Kisi¶
About¶
Today Kisi is the industry-leading physical security system for modern facilities. Arming your team members with a keyless entry system does more than eliminate keys—it builds a vibrant office culture. Our simple web dashboard and easy-to-use app save administrators and employees time, result in fewer interruptions, and add up to a positive work experience day after day. Kisi is the only access system that offers a future proof end-to-end solution. Over-the-cloud updates occur in real time and enable full automation through third-party software integrations. Our keyless entry system is installed in thousands of high-traffic facilities across the globe. More and more companies are switching their security to do it the Kisi way.
Product Details¶
Vendor URL: Kisi Website
Product Type: Physical Security
Product Tier: Tier III
Integration Method: Custom
Integration URL: N/A
Log Guide: N/A
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: KISI
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| auth_mechanism | extensions.auth.mechanism |
| log_message | metadata.description |
| Hard-Coded "GENERIC_EVENT" | metadata.event_type |
| product_event | metadata.product_event_type |
| Hard-Coded "Kisi" | metadata.product_name |
| version | metadata.product_version |
| Hard-Coded "Kisi" | metadata.vendor_name |
| observer | observer.hostname |
| observer | observer.ip |
| src, shost | principal.hostname |
| src, shost | principal.ip |
| log_message | principal.user.user_display_name |
| log_message | principal.user.userid |
| success | security_result.action |
| action | security_result.action_details |
| log_message | security_result.description |
| references | security_result.rule_labels |
| severity | security_result.severity |
| summary | security_result.summary |
| object_type | target.asset.category |
| log_message | target.asset.hostname |
| object_id | target.asset.product_object_id |
| dst | target.hostname |
| dst | target.ip |
| request | target.url |
Product Event Types¶
| Description | metadata.event_type |
|---|---|
| All Events | GENERIC_EVENT |
Log Sample¶
{"id": 123456789, "actor_type": "User", "actor_id": 123, "action": "unlocked", "object_type": "Lock", "object_id": 12345, "success": true, "code": "000000", "message": "John Doe (johndoe@domain.com) unlocked lock Inside Room .", "created_at": "2022-01-31T01:23:45Z", "references": [{"id": 12345, "type": "Lock"}, {"id": 23456, "type": "Place"}, {"id": 34567, "type": "Share"}, {"id": 45678, "type": "Group"}], "lambda-timestamp": "2022-01-31T01:23:46Z"}
Sample Parsing¶
metadata.event_timestamp.seconds = 1643592225
metadata.event_timestamp = 2022-01-31T01:23:45Z
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Kisi"
metadata.product_name = "Kisi"
metadata.description = "John Doe (johndoe@domain.com) unlocked lock Inside Room ."
principal.user.userid = "johndoe@domain.com"
principal.user.user_display_name = "John Doe"
target.asset.product_object_id = "12345"
target.asset.hostname = "Inside Room "
target.asset.category = "Lock"
security_result.action = ALLOW
security_result.action_details = "unlocked"
security_result.rule_labels.0.key = "Lock"
security_result.rule_labels.0.value = "12345"
security_result.rule_labels.1.key = "Place"
security_result.rule_labels.1.value = "23456"
security_result.rule_labels.2.key = "Share"
security_result.rule_labels.2.value = "34567"
security_result.rule_labels.3.key = "Group"
security_result.rule_labels.3.value = "45678"
extensions.auth.mechanism = BADGE_READER
Parser Alerting¶
If severity is "High", "high", "HIGH"
Rules¶
Coming Soon