diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 45f7a00c1f303..2bc60fd26bb13 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -284,10 +284,10 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi /mailchimp/*.md @DataDog/saas-integrations @DataDog/documentation /mailchimp/manifest.json @DataDog/saas-integrations @DataDog/documentation -/mimecast/ @DataDog/saas-integrations -/mimecast/*.md @DataDog/saas-integrations @DataDog/documentation -/mimecast/manifest.json @DataDog/saas-integrations @DataDog/documentation -/mimecast/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/mimecast/ @DataDog/saas-integrations +/mimecast/*.md @DataDog/saas-integrations @DataDog/documentation +/mimecast/manifest.json @DataDog/saas-integrations @DataDog/documentation +/mimecast/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend /palo_alto_cortex_xdr/ @DataDog/saas-integrations /palo_alto_cortex_xdr/*.md @DataDog/saas-integrations @DataDog/documentation @@ -329,10 +329,10 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi /ringcentral/metadata.csv @DataDog/saas-integrations @DataDog/documentation /ringcentral/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend -/trend_micro_email_security/ @DataDog/saas-integrations -/trend_micro_email_security/*.md @DataDog/saas-integrations @DataDog/documentation -/trend_micro_email_security/manifest.json @DataDog/saas-integrations @DataDog/documentation -/trend_micro_email_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/trend_micro_email_security/ @DataDog/saas-integrations +/trend_micro_email_security/*.md @DataDog/saas-integrations @DataDog/documentation +/trend_micro_email_security/manifest.json @DataDog/saas-integrations @DataDog/documentation +/trend_micro_email_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend /trellix_endpoint_security/ @DataDog/saas-integrations /trellix_endpoint_security/*.md @DataDog/saas-integrations @DataDog/documentation diff --git a/lastpass/assets/logs/lastpass.yaml b/lastpass/assets/logs/lastpass.yaml index d842adb438fa3..05d34562563b4 100644 --- a/lastpass/assets/logs/lastpass.yaml +++ b/lastpass/assets/logs/lastpass.yaml @@ -139,7 +139,7 @@ pipeline: samples: - Testing_data - "VID: 8931324857103585383 to Testing_data" - - "'Testing_data' 'test@abc.com' 'Read only:no Admin:yes Hide PW:yes" + - "'Testing_data' 'test@abc.com' 'Read only:no Admin:yes Hide PW:yes'" - "'Testing_data' 'test@abc.com'" - "VID: 4364210409355695795" grok: @@ -149,7 +149,7 @@ pipeline: \'%{notSpace:shared_folder.modified_user}\' \'Read only\:%{word:shared_folder.permissions.read_only} Admin\:%{word:shared_folder.permissions.is_admin} Hide - PW\:%{word:shared_folder.permissions.hide_password} + PW\:%{word:shared_folder.permissions.hide_password}\' move_to VID\: %{numberStr:shared_folder.VID} to %{greedyData:shared_folder.name} diff --git a/lastpass/assets/logs/lastpass_tests.yaml b/lastpass/assets/logs/lastpass_tests.yaml index 90ab9c1d541bd..d60c5718ba9c8 100644 --- a/lastpass/assets/logs/lastpass_tests.yaml +++ b/lastpass/assets/logs/lastpass_tests.yaml @@ -526,4 +526,44 @@ tests: "timestamp" : 1.722921377E12 } tags: - - "source:LOGS_SOURCE" \ No newline at end of file + - "source:LOGS_SOURCE" + - sample: |- + { + "Action" : "Update folder permissions", + "Username" : "abc@test.com", + "Time" : "2024-08-06 05:16:17", + "Data" : "'SF5' 'cdd@test.com' 'Read only:yes Admin:yes Hide PW:yes'", + "IP_Address" : "10.10.10.10", + "timestamp" : 1.722921377E12 + } + result: + custom: + Data: "'SF5' 'cdd@test.com' 'Read only:yes Admin:yes Hide PW:yes'" + Time: "2024-08-06 05:16:17" + evt: + name: "Update folder permissions" + network: + client: + geoip: {} + ip: "10.10.10.10" + shared_folder: + modified_user: "cdd@test.com" + name: "SF5" + permissions: + hide_password: "yes" + is_admin: "yes" + read_only: "yes" + timestamp: 1.722921377E12 + usr: + name: "abc@test.com" + message: |- + { + "Action" : "Update folder permissions", + "Username" : "abc@test.com", + "Time" : "2024-08-06 05:16:17", + "Data" : "'SF5' 'cdd@test.com' 'Read only:yes Admin:yes Hide PW:yes'", + "IP_Address" : "10.10.10.10", + "timestamp" : 1.722921377E12 + } + tags: + - "source:LOGS_SOURCE" diff --git a/lastpass/images/lastpass_reporting_events_3.png b/lastpass/images/lastpass_reporting_events_3.png index 9eadfc44f34bd..6dbcd46d59948 100644 Binary files a/lastpass/images/lastpass_reporting_events_3.png and b/lastpass/images/lastpass_reporting_events_3.png differ