Skip to content

Druva inSync

Druva

About

Druva inSync™ is a SaaS platform that delivers unified data protection, management, and information governance at scale across endpoints and cloud applications in a secure and compliant manner. Delivered as-a-service, Druva inSync simplifies backup, archival, compliance, and device management to reduce the cost and complexity of protecting end-user data, support regulatory compliance, and improve data visibility.

Product Details

Vendor URL: Druva

Product Type: Saas Audit/Backup

Product Tier: Tier III

Integration Method: S3 Bucket

Integration URL: AWS S3

Log Guide: inSync Events

Parser Details

Log Format: JSON

Expected Normalization Rate: near 100%

Data Label: DRUVA

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
"Druva" metadata.vendor_name
"inSync" metadata.product_name
eventID metadata.product_log_id
eventType metadata.product_event_type
clientVersion metadata.product_version
clientOS principal.asset.software.version
profileName principal.group.group_display_name
profileID principal.group.product_object_id
inSyncDataSourceID principal.asset.asset_id
inSyncDataSourceName principal.asset.attribute.labels
inSyncUserName principal.user.user_display_name
inSyncUserID principal.user.userid
inSyncUserEmail principal.user.email_addresses
initiator principal.user.email_addresses
ip target.ip
facility additional.fields
initiator additional.fields
eventState security_result.action_details
severity security_result.severity
severity security_result.severity_details
eventDetails security_result.summary

Product Event Types

Product Event UDM Event
EventType contains "Login" USER_LOGIN
All other events GENERIC_EVENT

Log Sample

{"eventID": "0123", "eventType": "Backup", "profileName": "profilename", "inSyncUserName": "username", "clientVersion": "7.5.0r(031af18d)", "clientOS": "G Suite Gmail", "ip": "", "inSyncUserEmail": "username@email.co", "eventDetails": "Total Backup Size:1092976, Files Backed up:0, Files Missed:0, System and App Settings:Yes, Total Bytes Transferred:0, eventsGroupId:id", "timestamp": "2024-06-27T19:20:51Z", "inSyncUserID": "userid", "profileID": "profileid", "initiator": null, "inSyncDataSourceID": "datasourceID", "eventState": "Success", "inSyncDataSourceName": "Gmail", "severity": 5, "facility": 10}

Sample Parsing

metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Druva"
metadata.product_name = "inSync"
metadata.product_version = "7.5.0r(031af18d)"
metadata.product_event_type = "Backup"
additional.fields.key = "facility"
additional.fields.value = "10"
principal.user.userid = "userid"
principal.user.user_display_name = "username"
principal.user.email_addresses = "username@email.co"
principal.group.product_object_id = "profileid"
principal.group.group_display_name = "profilename"
principal.asset.asset_id = "dataSourceID: datasourceID"
principal.asset.software.version = "G Suite Gmail"
principal.attribute.labels.key = "dataSourceName"
principal.attribute.labels.value = "Gmail"
security_result.summary = "Total Backup Size:1092976, Files Backed up:0, Files Missed:0, System and App Settings:Yes, Total Bytes Transferred:0, eventsGroupId:id"
security_result.action_details: "Success"
security_result.severity = MEDIUM
security_result.severity_details: "5"