406862,"type":"EmailPhishing\\ReportingOther"},"commmon":{"employee":{"platformUser":false,"platformAdmin":false,"creationDate":date,"id":idname,"surname":"lastname","metadata":{"userName":"emailaddress0","emails_raw":"[{\"primary\":true,\"value\":\"emailaddress0\"}]","displayName":"firstname lastname","locale":"en-US","manager_raw":"{\"value\":\"1664\",\"displayName\":\"firstname, lastname\"}","externalId":"idname","name_raw":"{\"givenName\":\"firstname\",\"familyName\":\"lastname\"}","division":"Technology","department":"department1","groups_raw":"[]"},"email":"emailaddress0","jobTitle":"jobtitle","forename":"firstname"},"behaviourIndicator":"POSITIVE","dataSource":"CultureAI Reporter","title":"Employee reported a potential phishing email","subtext":"emailsubject","date":"2023-01-28","timestamp":1674919006},"specific":{"interactions":[],"links":["mailto:emailaddress0","url1","url1;eid=eid1;tok=token1;ctz=tz1;hl=language1;es=es1;","url1;eid=eid2;rst=2\u0026amp;tok=token1;ctz=tz1;hl=language1;es=es1;","url1;eid=eid2;rst=3\u0026amp;tok=token1;ctz=tz1;hl=language1;es=es1;","url2;eid=eid2;tok=token1;ctz=tz1;hl=language1;es=es1;","url3","url4","url5"],"attachments":[{"id":13532,"filename":"noname1","comntentType":"text/calendar","sha256":"hash1"},{"id":13533,"filename":"noname1","comntentType":"text/calendar","sha256":"hash1"},{"comntentType":"application/ics","sha256":"hash1","id":13534,"filename":"file1"}],"reference":null,"subject":"emailsubject","sender":{"email":"emailaddress1","name":"name1"},"recipients":[{"email":"emailaddress0","name":null}]}}
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Culture AI"
metadata.product_name = "Culture AI"
metadata.product_event_type = "EmailPhishing\ReportingOther"
principal.user.email_addresses = "emailaddress0"
principal.user.employee_id = "idname"
principal.user.first_name = "firstname"
principal.user.title = "jobtitle"
about.file.sha256 = "hash1"
about.file.full_path = "file1"
about.file.mime_type = "application/ics"
about.file.sha256 = "hash1"
about.file.full_path = "file1"
about.file.mime_type = "application/ics"
about.file.sha256 = "hash1"
about.file.full_path = "file1"
about.file.mime_type = "application/ics"
security_result.url_back_to_product = "mailto:emailaddress0"
security_result.url_back_to_product = "url1"
security_result.url_back_to_product = "url2"
security_result.url_back_to_product = "url3"
security_result.url_back_to_product = "url4"
security_result.url_back_to_product = "url5"
network.email.from = "emailaddress0"
network.email.to = "emailaddress0"
network.email.subject = "emailsubject"