Skip to content

Commit dae474b

Browse files
orenma-ddorenma-dd
authored
Oren.margalit/loi 571 cisco duo preserve source ocsf (DataDog#21194)
* preserve source for 2 fields * change test file * update test file
1 parent 8d1b2a5 commit dae474b

2 files changed

Lines changed: 168 additions & 156 deletions

File tree

cisco_duo/assets/logs/cisco-duo.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,7 @@ pipeline:
320320
sourceType: attribute
321321
target: ocsf.metadata.event_code
322322
targetType: attribute
323-
preserveSource: false
323+
preserveSource: true
324324
overrideOnConflict: false
325325
- type: attribute-remapper
326326
name: Map `isotimestamp`, `ts` to `ocsf.time`
@@ -704,7 +704,7 @@ pipeline:
704704
sourceType: attribute
705705
target: ocsf.actor.app_uid
706706
targetType: attribute
707-
preserveSource: false
707+
preserveSource: true
708708
overrideOnConflict: false
709709
- type: attribute-remapper
710710
name: Map `access_device.ip.address`, `access_device.ip` to `ocsf.src_endpoint.ip`
@@ -797,7 +797,7 @@ pipeline:
797797
sourceType: attribute
798798
target: ocsf.user.email_addr
799799
targetType: attribute
800-
preserveSource: false
800+
preserveSource: true
801801
overrideOnConflict: false
802802
- type: attribute-remapper
803803
name: Map `target.type` to `ocsf.user.type`
@@ -939,7 +939,7 @@ pipeline:
939939
sourceType: attribute
940940
target: ocsf.actor.user.email_addr
941941
targetType: attribute
942-
preserveSource: false
942+
preserveSource: true
943943
overrideOnConflict: false
944944
- type: attribute-remapper
945945
name: Map `actor.type` to `ocsf.actor.user.type`
@@ -1210,7 +1210,7 @@ pipeline:
12101210
sourceType: attribute
12111211
target: ocsf.user.email_addr
12121212
targetType: attribute
1213-
preserveSource: false
1213+
preserveSource: true
12141214
overrideOnConflict: false
12151215
- type: pipeline
12161216
name: OCSF sub pipeline for auth factor device enrichment

0 commit comments

Comments
 (0)