pC_code42printoperations.md

June 14, 2023 ยท View on GitHub

Parser Content

{
Name = code42-print-operations
  Vendor = Code42
  Product = Code42 Incydr
  Lms = Direct
  DataType = "print-activity"
  TimeFormat = "yyyy-MM-dd'T'HH:mm:ss"
  Conditions= [ """"fileCategoryByExtension"""",  """"eventType":"PRINTED"""", """"osHostName"""]
  Fields = [
    """exabeam_host=([^=]{1,2000}@\s{0,100})?({host}\S+)""",
    """"eventTimestamp"{1,20}:\s{0,100}"{1,20}({time}\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)""",
    """"eventType"{1,20}:\s{0,100}"{1,20}({event_code}[^"]{1,2000})""",
    """"source":"{1,20}({log_source}[^"]{1,2000})"""",
    """"userUid"{1,20}:\s{0,100}"{1,20}({user_uid}[^"]{1,2000})"""",
    """"deviceUid"{1,20}:\s{0,100}"{1,20}({device_id}[^"]{1,2000})"""",
    """"processOwner"{1,20}:\s{0,100}"{1,20}({user}[^"]{1,2000})"""",
    """"deviceUserName"{1,20}:\s{0,100}"{1,20}({user_email}[^@"]{1,2000}@[^"]{1,2000})"""",
    """"osHostName"{1,20}:\s{0,100}"{1,20}({dest_host}[^"]{1,2000})"""",
    """"actor"{1,20}:"{1,20}(({user_email}[^"@]{1,2000}@[^"@]{1,2000})|({user}[^"]{1,2000}))""",
    """"publicIpAddress":"{1,20}({dest_ip}[A-Fa-f\d:.]{1,2000})"""",
    """"privateIpAddresses":\[*"{1,20}({src_ip}[A-Fa-f\d:.]{1,2000})""",
    """"printerName":"{1,20}({printer_name}[^"]{1,2000})"""",
    """"printJobName":"{1,20}\s{0,100}({object}[^"]{1,2000})"""",
  ]
  DupFields = ["dest_host->device_name"]


}