SonaType¶
About¶
Monitor and manage all of your components and binaries in a central source of truth. Sonatype Nexus Repository accelerates repeatable builds for faster speed-to-market and enterprise-ready flexibility.
Product Details¶
Vendor URL: SonaType
Product Type: Artifact Repository Manager
Product Tier: Tier III
Integration Method: API
Integration URL: SonaType REST API
Log Guide: SonaType Audit Log Attributes
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 90-100%
Data Label: NEXUS_SONATYPE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| nodeId | metadata.product_log_id |
| initiator | principal.user.userid, principal.ip, principal.hostname, observer.hostname, observer.ip |
| audit.domain | metadata.product_event_type, target.resource.resource_type |
| audit.type | metadata.product_event_type, security_result.action_details |
| audit.context | metadata.product_event_type |
| audit.attributes.schedule | additional.fields["schedule"] |
| audit.attributes.currentState | additional.fields["currentState"] |
| audit.attributes.lastRunState | additional.fields["lastRunState"] |
| audit.attributes.name | target.resource.name |
| audit.attributes.format | target.resource.attribute.labels |
| audit.attributes.id | target.resource.product_object_id |
| audit.attributes.typeName | metadata.product_event_type |
| audit.attributes.visible | additional.fields["Visible"] |
| audit.attributes.typeId | target.resource.resource_subtype |
| audit.attributes.updated | target.resource.attribute.last_update_time.seconds, nanos |
| audit.attributes.recoverable | additional.fields["recoverable"] |
| audit.attributes.message | metadata.description |
| audit.attributes.exposed | additional.fields["exposed"] |
| audit.attributes.created | target.resource.attribute.creation_time.seconds, nanos |
| audit.attributes.principal | target.user.userid |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| Login | USER_LOGIN |
| Logout | USER_LOGOUT |
| All Others | GENERIC_EVENT |
Log Sample¶
{"nodeId":"846E2F38-8F9C1BAE-6D96C0C0-xxxxxxxx-xxxxxxxx","initiator":"UserName/10.0.0.5","audit":{"domain":"tasks","type":"finished","context":"Admin - Cleanup unused asset blobs","attributes":{"schedule":"Cron{properties={schedule.clientTimeZone=US/Eastern, schedule.startAt=2024-09-25T12:03:37.002-04:00, schedule.cronExpression=0 */30 * * * ?, schedule.type=cron}}","currentState":"CurrentStateImpl{state=WAITING, nextRun=Mon Sep 30 17:00:00 EDT 2024, future=null}","lastRunState":"LastRunStateImpl{endState=OK, runStarted=Mon Sep 30 16:30:00 EDT 2024, runDuration=2061}",".name":"Cleanup unused docker blobs from nexus","contentStore":"nexus","lastRunState.runStarted":"1727728200018","format":"docker",".id":"bbcf3a44-fcaa-42ed-95be-xxxxxxxxxxxx",".typeName":"Admin - Cleanup unused asset blobs",".visible":"true",".typeId":"assetBlob.cleanup","lastRunState.endState":"OK",".updated":"2024-09-25T16:03:37.003Z",".recoverable":"false",".message":"Cleanup unused docker blobs from nexus","lastRunState.runDuration":"2061",".exposed":"false",".created":"2024-09-25T16:03:37.003Z"}}}
Sample Parsing¶
additional.fields["currentState"] = "CurrentStateImpl{state=WAITING, nextRun=Mon Sep 30 17:00:00 EDT 2024, future=null}"
additional.fields["exposed"] = "false"
additional.fields["lastRunState"] = "LastRunStateImpl{endState=OK, runStarted=Mon Sep 30 16:30:00 EDT 2024, runDuration=2061}"
additional.fields["recoverable"] = "false"
additional.fields["schedule"] = "Cron{properties={schedule.clientTimeZone=US/Eastern, schedule.startAt=2024-09-25T12:03:37.002-04:00, schedule.cronExpression=0 */30 * * * ?, schedule.type=cron}}"
additional.fields["Visible"] = "true"
metadata.description = "Cleanup unused docker blobs from nexus"
metadata.event_timestamp.seconds = 1727728202
metadata.event_timestamp.nanos = 463626000
metadata.product_event_type = "Admin - Cleanup unused asset blobs"
metadata.product_log_id = "846E2F38-8F9C1BAE-6D96C0C0-xxxxxxxx-xxxxxxxx"
observer.ip = "10.0.0.5"
principal.ip = "10.0.0.5"
principal.user.userid = "UserName"
security_result.action_details = "finished"
security_result.action = "ALLOW"
target.resource.attribute.creation_time.seconds = 1727280217
target.resource.attribute.creation_time.nanos = 3000000
target.resource.attribute.labels.key = "format"
target.resource.attribute.labels.value = "docker"
target.resource.attribute.last_update_time.seconds = 1727280217
target.resource.attribute.last_update_time.nanos = 3000000
target.resource.name = "Cleanup unused docker blobs from nexus"
target.resource.product_object_id = "bbcf3a44-fcaa-42ed-95be-xxxxxxxxxxxx"
target.resource.resource_subtype = "assetBlob.cleanup"
target.resource.resource_type = "TASK"
Rules¶
Coming Soon