SOS Minimal Event

this connector can be used to build a minimal sos compliant generic event prerequisites none actions minimal base event endpoint method get input argument name type required description minimal base event object required parameter for minimal base event minimal base event activity name string required the event activity name, as defined by the activity id minimal base event cloud object optional describes details about the cloud enviroment where the event was originally created or logged minimal base event cloud account name string optional the name of the account (e g aws account name) minimal base event cloud account type string optional the user account type, as defined by the event source minimal base event cloud account uid string optional the unique identifier of the account (e g aws account id) minimal base event cloud org uid string optional the unique identifier of the organization to which the user belongs for example, active directory or aws org id minimal base event cloud project uid string optional cloud project identifier minimal base event cloud provider string required the unique name of the cloud services provider, such as aws, ms azure, gcp, etc minimal base event cloud region string optional the name of the cloud region, as defined by the cloud provider minimal base event cloud resource uid string optional the unique identifier of a cloud resource for example, s3 bucket name, ec2 instance id minimal base event cloud zone string optional the availability zone in the cloud region, as defined by the cloud provider minimal base event count integer optional the number of times that events in the same logical group occurred during the event start time to end time period minimal base event data object optional additional data that is associated with the event minimal base event duration integer optional the event duration or aggregate time, the amount of time the event covers from start time to end time in milliseconds minimal base event end time dt string optional the end time of a time period, or the time of the most recent event included in the aggregate event minimal base event enrichments array optional the additional information from an external data source, which is associated with the event for example add location information for the ip address in the dns answers \[{"name" "answers ip", "value" "92 24 47 250", "type" "location", "data" {"city" "socotra", "continent" "asia", "coordinates" \[ 25 4153, 17 0743], "country" "ye", "desc" "yemen"}}] minimal base event enrichments data object required the enrichment data associated with the attribute and value the meaning of this data depends on the type the enrichment record minimal base event enrichments name string optional the name of the attribute to which the enriched data pertains minimal base event enrichments provider string optional the enrichment data provider name minimal base event enrichments type string optional the enrichment type for example location minimal base event enrichments value object optional the value of the attribute to which the enriched data pertains minimal base event message string optional the description of the event, as defined by the event source minimal base event metadata object required the metadata associated with the event minimal base event metadata correlation uid string optional the unique identifier used to correlate events input example {"minimal base event" {"activity name" "example name","cloud" {"account name" "example name","account type" "string","account uid" "string","org uid" "string","project uid" "string","provider" "string","region" "string","resource uid" "string","zone" "string"},"count" 123,"data" {},"duration" 123,"end time dt" "string","enrichments" \[{"data" {},"name" "example name","provider" "string","type" "string","value" {}}],"message" "string","metadata" {"correlation uid" "string","labels" \["string"],"logged time dt" "string","modified time dt" "string","original time" "string","processed time dt" "string","product" {"feature" {},"lang" "string","name" "example name","path" "string","uid" "string","vendor name" "example name","version" "string"},"profiles" \["string"],"sequence" 123,"uid" "string","version" "string"},"observables" \[{"enrichments" \[{"data" {},"name" "example name","provider" "string","type" "string","value" {}}],"name" "example name","type" "string","value" {}}],"raw data" "string","start time dt" "string","time dt" "string","timezone offset" 123,"unmapped" {}}} output parameter type description activity name string the event activity name, as defined by the activity id category name string the event category name, as defined by category uid value generic event class name string the event class name, as defined by class uid value minimal base event cloud object describes details about the cloud enviroment where the event was originally created or logged cloud account name string the name of the account (e g aws account name) cloud account type string the user account type, as defined by the event source cloud account uid string the unique identifier of the account (e g aws account id) cloud org uid string the unique identifier of the organization to which the user belongs for example, active directory or aws org id cloud project uid string cloud project identifier cloud provider string the unique name of the cloud services provider, such as aws, ms azure, gcp, etc cloud region string the name of the cloud region, as defined by the cloud provider cloud resource uid string the unique identifier of a cloud resource for example, s3 bucket name, ec2 instance id cloud zone string the availability zone in the cloud region, as defined by the cloud provider count integer the number of times that events in the same logical group occurred during the event start time to end time period data object additional data that is associated with the event duration integer the event duration or aggregate time, the amount of time the event covers from start time to end time in milliseconds end time dt string the end time of a time period, or the time of the most recent event included in the aggregate event enrichments array the additional information from an external data source, which is associated with the event for example add location information for the ip address in the dns answers \[{"name" "answers ip", "value" "92 24 47 250", "type" "location", "data" {"city" "socotra", "continent" "asia", "coordinates" \[ 25 4153, 17 0743], "country" "ye", "desc" "yemen"}}] enrichments data object the enrichment data associated with the attribute and value the meaning of this data depends on the type the enrichment record enrichments name string the name of the attribute to which the enriched data pertains enrichments provider string the enrichment data provider name enrichments type string the enrichment type for example location enrichments value object the value of the attribute to which the enriched data pertains message string the description of the event, as defined by the event source metadata object the metadata associated with the event output example {"activity name" "string","category name" "string","class name" "string","cloud" {"account name" "example name","account type" "string","account uid" "string","org uid" "string","project uid" "string","provider" "string","region" "string","resource uid" "string","zone" "string"},"count" 123,"data" {},"duration" 123,"end time dt" "string","enrichments" \[],"message" "string","metadata" {"correlation uid" "string","labels" \["string"],"logged time dt" "string","modified time dt" "string","original t response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt