OCSFesempi di log della versione 0.1 per Verified Access - AWS Accesso verificato

Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.

OCSFesempi di log della versione 0.1 per Verified Access

Di seguito sono riportati alcuni log di esempio che utilizzano la OCSF versione 0.1.

Accesso concesso con OIDC

In questa voce di registro di esempio, Verified Access consente l'accesso a un endpoint con un provider di fiducia per gli OIDC utenti.

{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0 }, "duration": "0.004", "end_time": "1668580194344", "time": "1668580194344", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "user", "uid": "vatp-09bc4cbce2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "00u6wj48lbxTAEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-63748362-6408d24241120b942EXAMPLE", "logged_time": 1668580281337, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:29:54.344948Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-002fa341aeEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.24.57.68", "port": "48234" }, "start_time": "1668580194340", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }

Accesso concesso con e OIDC JAMF

In questo esempio di voce di registro, Verified Access consente l'accesso a un endpoint sia con provider affidabili che con OIDC i JAMF device trust.

{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0, "uid": "41b07859-4222-4f41-f3b9-97dc1EXAMPLE" }, "duration": "0.347", "end_time": "1668804944086", "time": "1668804944086", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-9778003bc2EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "4f040d0f96becEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-321318ce-6100d340adf4fb29dEXAMPLE", "logged_time": 1668805278555, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-18T20:55:44.086480Z", "proxy": { "ip": "10.5.192.96", "port": 443, "svc_name": "Verified Access", "uid": "vai-3598f66575EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "192.168.20.246", "port": 61769 }, "start_time": "1668804943739", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }

Accesso concesso con e OIDC CrowdStrike

In questo esempio di voce di registro, Verified Access consente l'accesso a un endpoint sia con provider affidabili che con OIDC i CrowdStrike device trust.

{ "activity": "Access Granted", "activity_id": "1", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.2.173.3", "os": { "name": "Windows 11", "type": "Windows", "type_id": 100 }, "type": "Unknown", "type_id": 0, "uid": "122978434f65093aee5dfbdc0EXAMPLE", "hw_info": { "serial_number": "751432a1-d504-fd5e-010d-5ed11EXAMPLE" } }, "duration": "0.028", "end_time": "1668816620842", "time": "1668816620842", "http_request": { "http_method": "GET", "url": { "hostname": "test.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://test.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 304 }, "identity": { "authorizations": [ { "decision": "Allow", "policy": { "name": "inline" } } ], "idp": { "name": "oidc", "uid": "vatp-506d9753f6EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "23bb45b16a389EXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-c16c5a65-b641e4056cc6cb0eeEXAMPLE", "logged_time": 1668816977134, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-19T00:10:20.842295Z", "proxy": { "ip": "192.168.144.62", "port": 443, "svc_name": "Verified Access", "uid": "vai-2f80f37e64EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.14.173.3", "port": 55706 }, "start_time": "1668816620814", "status_code": "100", "status_details": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "20800101", "type_name": "AccessLogs: Access Granted", "unmapped": null }

In questo esempio di registrazione, Verified Access nega l'accesso a causa della mancanza di un cookie di autenticazione.

{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.0", "end_time": "1668593568259", "time": "1668593568259", "http_request": { "http_method": "POST", "url": { "hostname": "hello.app.example.com", "path": "/dns-query", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/dns-query" }, "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML", "version": "HTTP/2.0" }, "http_response": { "code": 302 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-5cf1c832-a565309ce20cc7dafEXAMPLE", "logged_time": 1668593776720, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T10:12:48.259762Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-108ed7a672EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.7.178.16", "port": "46246" }, "start_time": "1668593568258", "status_code": "200", "status_details": "Authentication Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }

Accesso negato dalla policy

In questa voce di registro di esempio, Verified Access nega una richiesta autenticata perché la richiesta non è consentita dalle politiche di accesso.

{ "activity": "Access Denied", "activity_id": "2", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": { "ip": "10.4.133.137", "type": "Unknown", "type_id": 0 }, "duration": "0.023", "end_time": "1668573630978", "time": "1668573630978", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "h2", "text": "https://hello.app.example.com:443/" }, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "version": "HTTP/2.0" }, "http_response": { "code": 401 }, "identity": { "authorizations": [], "idp": { "name": "user", "uid": "vatp-e048b3e0f8EXAMPLE" }, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "0e1281ad3580aEXAMPLE" } }, "message": "", "metadata": { "uid": "Root=1-531a036a-09e95794c7b96aefbEXAMPLE", "logged_time": 1668573773753, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T04:40:30.978732Z", "proxy": { "ip": "3.223.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-021d5eaed2EXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "10.4.133.137", "port": "31746" }, "start_time": "1668573630955", "status_code": "300", "status_details": "Authorization Denied", "status_id": "2", "status": "Failure", "type_uid": "20800102", "type_name": "AccessLogs: Access Denied", "unmapped": null }

Voce di registro sconosciuta

In questa voce di registro di esempio, Verified Access non può generare una voce di registro completa, quindi emette una voce di registro sconosciuta. Ciò garantisce che ogni richiesta venga visualizzata nel registro degli accessi.

{ "activity": "Unknown", "activity_id": "0", "category_name": "Application Activity", "category_uid": "8", "class_name": "Access Logs", "class_uid": "208001", "device": null, "duration": "0.004", "end_time": "1668580207898", "time": "1668580207898", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "identity": null, "message": "", "metadata": { "uid": "Root=1-435eb955-6b5a1d529343f5adaEXAMPLE", "logged_time": 1668580579147, "version": "0.1", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:30:07.898344Z", "proxy": { "ip": "10.1.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-6c32b53b3cEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.28.57.68", "port": "47220" }, "start_time": "1668580207893", "status_code": "000", "status_details": "Unknown", "status_id": "0", "status": "Unknown", "type_uid": "20800100", "type_name": "AccessLogs: Unknown", "unmapped": null }