Verkada¶
About¶
Verkada's mission is to protect people and places in a privacy-sensitive way.
Product Details¶
Vendor URL: Verkada
Product Type: Physical Security Devices
Product Tier: Tier III
Integration Method: Verkada API
Integration URL: Cyderes Webook Integration
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: VERKADA
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| api_key_name | src.resource.name |
| key_owner_id | src.resource.product_object_id |
| method | src.process.command_line |
| url | src.url |
| event_description | metadata.description |
| event_name | metadata.product_event_type |
| ip_address | principal.ip |
| organization_id | principal.user.group_identifiers |
| timestamp | metadata.event_timestamp |
| user_email | principal.user.email_addresses |
| user_id | principal.user.userid |
| user_name | principal.user.user_display_name |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| All | All | Generic_Event |
| Login | User Login | USER_LOGIN |
| Logout | User Logout | USER_LOGOUT |
| Public API Request | Public API Request | GENERIC_EVENT |
Log Sample¶
{"details": {"api_key": "**********************************a35c01", "api_key_name": "Chronical-Verkada-2", "key_owner_id": "8xxxxxx9-xxxx-xxxx-xxxx-xxxxxxxx86a9", "method": "GET", "url": "/core/v1/audit_log"}, "devices": null, "event_description": "Public API Request", "event_name": "Public API Request", "ip_address": "172.16.0.10", "organization_id": "0exxxxxa-xxxx-xxxx-xxxx-xxxxxxxe3243", "timestamp": "2024-08-22T05:00:46Z", "user_email": "user.admin@domain.com", "user_id": "8xxxxxx9-xxxx-xxxx-xxxx-xxxxxxxx86a9", "user_name": "John Doe"}
Sample Parsing¶
metadata.product_event_type = "Public API Request"
principal.ip = "172.16.0.10"
principal.user.email_addresses = "user.admin@domain.com"
principal.user.group_identifiers = "0exxxxxa-xxxx-xxxx-xxxx-xxxxxxxe3243"
principal.user.user_display_name = "John Doe"
principal.user.userid = "8xxxxxx9-xxxx-xxxx-xxxx-xxxxxxxx86a9"
src.process.command_line = "GET"
src.resource.name = "Chronical-Verkada-2"
src.resource.product_object_id = "8xxxxxx9-xxxx-xxxx-xxxx-xxxxxxxx86a9"
src.resource.resource_subtype = "API Key: **********************************a35c01"
src.resource.resource_type = "CREDENTIAL"
src.url = "/core/v1/audit_log"
Rules¶
Coming Soon