SOS Minimal Event

this connector can be used to build a minimal sos compliant generic event prerequisites none actions minimal base event endpoint method get input argument name type required description minimal base event object required parameter for minimal base event activity name string required the event activity name, as defined by the activity id cloud object optional describes details about the cloud enviroment where the event was originally created or logged account name string optional the name of the account (e g aws account name) account type string optional the user account type, as defined by the event source account uid string optional the unique identifier of the account (e g aws account id) org uid string optional the unique identifier of the organization to which the user belongs for example, active directory or aws org id project uid string optional cloud project identifier provider string required the unique name of the cloud services provider, such as aws, ms azure, gcp, etc region string optional the name of the cloud region, as defined by the cloud provider resource uid string optional the unique identifier of a cloud resource for example, s3 bucket name, ec2 instance id zone string optional the availability zone in the cloud region, as defined by the cloud provider count integer optional the number of times that events in the same logical group occurred during the event start time to end time period data object optional additional data that is associated with the event duration integer optional the event duration or aggregate time, the amount of time the event covers from start time to end time in milliseconds end time dt string optional the end time of a time period, or the time of the most recent event included in the aggregate event enrichments array optional the additional information from an external data source, which is associated with the event for example add location information for the ip address in the dns answers \[{"name" "answers ip", "value" "92 24 47 250", "type" "location", "data" {"city" "socotra", "continent" "asia", "coordinates" \[ 25 4153, 17 0743], "country" "ye", "desc" "yemen"}}] data object required the enrichment data associated with the attribute and value the meaning of this data depends on the type the enrichment record name string optional the name of the attribute to which the enriched data pertains provider string optional the enrichment data provider name type string optional the enrichment type for example location value object optional the value of the attribute to which the enriched data pertains message string optional the description of the event, as defined by the event source metadata object required the metadata associated with the event correlation uid string optional the unique identifier used to correlate events output parameter type description activity name string the event activity name, as defined by the activity id category name string the event category name, as defined by category uid value generic event class name string the event class name, as defined by class uid value minimal base event cloud object describes details about the cloud enviroment where the event was originally created or logged account name string the name of the account (e g aws account name) account type string the user account type, as defined by the event source account uid string the unique identifier of the account (e g aws account id) org uid string the unique identifier of the organization to which the user belongs for example, active directory or aws org id project uid string cloud project identifier provider string the unique name of the cloud services provider, such as aws, ms azure, gcp, etc region string the name of the cloud region, as defined by the cloud provider resource uid string the unique identifier of a cloud resource for example, s3 bucket name, ec2 instance id zone string the availability zone in the cloud region, as defined by the cloud provider count integer the number of times that events in the same logical group occurred during the event start time to end time period data object additional data that is associated with the event duration integer the event duration or aggregate time, the amount of time the event covers from start time to end time in milliseconds end time dt string the end time of a time period, or the time of the most recent event included in the aggregate event enrichments array the additional information from an external data source, which is associated with the event for example add location information for the ip address in the dns answers \[{"name" "answers ip", "value" "92 24 47 250", "type" "location", "data" {"city" "socotra", "continent" "asia", "coordinates" \[ 25 4153, 17 0743], "country" "ye", "desc" "yemen"}}] data object the enrichment data associated with the attribute and value the meaning of this data depends on the type the enrichment record name string the name of the attribute to which the enriched data pertains provider string the enrichment data provider name type string the enrichment type for example location value object the value of the attribute to which the enriched data pertains message string the description of the event, as defined by the event source metadata object the metadata associated with the event example \[ { "activity name" "string", "category name" "string", "class name" "string", "cloud" { "account name" "example name", "account type" "string", "account uid" "string", "org uid" "string", "project uid" "string", "provider" "string", "region" "string", "resource uid" "string", "zone" "string" }, "count" 123, "data" {}, "duration" 123, "end time dt" "string", "enrichments" \[], "message" "string", "metadata" { "correlation uid" "string", "labels" \[], "logged time dt" "string", "modified time dt" "string", "original time" "string", "processed time dt" "string", "product" {}, "profiles" \[], "sequence" 123, "uid" "string", "version" "string" }, "observables" \[], "raw data" "string", "start time dt" "string", "time dt" "string" } ]