- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Events around artifact collection. These events can be addressed in D&R rules via the artifact_event
target. Note that 'artifact_event' event is generated in the cloud so there is no need for the Event Collection settings.
INGEST
A new artifact has been ingested.
Sample Event:
{
"routing" : {
"log_id" : "ca812425-5a36-4c73-a0a0-935a8ace6451",
"event_type" : "ingest",
"log_type" : "pcap",
"oid" : "ca812425-5a36-4c73-a0a0-935a8ace6451",
"event_time" : 1561741553230,
},
"event" : {
"size" : 2048,
"source" : "a75cc927-bf28-4178-a42d-25ecc8a6be81",
"original_path" : "/data/pcap/dat.pcap",
"original_md5" : "adjfnwonefowrnfowef",
},
}
EXPORT_COMPLETE
An export of artifact data is completed and ready for download.
Sample Event:
{
"routing" : {
"log_id" : "ca812425-5a36-4c73-a0a0-935a8ace6451",
"event_type" : "export_complete",
"log_type" : "pcap",
"oid" : "ca812425-5a36-4c73-a0a0-935a8ace6451",
"event_time" : 1561741553230,
},
"event" : {
"size" : 2048,
"source" : "a75cc927-bf28-4178-a42d-25ecc8a6be81",
"original_path" : "/data/pcap/dat.pcap",
"export_id" : "d9ae5c17-d519-4ef5-a4ac-c454a95d31ca",
},
}
Was this article helpful?