Redis¶
About¶
Redis (REmote DIctionary Server) is an open source, in-memory, NoSQL key/value store that is used primarily as an application cache or quick-response database.
Product Details¶
Vendor URL: Redis
Product Type: Database
Product Tier: Tier III
Integration Method: n/a
Integration URL: n/a
Log Guide: n/a
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: REDIS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| "Redis" | metadata.vendor_name |
| "Redis" | metadata.product_name |
| msg | metadata.description |
| module | target.application |
| container.id | target.resource.product_object_id |
| container.name | target.resource.name |
| "CONTAINER" | target.resource.type |
| container.image.name | target.resource.attribute.labels |
| stream | additional.fields |
| docker_values | security_result.detection_fields |
Product Event Types¶
| Product Event | UDM Event |
|---|---|
| All events | GENERIC_EVENT |
Log Sample¶
{"container":{"id":"containerId","image":{"name":"redis-sentinel"},"name":"redis_redis-sentinel_1"},"cyderes_log_type":"REDIS","docker":{"container":{"labels":{"com_docker_compose_config-hash":"configHash","com_docker_compose_container-number":"1","com_docker_compose_oneoff":"False","com_docker_compose_project":"signhost-redis","com_docker_compose_project_config_files":"docker-compose.yml","com_docker_compose_project_working_dir":"/srv/Docker/Docker/redis","com_docker_compose_service":"redis-sentinel","com_docker_compose_version":"1.25.0"}}},"message":"1:X 06 Jun 2024 19:16:37.950 # Next failover delay: I will not start a failover before Thu Jun 6 19:16:48 2024","stream":"stdout"}
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Redis"
metadata.product_name = "Redis"
metadata.description = "Next failover delay: I will not start a failover before Thu Jun 6 19:16:48 2024"
additional.fields.key = "stream"
additional.fields.value = "stdout"
target.resource.type = "CONTAINER"
target.resource.name = "redis-redis-sentinel_1"
target.resource.product_object_id = "containerId"
target.resource.attribute.labels.key = "imageName"
target.resource.attribute.labels.value = "redis-sentinel"
security_result.detection_fields.key = "com_docker_compose_config-hash"
security_result.detection_fields.value = "configHash"
security_result.detection_fields.key = "com_docker_compose_container-number"
security_result.detection_fields.value = "1"
security_result.detection_fields.key = "com_docker_compose_oneoff"
security_result.detection_fields.value = "False"
security_result.detection_fields.key = "com_docker_compose_project"
security_result.detection_fields.value = "signhost-redis"
security_result.detection_fields.key = "com_docker_compose_project_config_files"
security_result.detection_fields.value = "docker-compose.yml"
security_result.detection_fields.key = "com_docker_compose_project_working_dir"
security_result.detection_fields.value = "/srv/Docker/Docker/redis"
security_result.detection_fields.key = "com_docker_compose_service"
security_result.detection_fields.value = "redis-sentinel"
security_result.detection_fields.key = "com_docker_compose_version"
security_result.detection_fields.value = "1.25.0"