Pure Storage¶
About¶
Pure Storage is a leading provider of enterprise-grade, all-flash block, file, and object storage. Pure delivers a Modern Data Experience, allowing you to rely on innovative, cloud-ready solutions and the best experience in technology to transform data into powerful outcomes.
Product Details¶
Vendor URL: Pure Storage
Product Type: Data storage
Product Tier: Tier III
Integration Method: Syslog
Integration URL: n/a
Log Guide: n/a
Parser Details¶
Log Format: Syslog with GROK filters
Expected Normalization Rate: 90-95%
Data Label: PURE_STORAGE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field | UDM Event Type |
|---|---|---|
| purity.audit | metadata.product_log_id | metadata |
| Array name | observer.hostname | observer |
| Controller | Not mapped to UDM | N/A |
| Interface | Not mapped to UDM | N/A |
| Module | Not mapped to UDM | N/A |
| Session | network.session_id | network |
| UTC Time | metadata.event_timestamp | metadata |
| User | principal.user.userid | principal |
| Location | principal.ip | principal |
| Sublocation | Not mapped to UDM | N/A |
| Action | metadata.product_event_type | metadata |
| Method | principal.application | principal |
| Result | security_result.action | security_result |
| Description | metadata.description | metadata |
Product Event Types¶
| Description | metadata.event_type |
|---|---|
| All | All events |
Log Sample¶
<182>Jul 6 13:15:04 sysloghost purity.audit: (login message ID: 676886) Array name: 'array' Controller: 0 Interface: 'REST' Module: '' Session: 'session' UTC Time: 2021-07-06T18:15:03Z User: 'user' Location '10.10.10.1' Sublocation: 'Java/11.0.10' Action: 'operation request' Method: '' Result: Success Description: ''
Sample Parsing¶
metadata.product_log_id = "login message ID: id"
metadata.event_timestamp = "2021-09-17T00:15:04Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Pure Storage"
metadata.product_event_type = "operation request"
metadata.ingested_timestamp = "2021-09-17T00:15:22.651580Z"
principal.user.userid = "username"
principal.ip = "10.10.10.1"
observer.hostname = "array"
security_result.action = "ALLOW"
network.session_id = "id"
Parser Alerting¶
[In Progress] Objective of parsing was to create a rule for the following condition:
“Pure Storage” data parsing requested for creation of rule.
source: “Pure Storage”
command: “purevol destroy”
Rules¶
Coming soon