OCSF version 1.0.0-rc.2 log examples for Verified Access - AWS Verified Access

OCSF version 1.0.0-rc.2 log examples for Verified Access

The following are sample logs using the logging OCSF version 1.0.0-rc.2.

Access granted with trust context included

{ "activity_name": "Access Grant", "activity_id": "1", "actor": { "authorizations": [{ "decision": "Allow", "policy": { "name": "inline" } }], "idp": { "name": "user", "uid": "vatp-09bc4cbce2EXAMPLE" }, "invoked_by": "", "process": {}, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "00u6wj48lbxTAEXAMPLE" }, "session": {} }, "category_name": "Audit Activity", "category_uid": "3", "class_name": "Access Activity", "class_uid": "3006", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0 }, "duration": "0.004", "end_time": "1668580194344", "time": "1668580194344", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "message": "", "metadata": { "uid": "Root=1-63748362-6408d24241120b942EXAMPLE", "logged_time": 1668580281337, "version": "1.0.0-rc.2", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:29:54.344948Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-002fa341aeEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.24.57.68", "port": "48234" }, "start_time": "1668580194340", "status_code": "100", "status_detail": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "300601", "type_name": "Access Activity: Access Grant", "data": { "context": { "oidc": { "family_name": "Last", "zoneinfo": "America/Los_Angeles", "exp": 1670631145, "middle_name": "Middle", "given_name": "First", "email_verified": true, "name": "Test User Display", "updated_at": 1666305953, "preferred_username": "johndoe-user@test.com", "profile": "http://www.example.com", "locale": "US", "nickname": "Tester", "email": "johndoe-user@test.com" }, "http_request": { "x_forwarded_for": "1.1.1.1,2.2.2.2", "http_method": "GET", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "port": "80", "hostname": "hostname.net" } } } }

Access granted with trust context omitted

{ "activity_name": "Access Grant", "activity_id": "1", "actor": { "authorizations": [{ "decision": "Allow", "policy": { "name": "inline" } }], "idp": { "name": "user", "uid": "vatp-09bc4cbce2EXAMPLE" }, "invoked_by": "", "process": {}, "user": { "email_addr": "johndoe@example.com", "name": "Test User Display", "uid": "johndoe@example.com", "uuid": "00u6wj48lbxTAEXAMPLE" }, "session": {} }, "category_name": "Audit Activity", "category_uid": "3", "class_name": "Access Activity", "class_uid": "3006", "device": { "ip": "10.2.7.68", "type": "Unknown", "type_id": 0 }, "duration": "0.004", "end_time": "1668580194344", "time": "1668580194344", "http_request": { "http_method": "GET", "url": { "hostname": "hello.app.example.com", "path": "/", "port": 443, "scheme": "https", "text": "https://hello.app.example.com:443/" }, "user_agent": "python-requests/2.28.1", "version": "HTTP/1.1" }, "http_response": { "code": 200 }, "message": "", "metadata": { "uid": "Root=1-63748362-6408d24241120b942EXAMPLE", "logged_time": 1668580281337, "version": "1.0.0-rc.2", "product": { "name": "Verified Access", "vendor_name": "AWS" } }, "ref_time": "2022-11-16T06:29:54.344948Z", "proxy": { "ip": "192.168.34.167", "port": 443, "svc_name": "Verified Access", "uid": "vai-002fa341aeEXAMPLE" }, "severity": "Informational", "severity_id": "1", "src_endpoint": { "ip": "172.24.57.68", "port": "48234" }, "start_time": "1668580194340", "status_code": "100", "status_detail": "Access Granted", "status_id": "1", "status": "Success", "type_uid": "300601", "type_name": "Access Activity: Access Grant", "data": null }