Skip to content

Veza Access Control Platform

Veza Access Control Platform

About

Veza provides a unified Access Platform, bringing together all identities, across all systems for sophisticated access search, actionable intelligence, automated access reviews, and seamless identity lifecycle management.

Product Details

Vendor URL: Veza Access Control Platform

Product Type: Identity and Access Management

Product Tier: Tier III

Integration Method: API

Integration URL: Cyderes Documentation

Log Guide: Veza Audit Logs

Log Guide: Veza System Events

Parser Details

Log Format: JSON

Expected Normalization Rate: 100%

Data Label: VEZA

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
category security_result.category_details
client.ip principal.ip
client.user_agent network.http.user_agent
ended_at additional.fields
endpoint target.resource.name
entity security_result.about.resource.type
entity_id security_result.about.resource.product_object_id
entity_name security_result.about.resource.name
error_reason security_result.action_details
error.message security_result.description
error.metadata.original_message security_result.detection_fields
error.reason security_result.rule_name
error.resolution security_result.summary
event_type metadata.product_event_type
id metadata.product_log_id
identity.api_key_id principal.resource.attribute.labels
identity.email principal.user.email_addresses
identity.user_id principal.user.userid
message metadata.description
method network.http.method
provider_id additional.fields
request_id security_result.detection_fields
severity security_result.severity_details
severity security_result.severity
started_at additional.fields
status.error_reason security_result.detection_fields
status.grpc_code security_result.detection_fields
status.http_status network.http.response_code
url target.url

Product Event Types

Event UDM Event Classification
Audit STATUS_UPDATE
Generic GENERIC_EVENT

Log Sample

{"client":{"ip":"10.0.0.0","user_agent":"Go-http-client/2.0"},"ended_at":"2024-07-16T11:30:43.229743381Z","endpoint":"/api_protos.v1.SystemService/ExportAuditEntries","identity":{"api_key_id":"1abcd123-123a-12abc-123abcdefg","email":"johndoe@example.com","session_id":"","user_id":"fa2f774e-f304-4340-8b14-8ead0c4d0de1"},"method":"GET","request":{},"request_id":"1a2b3c4d5e6d7e8g9hi123","response":{},"started_at":"2024-07-16T11:30:43.191874079Z","status":{"error_reason":"OK","grpc_code":"OK","http_status":200},"url":"/api/preview/system/audit/export?filter=persisted_at+ge+\"2024-07-16T11:15:42Z\"\u0026page_size=200"}

Sample Parsing

additional.fields["ended_at"] = "2024-07-16T11:30:43.380665082Z"
additional.fields["started_at"] = "2024-07-16T11:30:43.350241995Z"
metadata.event_type = "STATUS_UPDATE"
metadata.product_name = "Access Control"
metadata.vendor_name = "Veza"
network.http.method = "GET"
network.http.response_code = 200
network.http.user_agent = "Go-http-client/2.0"
principal.ip = "10.0.0.0"
principal.resource.attribute.labels.key = "api_key_id"
principal.resource.attribute.labels.value = "1abcd123-123a-12abc-123abcdefg"
principal.user.email_addresses = "johndoe@example.com"
principal.user.userid = "fa2f774e-f304-4340-8b14-8ead0c4d0de1"
security_result.action_details = "OK"
security_result.action = "ALLOW"
security_result.detection_fields.key = "request_id"
security_result.detection_fields.value = "1a2b3c4d5e6d7e8g9hi123"
security_result.detection_fields.key = "error_reason"
security_result.detection_fields.value = "OK"
security_result.detection_fields.key = "grpc_code"
security_result.detection_fields.value = "OK"
target.resource.name = "/api_protos.v1.SystemService/ExportAuditEntries"
target.url = "/api/preview/system/audit/export?filter=persisted_at+ge+\"2024-07-16T11:15:42Z\"\u0026page_size=200"