diff --git a/internal/fields/validate.go b/internal/fields/validate.go index 5e41f3d55..34c791481 100644 --- a/internal/fields/validate.go +++ b/internal/fields/validate.go @@ -321,9 +321,15 @@ func initDependencyManagement(packageRoot string, specVersion semver.Version, im return nil, nil, err } logger.Debugf("Imported ECS fields definition from external schema for validation (embedded in package: %v, stack uses ecs@mappings template: %v)", packageEmbedsEcsMappings, stackSupportsEcsMapping) + schema = ecsSchema } + // ecs@mappings adds additional multifields that are not defined anywhere. + // Adding them in all cases so packages can be tested in versions of the stack that + // add the ecs@mappings component template. + schema = appendECSMappingMultifields(schema, "") + return fdm, schema, nil } @@ -383,6 +389,86 @@ func allVersionsIncludeECS(kibanaConstraints *semver.Constraints) bool { // return !kibanaConstraints.Check(lastStackVersionWithoutEcsMappings) } +func ecsPathWithMultifieldsMatch(name string) bool { + suffixes := []string{ + // From https://github.com/elastic/elasticsearch/blob/34a78f3cf3e91cd13f51f1f4f8e378f8ed244a2b/x-pack/plugin/core/template-resources/src/main/resources/ecs%40mappings.json#L87 + ".body.content", + "url.full", + "url.original", + + // From https://github.com/elastic/elasticsearch/blob/34a78f3cf3e91cd13f51f1f4f8e378f8ed244a2b/x-pack/plugin/core/template-resources/src/main/resources/ecs%40mappings.json#L96 + "command_line", + "stack_trace", + + // From https://github.com/elastic/elasticsearch/blob/34a78f3cf3e91cd13f51f1f4f8e378f8ed244a2b/x-pack/plugin/core/template-resources/src/main/resources/ecs%40mappings.json#L113 + ".title", + ".executable", + ".name", + ".working_directory", + ".full_name", + "file.path", + "file.target_path", + "os.full", + "email.subject", + "vulnerability.description", + "user_agent.original", + } + + for _, suffix := range suffixes { + if strings.HasSuffix(name, suffix) { + return true + } + } + + return false +} + +// appendECSMappingMultifields adds multifields included in ecs@mappings that are not defined anywhere, for fields +// that don't define any multifield. +func appendECSMappingMultifields(schema []FieldDefinition, prefix string) []FieldDefinition { + rules := []struct { + match func(name string) bool + definitions []FieldDefinition + }{ + { + match: ecsPathWithMultifieldsMatch, + definitions: []FieldDefinition{ + { + Name: "text", + Type: "match_only_text", + }, + }, + }, + } + + var result []FieldDefinition + for _, def := range schema { + fullName := def.Name + if prefix != "" { + fullName = prefix + "." + fullName + } + def.Fields = appendECSMappingMultifields(def.Fields, fullName) + + for _, rule := range rules { + if !rule.match(fullName) { + continue + } + for _, mf := range rule.definitions { + // Append multifields only if they are not already defined. + f := func(d FieldDefinition) bool { + return d.Name == mf.Name + } + if !slices.ContainsFunc(def.MultiFields, f) { + def.MultiFields = append(def.MultiFields, mf) + } + } + } + + result = append(result, def) + } + return result +} + //go:embed _static/allowed_geo_ips.txt var allowedGeoIPs string @@ -546,14 +632,14 @@ func (v *Validator) validateMapElement(root string, elem common.MapStr, doc comm key := strings.TrimLeft(root+"."+name, ".") switch val := val.(type) { - case []map[string]interface{}: + case []map[string]any: for _, m := range val { err := v.validateMapElement(key, m, doc) if err != nil { errs = append(errs, err...) } } - case map[string]interface{}: + case map[string]any: if isFieldTypeFlattened(key, v.Schema) { // Do not traverse into objects with flattened data types // because the entire object is mapped as a single field. @@ -573,22 +659,22 @@ func (v *Validator) validateMapElement(root string, elem common.MapStr, doc comm return errs } -func (v *Validator) validateScalarElement(key string, val interface{}, doc common.MapStr) error { +func (v *Validator) validateScalarElement(key string, val any, doc common.MapStr) error { if key == "" { return nil // root key is always valid } definition := FindElementDefinition(key, v.Schema) - if definition == nil && skipValidationForField(key) { - return nil // generic field, let's skip validation for now - } - if definition == nil { - switch val.(type) { - case []any, []map[string]interface{}: - return fmt.Errorf(`field "%s" is used as array of objects, expected explicit definition with type group or nested`, key) + switch { + case skipValidationForField(key): + return nil // generic field, let's skip validation for now + case isArrayOfObjects(val): + return fmt.Errorf(`field %q is used as array of objects, expected explicit definition with type group or nested`, key) + case couldBeMultifield(key, v.Schema): + return fmt.Errorf(`field %q is undefined, could be a multifield`, key) default: - return fmt.Errorf(`field "%s" is undefined`, key) + return fmt.Errorf(`field %q is undefined`, key) } } @@ -629,7 +715,7 @@ func (v *Validator) SanitizeSyntheticSourceDocs(docs []common.MapStr) ([]common. // in case it is not specified any normalization and that field is an array of // just one element, the field is going to be updated to remove the array and keep // that element as a value. - vals, ok := contents.([]interface{}) + vals, ok := contents.([]any) if !ok { continue } @@ -685,7 +771,7 @@ func createDocExpandingObjects(doc common.MapStr) (common.MapStr, error) { // Possible errors found but not limited to those // - expected map but type is string - // - expected map but type is []interface{} + // - expected map but type is []any if strings.HasPrefix(err.Error(), "expected map but type is") { logger.Debugf("not able to add key %s, is this a multifield?: %s", k, err) continue @@ -752,6 +838,40 @@ func isFieldTypeFlattened(key string, fieldDefinitions []FieldDefinition) bool { return definition != nil && definition.Type == "flattened" } +func couldBeMultifield(key string, fieldDefinitions []FieldDefinition) bool { + lastDotIndex := strings.LastIndex(key, ".") + if lastDotIndex < 0 { + // Field at the root level cannot be a multifield. + return false + } + parentKey := key[:lastDotIndex] + parent := FindElementDefinition(parentKey, fieldDefinitions) + if parent == nil { + // Parent is not defined, so not sure what this can be. + return false + } + switch parent.Type { + case "", "group", "nested", "group-nested", "object": + // Objects cannot have multifields. + return false + } + return true +} + +func isArrayOfObjects(val any) bool { + switch val := val.(type) { + case []map[string]any: + return true + case []any: + for _, e := range val { + if _, isMap := e.(map[string]any); isMap { + return true + } + } + } + return false +} + func findElementDefinitionForRoot(root, searchedKey string, FieldDefinitions []FieldDefinition) *FieldDefinition { for _, def := range FieldDefinitions { key := strings.TrimLeft(root+"."+def.Name, ".") @@ -825,7 +945,7 @@ func compareKeys(key string, def FieldDefinition, searchedKey string) bool { return false } -func (v *Validator) validateExpectedNormalization(definition FieldDefinition, val interface{}) error { +func (v *Validator) validateExpectedNormalization(definition FieldDefinition, val any) error { // Validate expected normalization starting with packages following spec v2 format. if v.specVersion.LessThan(semver2_0_0) { return nil @@ -833,7 +953,7 @@ func (v *Validator) validateExpectedNormalization(definition FieldDefinition, va for _, normalize := range definition.Normalize { switch normalize { case "array": - if _, isArray := val.([]interface{}); val != nil && !isArray { + if _, isArray := val.([]any); val != nil && !isArray { return fmt.Errorf("expected array, found %q (%T)", val, val) } } @@ -876,7 +996,7 @@ func validSubField(def FieldDefinition, extraPart string) bool { // parseElementValue checks that the value stored in a field matches the field definition. For // arrays it checks it for each Element. -func (v *Validator) parseElementValue(key string, definition FieldDefinition, val interface{}, doc common.MapStr) error { +func (v *Validator) parseElementValue(key string, definition FieldDefinition, val any, doc common.MapStr) error { err := v.parseAllElementValues(key, definition, val, doc) if err != nil { return err @@ -887,7 +1007,7 @@ func (v *Validator) parseElementValue(key string, definition FieldDefinition, va // parseAllElementValues performs validations that must be done for all elements at once in // case that there are multiple values. -func (v *Validator) parseAllElementValues(key string, definition FieldDefinition, val interface{}, doc common.MapStr) error { +func (v *Validator) parseAllElementValues(key string, definition FieldDefinition, val any, doc common.MapStr) error { switch definition.Type { case "constant_keyword", "keyword", "text": if !v.specVersion.LessThan(semver2_0_0) { @@ -904,7 +1024,7 @@ func (v *Validator) parseAllElementValues(key string, definition FieldDefinition } // parseSingeElementValue performs validations on individual values of each element. -func (v *Validator) parseSingleElementValue(key string, definition FieldDefinition, val interface{}, doc common.MapStr) error { +func (v *Validator) parseSingleElementValue(key string, definition FieldDefinition, val any, doc common.MapStr) error { invalidTypeError := func() error { return fmt.Errorf("field %q's Go type, %T, does not match the expected field type: %s (field value: %v)", key, val, definition.Type, val) } @@ -978,7 +1098,7 @@ func (v *Validator) parseSingleElementValue(key string, definition FieldDefiniti // Groups should only contain nested fields, not single values. case "group", "nested": switch val := val.(type) { - case map[string]interface{}: + case map[string]any: // This is probably an element from an array of objects, // even if not recommended, it should be validated. if v.specVersion.LessThan(semver3_0_1) { @@ -989,7 +1109,7 @@ func (v *Validator) parseSingleElementValue(key string, definition FieldDefiniti return nil } return errs - case []interface{}: + case []any: // This can be an array of array of objects. Elasticsearh will probably // flatten this. So even if this is quite unexpected, let's try to handle it. if v.specVersion.LessThan(semver3_0_1) { @@ -1048,8 +1168,8 @@ func (v *Validator) isAllowedIPValue(s string) bool { // forEachElementValue visits a function for each element in the given value if // it is an array. If it is not an array, it calls the function with it. -func forEachElementValue(key string, definition FieldDefinition, val interface{}, doc common.MapStr, fn func(string, FieldDefinition, interface{}, common.MapStr) error) error { - arr, isArray := val.([]interface{}) +func forEachElementValue(key string, definition FieldDefinition, val any, doc common.MapStr, fn func(string, FieldDefinition, any, common.MapStr) error) error { + arr, isArray := val.([]any) if !isArray { return fn(key, definition, val, doc) } @@ -1128,13 +1248,13 @@ func ensureExpectedEventType(key string, values []string, definition FieldDefini return nil } -func valueToStringsSlice(value interface{}) ([]string, error) { +func valueToStringsSlice(value any) ([]string, error) { switch v := value.(type) { case nil: return nil, nil case string: return []string{v}, nil - case []interface{}: + case []any: var values []string for _, e := range v { s, ok := e.(string) diff --git a/internal/fields/validate_test.go b/internal/fields/validate_test.go index a7c57ff73..058181004 100644 --- a/internal/fields/validate_test.go +++ b/internal/fields/validate_test.go @@ -195,7 +195,7 @@ func TestValidate_ExpectedEventType(t *testing.T) { title: "valid event type", doc: common.MapStr{ "event.category": "authentication", - "event.type": []interface{}{"info"}, + "event.type": []any{"info"}, }, valid: true, }, @@ -210,15 +210,15 @@ func TestValidate_ExpectedEventType(t *testing.T) { title: "multiple valid event type", doc: common.MapStr{ "event.category": "network", - "event.type": []interface{}{"protocol", "connection", "end"}, + "event.type": []any{"protocol", "connection", "end"}, }, valid: true, }, { title: "multiple categories", doc: common.MapStr{ - "event.category": []interface{}{"iam", "configuration"}, - "event.type": []interface{}{"group", "change"}, + "event.category": []any{"iam", "configuration"}, + "event.type": []any{"group", "change"}, }, valid: true, }, @@ -226,23 +226,23 @@ func TestValidate_ExpectedEventType(t *testing.T) { title: "unexpected event type", doc: common.MapStr{ "event.category": "authentication", - "event.type": []interface{}{"access"}, + "event.type": []any{"access"}, }, valid: false, }, { title: "multiple categories, no match", doc: common.MapStr{ - "event.category": []interface{}{"iam", "configuration"}, - "event.type": []interface{}{"denied", "end"}, + "event.category": []any{"iam", "configuration"}, + "event.type": []any{"denied", "end"}, }, valid: false, }, { title: "multiple categories, some types don't match", doc: common.MapStr{ - "event.category": []interface{}{"iam", "configuration"}, - "event.type": []interface{}{"denied", "end", "group", "change"}, + "event.category": []any{"iam", "configuration"}, + "event.type": []any{"denied", "end", "group", "change"}, }, valid: false, }, @@ -329,7 +329,7 @@ func TestValidate_ExpectedDatasets(t *testing.T) { func Test_parseElementValue(t *testing.T) { for _, test := range []struct { key string - value interface{} + value any definition FieldDefinition fail bool assertError func(t *testing.T, err error) @@ -338,14 +338,14 @@ func Test_parseElementValue(t *testing.T) { // Arrays { key: "string array to keyword", - value: []interface{}{"hello", "world"}, + value: []any{"hello", "world"}, definition: FieldDefinition{ Type: "keyword", }, }, { key: "numeric string array to long", - value: []interface{}{"123", "42"}, + value: []any{"123", "42"}, definition: FieldDefinition{ Type: "long", }, @@ -353,7 +353,7 @@ func Test_parseElementValue(t *testing.T) { }, { key: "mixed numbers and strings in number array", - value: []interface{}{123, "hi"}, + value: []any{123, "hi"}, definition: FieldDefinition{ Type: "long", }, @@ -381,7 +381,7 @@ func Test_parseElementValue(t *testing.T) { // keyword and constant_keyword (other) { key: "bad type for keyword", - value: map[string]interface{}{}, + value: map[string]any{}, definition: FieldDefinition{ Type: "keyword", }, @@ -615,12 +615,12 @@ func Test_parseElementValue(t *testing.T) { // arrays of objects can be stored in groups, even if not recommended { key: "host", - value: []interface{}{ - map[string]interface{}{ + value: []any{ + map[string]any{ "id": "somehost-id", "hostname": "somehost", }, - map[string]interface{}{ + map[string]any{ "id": "otherhost-id", "hostname": "otherhost", }, @@ -643,8 +643,8 @@ func Test_parseElementValue(t *testing.T) { // elements in arrays of objects should be validated { key: "details", - value: []interface{}{ - map[string]interface{}{ + value: []any{ + map[string]any{ "id": "somehost-id", "hostname": "somehost", }, @@ -671,8 +671,8 @@ func Test_parseElementValue(t *testing.T) { // elements in nested objects { key: "nested", - value: []interface{}{ - map[string]interface{}{ + value: []any{ + map[string]any{ "id": "somehost-id", "hostname": "somehost", }, @@ -699,9 +699,9 @@ func Test_parseElementValue(t *testing.T) { // arrays of elements in nested objects { key: "good_array_of_nested", - value: []interface{}{ - []interface{}{ - map[string]interface{}{ + value: []any{ + []any{ + map[string]any{ "id": "somehost-id", "hostname": "somehost", }, @@ -725,9 +725,9 @@ func Test_parseElementValue(t *testing.T) { }, { key: "array_of_nested", - value: []interface{}{ - []interface{}{ - map[string]interface{}{ + value: []any{ + []any{ + map[string]any{ "id": "somehost-id", "hostname": "somehost", }, diff --git a/test/packages/parallel/auth0_logsdb.stack_provider_settings b/test/packages/parallel/auth0_logsdb.stack_provider_settings new file mode 100644 index 000000000..efdce0154 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb.stack_provider_settings @@ -0,0 +1 @@ +stack.logsdb_enabled=true diff --git a/test/packages/parallel/auth0_logsdb/_dev/build/build.yml b/test/packages/parallel/auth0_logsdb/_dev/build/build.yml new file mode 100644 index 000000000..2bfcfc223 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/_dev/build/build.yml @@ -0,0 +1,3 @@ +dependencies: + ecs: + reference: "git@v8.11.0" diff --git a/test/packages/parallel/auth0_logsdb/_dev/build/docs/README.md b/test/packages/parallel/auth0_logsdb/_dev/build/docs/README.md new file mode 100644 index 000000000..90892e83e --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/_dev/build/docs/README.md @@ -0,0 +1,71 @@ +# Auth0 Log Streams Integration + +Auth0 offers integrations that push log events via log streams to Elasticsearch or allows an Elastic Agent to make API requests for log events. The [Auth0 Log Streams](https://auth0.com/docs/customize/log-streams) integration package creates a HTTP listener that accepts incoming log events or runs periodic API requests to collect events and ingests them into Elasticsearch. This allows you to search, observe and visualize the Auth0 log events through Elasticsearch. + +## Compatibility + +The package collects log events either sent via log stream webhooks, or by API request to the Auth0 v2 API. + +## Enabling the integration in Elastic + +1. In Kibana go to **Management > Integrations** +2. In "Search for integrations" search bar type **Auth0** +3. Click on "Auth0" integration from the search results. +4. Click on **Add Auth0** button to add Auth0 integration. + +## Configuration for Webhook input + +The agent running this integration must be able to accept requests from the Internet in order for Auth0 to be able connect. Auth0 requires that the webhook accept requests over HTTPS. So you must either configure the integration with a valid TLS certificate or use a reverse proxy in front of the integration. + +For more information, see Auth0's webpage on [integration to Elastic Security](https://marketplace.auth0.com/integrations/elastic-security). + +### Configure the Auth0 integration + +1. Click on **Collect Auth0 log streams events via Webhooks** to enable it. +2. Enter values for "Listen Address", "Listen Port" and "Webhook path" to form the endpoint URL. Make note of the **Endpoint URL** `https://{AGENT_ADDRESS}:8383/auth0/logs`. +3. Enter value for "Secret value". This must match the "Authorization Token" value entered when configuring the "Custom Webhook" from Auth0 cloud. +4. Enter values for "TLS". Auth0 requires that the webhook accept requests over HTTPS. So you must either configure the integration with a valid TLS certificate or use a reverse proxy in front of the integration. + +### Creating the stream in Auth0 + +1. From the Auth0 management console, navigate to **Logs > Streams** and click **+ Create Stream**. +2. Choose **Custom Webhook**. +3. Name the new **Event Stream** appropriately (e.g. Elastic) and click **Create**. +4. In **Payload URL**, paste the **Endpoint URL** collected during Step 1 of **Configure the Auth0 integration** section. +5. In **Authorization Token**, paste the **Authorization Token**. This must match the value entered in Step 2 of **Configure the Auth0 integration** section. +6. In **Content Type**, choose **application/json**. +7. In **Content Format**, choose **JSON Lines**. +8. Click **Save**. + +## Configuration for API request input + +### Creating an application in Auth0 + +1. From the Auth0 management console, navigate to **Applications > Applications** and click **+ Create Application**. +2. Choose **Machine to Machine Application**. +3. Name the new **Application** appropriately (e.g. Elastic) and click **Create**. +4. Select the **Auth0 Management API** option and click **Authorize**. +5. Select the `read:logs` and `read:logs_users` permissions and then click **Authorize**. +6. Navigate to the **Settings** tab. Take note of the "Domain", "Client ID" and "Client Secret" values in the **Basic Information** section. +7. Click **Save Changes**. + +### Configure the Auth0 integration + +1. In the Elastic Auth0 integration user interface click on **Collect Auth0 log events via API requests** to enable it. +2. Enter value for "URL". This must be an https URL using the **Domain** value obtained from Auth cloud above. +3. Enter value for "Client ID". This must match the "Client ID" value obtained from Auth0 cloud above. +4. Enter value for "Client Secret". This must match the "Client Secret" value obtained from Auth0 cloud above. + +## Log Events + +Enable to collect Auth0 log events for all the applications configured for the chosen log stream. + +## Logs + +### Log Stream Events + +The Auth0 logs dataset provides events from Auth0 log stream. All Auth0 log events are available in the `auth0.logs` field group. + +{{fields "logs"}} + +{{event "logs"}} diff --git a/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/docker-compose.yml b/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/docker-compose.yml new file mode 100644 index 000000000..d4517f282 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/docker-compose.yml @@ -0,0 +1,34 @@ +version: '2.3' +services: + auth0-webhook-http: + image: docker.elastic.co/observability/stream:v0.15.0 + volumes: + - ./sample_logs:/sample_logs:ro + environment: + - STREAM_PROTOCOL=webhook + - STREAM_ADDR=http://elastic-agent:8383/auth0/logs + - STREAM_WEBHOOK_HEADER=Authorization=abc123 + command: log --start-signal=SIGHUP --delay=5s /sample_logs/auth0-ndjson.log + auth0-webhook-https: + image: docker.elastic.co/observability/stream:v0.15.0 + volumes: + - ./sample_logs:/sample_logs:ro + environment: + - STREAM_PROTOCOL=webhook + - STREAM_ADDR=https://elastic-agent:8384/auth0/logs + - STREAM_WEBHOOK_HEADER=Authorization=abc123 + - STREAM_INSECURE=true + command: log --start-signal=SIGHUP --delay=5s /sample_logs/auth0-ndjson.log + auth0-http-server: + image: docker.elastic.co/observability/stream:v0.15.0 + hostname: auth0 + ports: + - 8090 + volumes: + - ./files:/files:ro + environment: + PORT: '8090' + command: + - http-server + - --addr=:8090 + - --config=/files/config-logs.yml diff --git a/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/files/config-logs.yml b/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/files/config-logs.yml new file mode 100644 index 000000000..c7a111344 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/files/config-logs.yml @@ -0,0 +1,171 @@ +rules: + - path: /oauth/token + methods: ['POST'] + request_body: '{"audience":"http://svc-auth0-http-server:8090/api/v2/","client_id":"wwwwwwww","client_secret":"xxxxxxxx","grant_type":"client_credentials"}' + responses: + - status_code: 200 + headers: + Content-Type: + - 'application/json' + body: | + {"access_token":"yyyyyyyy","scope":"read:logs read:logs_users","expires_in":86400,"token_type":"Bearer"} + - path: /api/v2/logs + methods: ['GET'] + request_headers: + Authorization: + - "Bearer yyyyyyyy" + query_params: + from: "{from:900[0-9]{20}0{33}}" + take: 1 + responses: + - status_code: 200 + headers: + Content-Type: + - application/json + Link: + - ; rel="next" + body: |- + {{ minify_json ` + [ + { + "date": "2024-03-08T03:59:05.520Z", + "type": "sapi", + "description": "Create client grant", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "details": { + "request": { + "method": "post", + "path": "/api/v2/client-grants", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0", + "body": { + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "scope": [ + "read:logs", + "read:logs_users" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "github|32487232", + "name": "User McUserface", + "email": "user.mcuserface@company.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + } + } + }, + "response": { + "statusCode": 201, + "body": { + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "scope": [ + "read:logs", + "read:logs_users" + ] + } + } + }, + "user_id": "github|32487232", + "$event_schema": { + "version": "1.0.0" + }, + "log_id": "90020240308035905601176000000000000001223372052035100532", + "tenant_name": "dev-fulaoenaspapatoulp", + "_id": "90020240308035905601176000000000000001223372052035100532", + "isMobile": false + } + ] + ` }} + - path: /api/v2/logs + methods: ['GET'] + request_headers: + Authorization: + - "Bearer yyyyyyyy" + query_params: + from: "90020240308035905601176000000000000001223372052035100532" + take: 1 + responses: + - status_code: 200 + headers: + Content-Type: + - application/json + Link: + - ; rel="next" + body: |- + {{ minify_json ` + [ + { + "date": "2024-03-08T03:59:06.700Z", + "type": "mgmt_api_read", + "description": "Get client by ID", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "method": "get", + "path": "/api/v2/clients/MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0", + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "github|32487232", + "name": "User McUserface", + "email": "user.mcuserface@company.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl" + } + } + }, + "user_id": "github|32487232", + "$event_schema": { + "version": "1.0.0" + }, + "log_id": "90020240308035906742643000000000000001223372052035101088", + "tenant_name": "dev-fulaoenaspapatoulp", + "_id": "90020240308035906742643000000000000001223372052035101088", + "isMobile": false + } + ] + ` }} + - path: /api/v2/logs + methods: ['GET'] + request_headers: + Authorization: + - "Bearer yyyyyyyy" + query_params: + from: "90020240308035906742643000000000000001223372052035101088" + take: 1 + responses: + - status_code: 200 + headers: + Content-Type: + - application/json + Link: + - ; rel="next" + body: '[]' diff --git a/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/sample_logs/auth0-ndjson.log b/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/sample_logs/auth0-ndjson.log new file mode 100644 index 000000000..3262146d4 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/_dev/deploy/docker/sample_logs/auth0-ndjson.log @@ -0,0 +1,22 @@ +{ "log_id": "90020211104001515271334544008635532534914988032684720226", "data": { "date": "2021-11-04T00:15:10.706Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635984910474, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618223a4e3f49e006948565c", "stats": { "loginsCount": 4 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635984900427, "completedAt": 1635984910503, "timers": { "rules": 4 }, "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "elapsedTime": 10076 } ], "initiatedAt": 1635984900418, "completedAt": 1635984910705, "elapsedTime": 10287, "session_id": "m5SgtzMKxmeNBxj_kCfUUJhzrSdfvLFu", "stats": { "loginsCount": 4 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211104001515271334544008635532534914988032684720226"}} +{ "log_id": "90020211103032530111223343147286033102509916061341581378", "data": { "date": "2021-11-03T03:25:28.923Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635909903693, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "6182002f34f4dd006b05b5c7", "stats": { "loginsCount": 1 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635908818843, "completedAt": 1635909903745, "timers": { "rules": 5 }, "user_id": "auth0|6182002f34f4dd006b05b5c7", "user_name": "neo@test.com", "elapsedTime": 1084902 }, { "name": "consent", "flow": "consent", "initiatedAt": 1635909904974, "completedAt": 1635909928352, "grantInfo": { "id": "618201284369c9b4f9cd6d52", "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", "scope": "openid profile", "expiration": null }, "elapsedTime": 23378 } ], "initiatedAt": 1635908818831, "completedAt": 1635909928922, "elapsedTime": 1110091, "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc", "stats": { "loginsCount": 1 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|6182002f34f4dd006b05b5c7", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103032530111223343147286033102509916061341581378" }} +{ "log_id": "90020211103055358897115394211080445765255360986168164402", "data": { "date": "2021-11-03T05:53:54.497Z", "type": "s", "connection_id": "", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", "details": { "prompts": [], "completedAt": 1635918834496, "elapsedTime": null, "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc" }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|6182002f34f4dd006b05b5c7", "user_name": "neo@test.com", "log_id": "90020211103055358897115394211080445765255360986168164402" } } +{ "log_id": "90020211103055417070115394218609635769815272723188809778", "data": { "date": "2021-11-03T05:54:15.721Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635918849692, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618223a4e3f49e006948565c", "stats": { "loginsCount": 1 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635918839167, "completedAt": 1635918849714, "timers": { "rules": 3 }, "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "elapsedTime": 10547 }, { "name": "consent", "flow": "consent", "initiatedAt": 1635918849848, "completedAt": 1635918855600, "grantInfo": { "id": "618224074369c9b4f979b8fd", "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", "scope": "openid profile", "expiration": null }, "elapsedTime": 5752 } ], "initiatedAt": 1635918839161, "completedAt": 1635918855720, "elapsedTime": 16559, "session_id": "SIMuasvKPfIe7_GhWAVKN9e2mNCtyLqV", "stats": { "loginsCount": 1 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103055417070115394218609635769815272723188809778" } } +{ "log_id": "90020211103070023776106766408080709488401774690453946450", "data": { "date": "2021-11-03T07:00:20.901Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635922802377, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618232c562bac1006935a7af", "stats": { "loginsCount": 1 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635922789345, "completedAt": 1635922802403, "timers": { "rules": 4 }, "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "elapsedTime": 13058 }, { "name": "consent", "flow": "consent", "initiatedAt": 1635922802608, "completedAt": 1635922820747, "grantInfo": { "id": "618233844369c9b4f99bb257", "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", "scope": "openid profile", "expiration": null }, "elapsedTime": 18139 } ], "initiatedAt": 1635922789338, "completedAt": 1635922820899, "elapsedTime": 31561, "session_id": "W_t_rUyDtC_Zzg0UbQYlAmiWwAeRZgfU", "stats": { "loginsCount": 1 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103070023776106766408080709488401774690453946450" } } +{ "log_id": "90020211103081328131115397696989032404368410264534515762", "data": { "date": "2021-11-03T08:13:24.062Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635927203775, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618223a4e3f49e006948565c", "stats": { "loginsCount": 2 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635927147098, "completedAt": 1635927203800, "timers": { "rules": 5 }, "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "elapsedTime": 56702 } ], "initiatedAt": 1635927147085, "completedAt": 1635927204061, "elapsedTime": 56976, "session_id": "64o8cYYqWbizfNgIEi0FNPDcC0y7dD5J", "stats": { "loginsCount": 2 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103081328131115397696989032404368410264534515762" } } +{ "log_id": "90020211103081746881223368292279380811829523597632733250", "data": { "date": "2021-11-03T08:17:45.995Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635927465747, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618232c562bac1006935a7af", "stats": { "loginsCount": 2 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635927411241, "completedAt": 1635927465771, "timers": { "rules": 4 }, "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "elapsedTime": 54530 } ], "initiatedAt": 1635927411233, "completedAt": 1635927465994, "elapsedTime": 54761, "session_id": "ZYs3vYxcddXOwaZQW0vvHmDTuys177ni", "stats": { "loginsCount": 2 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103081746881223368292279380811829523597632733250" } } +{ "log_id": "90020211103082255307115397925598113819314440794590412850", "data": { "date": "2021-11-03T08:22:52.918Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635927772715, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618232c562bac1006935a7af", "stats": { "loginsCount": 3 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635927753721, "completedAt": 1635927772739, "timers": { "rules": 3 }, "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "elapsedTime": 19018 } ], "initiatedAt": 1635927753713, "completedAt": 1635927772916, "elapsedTime": 19203, "session_id": "H6IbewiK1ZyHmQzlGRXPIarqxV3J3xA-", "stats": { "loginsCount": 3 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103082255307115397925598113819314440794590412850" } } +{ "log_id": "90020211103082502886106767165048402514282566829773684818", "data": { "date": "2021-11-03T08:25:00.106Z", "type": "s", "connection_id": "", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [], "completedAt": 1635927900104, "elapsedTime": null, "session_id": "H6IbewiK1ZyHmQzlGRXPIarqxV3J3xA-" }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "log_id": "90020211103082502886106767165048402514282566829773684818" } } +{ "log_id": "90020211103082523938106767168777938667793699345570725970", "data": { "date": "2021-11-03T08:25:22.927Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635927922758, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618223a4e3f49e006948565c", "stats": { "loginsCount": 3 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635927908108, "completedAt": 1635927922781, "timers": { "rules": 3 }, "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "elapsedTime": 14673 } ], "initiatedAt": 1635927908100, "completedAt": 1635927922926, "elapsedTime": 14826, "session_id": "OaSNVnavgh1v3trIypNKMy91KwW46vwV", "stats": { "loginsCount": 3 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103082523938106767168777938667793699345570725970" } } +{ "log_id": "90020211103085743984334492679133419381702055446601269346", "data": { "date": "2021-11-03T08:57:43.766Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635929857727, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "61823277a44a21007221a59a", "stats": { "loginsCount": 1 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635929845687, "completedAt": 1635929857759, "timers": { "rules": 3 }, "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "elapsedTime": 12072 }, { "name": "consent", "flow": "consent", "initiatedAt": 1635929857904, "completedAt": 1635929863646, "grantInfo": { "id": "61824f074369c9b4f98894d2", "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", "scope": "openid profile", "expiration": null }, "elapsedTime": 5742 } ], "initiatedAt": 1635929845677, "completedAt": 1635929863765, "elapsedTime": 18088, "session_id": "cLW4Pfr8LsVBdqnPSt-m6rcY4rUZ_2IB", "stats": { "loginsCount": 1 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103085743984334492679133419381702055446601269346" } } +{ "log_id": "90020211103085846311106767482389012311483635020016386130", "data": { "date": "2021-11-03T08:58:41.249Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635929921066, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "61823277a44a21007221a59a", "stats": { "loginsCount": 2 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635929907870, "completedAt": 1635929921093, "timers": { "rules": 4 }, "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "elapsedTime": 13223 } ], "initiatedAt": 1635929907862, "completedAt": 1635929921248, "elapsedTime": 13386, "session_id": "r4bE-y9UfSSVmmajSLRwUDv1LWIL6ZLN", "stats": { "loginsCount": 2 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103085846311106767482389012311483635020016386130" } } +{ "log_id": "90020211103102326019106768307490555605025312816601497682", "data": { "date": "2021-11-03T10:23:21.134Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635935000929, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "61823277a44a21007221a59a", "stats": { "loginsCount": 3 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635934987423, "completedAt": 1635935000954, "timers": { "rules": 3 }, "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "elapsedTime": 13531 } ], "initiatedAt": 1635934987414, "completedAt": 1635935001133, "elapsedTime": 13719, "session_id": "a0rY7F2WD761Y4_JSvT5xiKoYWm5lrad", "stats": { "loginsCount": 3 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103102326019106768307490555605025312816601497682" } } +{ "log_id": "90020211103103601619106768431214441836025743766305374290", "data": { "date": "2021-11-03T10:36:01.473Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635935761302, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "61823277a44a21007221a59a", "stats": { "loginsCount": 4 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635935753453, "completedAt": 1635935761327, "timers": { "rules": 3 }, "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "elapsedTime": 7874 } ], "initiatedAt": 1635935753446, "completedAt": 1635935761471, "elapsedTime": 8025, "session_id": "n1a9tPB4WT9zDwIi1-MoUB3acjjlOpC_", "stats": { "loginsCount": 4 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103103601619106768431214441836025743766305374290" } } +{ "log_id": "90020211103103728977106768445798922923856636177274634322", "data": { "date": "2021-11-03T10:37:24.815Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635935844611, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "6182002f34f4dd006b05b5c7", "stats": { "loginsCount": 2 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635935832421, "completedAt": 1635935844636, "timers": { "rules": 3 }, "user_id": "auth0|6182002f34f4dd006b05b5c7", "user_name": "neo@test.com", "elapsedTime": 12215 } ], "initiatedAt": 1635935832413, "completedAt": 1635935844814, "elapsedTime": 12401, "session_id": "CrmzUMuPsXbBz95df4wVfYrGYaxqB7Hw", "stats": { "loginsCount": 2 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|6182002f34f4dd006b05b5c7", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103103728977106768445798922923856636177274634322" } } +{ "log_id": "90020211103104329992334500305177724905858622502505283682", "data": { "date": "2021-11-03T10:43:24.916Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635936204718, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618232c562bac1006935a7af", "stats": { "loginsCount": 4 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635936193430, "completedAt": 1635936204745, "timers": { "rules": 3 }, "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "elapsedTime": 11315 } ], "initiatedAt": 1635936193423, "completedAt": 1635936204915, "elapsedTime": 11492, "session_id": "-tfrm4nuYkLaJY-geUDlLSxqh_sDO7Qw", "stats": { "loginsCount": 4 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103104329992334500305177724905858622502505283682" } } +{ "log_id": "90020211103105137404334500886230995142155564051687538786", "data": { "date": "2021-11-03T10:51:32.997Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635936692773, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "61823277a44a21007221a59a", "stats": { "loginsCount": 5 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635936685031, "completedAt": 1635936692796, "timers": { "rules": 3 }, "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "elapsedTime": 7765 } ], "initiatedAt": 1635936685023, "completedAt": 1635936692996, "elapsedTime": 7973, "session_id": "Pbgtp8b2_F34Pv0B0L26myPifN1gacV3", "stats": { "loginsCount": 5 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103105137404334500886230995142155564051687538786" } } +{ "log_id": "90020211103105337123223384318516938634385981199129509954", "data": { "date": "2021-11-03T10:53:33.203Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635936813034, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "61823277a44a21007221a59a", "stats": { "loginsCount": 6 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635936804034, "completedAt": 1635936813057, "timers": { "rules": 3 }, "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "elapsedTime": 9023 } ], "initiatedAt": 1635936804026, "completedAt": 1635936813202, "elapsedTime": 9176, "session_id": "kpQezDhAcvfcPJqdtnUVODhOUu3ZBdWc", "stats": { "loginsCount": 6 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|61823277a44a21007221a59a", "user_name": "new@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103105337123223384318516938634385981199129509954" } } +{ "log_id": "90020211103221641031334535841785515161071694533024022626", "data": { "date": "2021-11-03T22:16:38.616Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635977798421, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618232c562bac1006935a7af", "stats": { "loginsCount": 5 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635977789152, "completedAt": 1635977798445, "timers": { "rules": 3 }, "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "elapsedTime": 9293 } ], "initiatedAt": 1635977789145, "completedAt": 1635977798614, "elapsedTime": 9469, "session_id": "-iZ5MQAr3gBWvn2IRCViL-tRLZ1xyowh", "stats": { "loginsCount": 5 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618232c562bac1006935a7af", "user_name": "neo@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211103221641031334535841785515161071694533024022626" } } +{ "log_id": "90020211104001515271334544008635532534914988032684720226", "data": { "date": "2021-11-04T00:15:10.706Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635984910474, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "618223a4e3f49e006948565c", "stats": { "loginsCount": 4 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635984900427, "completedAt": 1635984910503, "timers": { "rules": 4 }, "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "elapsedTime": 10076 } ], "initiatedAt": 1635984900418, "completedAt": 1635984910705, "elapsedTime": 10287, "session_id": "m5SgtzMKxmeNBxj_kCfUUJhzrSdfvLFu", "stats": { "loginsCount": 4 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|618223a4e3f49e006948565c", "user_name": "dev@test.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211104001515271334544008635532534914988032684720226" } } +{ "log_id": "90020211104011629842115419891701676038855773484430131250", "data": { "date": "2021-11-04T01:16:26.175Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635988582904, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "6183285d6e5071006a61f319", "stats": { "loginsCount": 1 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635985386617, "completedAt": 1635988582930, "timers": { "rules": 6 }, "user_id": "auth0|6183285d6e5071006a61f319", "user_name": "neo.theone@gmail.com", "elapsedTime": 3196313 }, { "name": "consent", "flow": "consent", "initiatedAt": 1635988583097, "completedAt": 1635988585993, "grantInfo": { "id": "618334694369c9b4f9944b99", "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", "scope": "openid profile", "expiration": null }, "elapsedTime": 2896 } ], "initiatedAt": 1635985386610, "completedAt": 1635988586174, "elapsedTime": 3199564, "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", "stats": { "loginsCount": 1 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|6183285d6e5071006a61f319", "user_name": "neo.theone@gmail.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211104011629842115419891701676038855773484430131250" } } +{ "log_id": "90020211104011629842115419891701676038855773484430131250", "data": { "date": "2021-11-04T01:16:26.175Z", "type": "s", "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", "client_name": "Default App", "ip": "81.2.69.143", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", "details": { "prompts": [ { "name": "prompt-authenticate", "completedAt": 1635988582904, "connection": "Username-Password-Authentication", "connection_id": "con_1a5wCUmAs6VOU17n", "strategy": "auth0", "identity": "6183285d6e5071006a61f319", "stats": { "loginsCount": 1 }, "elapsedTime": null }, { "name": "login", "flow": "universal-login", "initiatedAt": 1635985386617, "completedAt": 1635988582930, "timers": { "rules": 6 }, "user_id": "auth0|6183285d6e5071006a61f319", "user_name": "neo.theone@gmail.com", "elapsedTime": 3196313 }, { "name": "consent", "flow": "consent", "initiatedAt": 1635988583097, "completedAt": 1635988585993, "grantInfo": { "id": "618334694369c9b4f9944b99", "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", "scope": "openid profile", "expiration": null }, "elapsedTime": 2896 } ], "initiatedAt": 1635985386610, "completedAt": 1635988586174, "elapsedTime": 3199564, "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", "stats": { "loginsCount": 1 } }, "hostname": "dev-yoj8axza.au.auth0.com", "user_id": "auth0|6183285d6e5071006a61f319", "user_name": "neo.theone@gmail.com", "strategy": "auth0", "strategy_type": "database", "log_id": "90020211104011629842115419891701676038855773484430131250" } } diff --git a/test/packages/parallel/auth0_logsdb/changelog.yml b/test/packages/parallel/auth0_logsdb/changelog.yml new file mode 100644 index 000000000..89844fc18 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/changelog.yml @@ -0,0 +1,151 @@ +# newer versions go on top +- version: "1.17.0" + changes: + - description: Add pull v2/logs API input. + type: enhancement + link: https://github.com/elastic/integrations/pull/10656 +- version: "1.16.0" + changes: + - description: Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10135 +- version: "1.15.0" + changes: + - description: Set sensitive values as secret. + type: enhancement + link: https://github.com/elastic/integrations/pull/8725 +- version: "1.14.2" + changes: + - description: Changed owners + type: enhancement + link: https://github.com/elastic/integrations/pull/8943 +- version: 1.14.1 + changes: + - description: Improve wording on elapsed time in milliseconds. + type: enhancement + link: https://github.com/elastic/integrations/pull/8702 +- version: 1.14.0 + changes: + - description: ECS version updated to 8.11.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/8433 +- version: 1.13.0 + changes: + - description: ECS version updated to 8.10.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/7905 +- version: 1.12.0 + changes: + - description: "The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest." + type: enhancement + link: https://github.com/elastic/integrations/pull/7883 +- version: "1.11.0" + changes: + - description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI. + type: enhancement + link: https://github.com/elastic/integrations/pull/7789 +- version: "1.10.0" + changes: + - description: Update package to ECS 8.9.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/7107 +- version: "1.9.0" + changes: + - description: Convert visualizations to lens. + type: enhancement + link: https://github.com/elastic/integrations/pull/6905 +- version: "1.8.0" + changes: + - description: Ensure event.kind is correctly set for pipeline errors. + type: enhancement + link: https://github.com/elastic/integrations/pull/6599 +- version: "1.7.0" + changes: + - description: Update package to ECS 8.8.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/6325 +- version: "1.6.0" + changes: + - description: Update package-spec version to 2.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/6135 +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/5765 +- version: "1.4.1" + changes: + - description: Added categories and/or subcategories. + type: enhancement + link: https://github.com/elastic/integrations/pull/5123 +- version: "1.4.0" + changes: + - description: Update package to ECS 8.6.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4576 +- version: "1.3.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 +- version: "1.2.2" + changes: + - description: Remove duplicate field. + type: bugfix + link: https://github.com/elastic/integrations/issues/4327 +- version: "1.2.1" + changes: + - description: Use ECS geo.location definition. + type: enhancement + link: https://github.com/elastic/integrations/issues/4227 +- version: "1.2.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3841 +- version: "1.1.1" + changes: + - description: Update package name and description to align with standard wording + type: enhancement + link: https://github.com/elastic/integrations/pull/3478 +- version: "1.1.0" + changes: + - description: Update package to ECS 8.3.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/3353 +- version: "1.0.0" + changes: + - description: Make GA + type: enhancement + link: https://github.com/elastic/integrations/pull/3428 +- version: "0.1.4" + changes: + - description: Update Readme + type: enhancement + link: https://github.com/elastic/integrations/pull/3065 +- version: "0.1.3" + changes: + - description: Add documentation for multi-fields + type: enhancement + link: https://github.com/elastic/integrations/pull/2916 +- version: "0.1.2" + changes: + - description: Fix documentation bug + type: bugfix + link: https://github.com/elastic/integrations/pull/2761 +- version: "0.1.1" + changes: + - description: Update Auth0 logo image + type: bugfix + link: https://github.com/elastic/integrations/pull/2749 +- version: "0.1.0" + changes: + - description: Initial commit + type: enhancement + link: https://github.com/elastic/integrations/pull/2152 diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-common-config.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 000000000..e071d397d --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,2 @@ +dynamic_fields: + "event.ingested": ".*" diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-failure.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-failure.json new file mode 100644 index 000000000..7c3a0d8e6 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-failure.json @@ -0,0 +1,181 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211103030609732115389415260839021644201259064885298", + "data": { + "date": "2021-11-03T03:06:05.696Z", + "type": "f", + "description": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "connection_id": "", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "body": {}, + "qs": { + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "redirect_uri": "http://localhost:3000/callback", + "response_type": "code", + "scope": "openid profile", + "state": "Vz6G2zZf95/FCOQALrpvd4bS6jx5xvRos2pVldFAiw4=" + }, + "error": { + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "oauthError": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/aI61p8I8aFjmYRliLWgvM9ev97kCCNDB/settings' and make sure you are sending the same callback url from your application.", + "payload": { + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "code": "unauthorized_client", + "status": 403, + "name": "CallbackMismatchError", + "authorized": [], + "attempt": "http://localhost:3000/callback", + "client": { + "clientID": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB" + } + }, + "type": "callback-url-mismatch" + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "log_id": "90020211103030609732115389415260839021644201259064885298" + } + } + }, + { + "json": { + "log_id": "90020211103030609732115389415262047947463815888239591474", + "data": { + "date": "2021-11-03T03:06:05.699Z", + "type": "f", + "description": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "connection_id": "", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "body": {}, + "qs": { + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "redirect_uri": "http://localhost:3000/callback", + "response_type": "code", + "scope": "openid profile", + "state": "Vz6G2zZf95/FCOQALrpvd4bS6jx5xvRos2pVldFAiw4=" + }, + "error": { + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "oauthError": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/aI61p8I8aFjmYRliLWgvM9ev97kCCNDB/settings' and make sure you are sending the same callback url from your application.", + "payload": { + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "code": "unauthorized_client", + "status": 403, + "name": "CallbackMismatchError", + "authorized": [], + "attempt": "http://localhost:3000/callback", + "client": { + "clientID": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB" + }, + "log_url": "https://manage.auth0.com/#/logs/" + }, + "type": "callback-url-mismatch" + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "log_id": "90020211103030609732115389415262047947463815888239591474" + } + } + }, + { + "json": { + "log_id": "90020211104002953320334544994860291215054924285237788770", + "data": { + "date": "2021-11-04T00:29:50.035Z", + "type": "f", + "description": "the connection is not enabled", + "connection": "NewDB", + "connection_id": "con_H5LL8aMFnXVZ2TS8", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "body": {}, + "qs": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "response_type": "code", + "connection": "NewDB", + "prompt": "login", + "scope": "openid profile", + "redirect_uri": "https://manage.auth0.com/tester/callback?connection=NewDB" + }, + "connection": "NewDB", + "error": { + "message": "the connection is not enabled", + "oauthError": "invalid_request", + "type": "request-error" + }, + "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", + "riskAssessment": null + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": [ + "openid", + "profile" + ], + "log_id": "90020211104002953320334544994860291215054924285237788770" + } + } + }, + { + "json": { + "log_id": "90020211103030725428115389447533113776256732300526485554", + "data": { + "date": "2021-11-03T03:07:24.384Z", + "type": "fu", + "description": "Wrong email or password.", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "error": { + "message": "Wrong email or password." + } + }, + "user_id": "", + "user_name": "neo@gmail.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103030725428115389447533113776256732300526485554" + } + } + }, + { + "json": { + "log_id": "90020211103082515482106767167326018758436529088273317970", + "data": { + "date": "2021-11-03T08:25:14.466Z", + "type": "fp", + "description": "Wrong email or password.", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "error": { + "message": "Wrong email or password." + } + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103082515482106767167326018758436529088273317970" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json new file mode 100644 index 000000000..ecb5e500d --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json @@ -0,0 +1,417 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-03T03:06:05.696Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Failure", + "date": "2021-11-03T03:06:05.696Z", + "description": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "details": { + "error": { + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "oauthError": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/aI61p8I8aFjmYRliLWgvM9ev97kCCNDB/settings' and make sure you are sending the same callback url from your application.", + "payload": { + "attempt": "http://localhost:3000/callback", + "client": { + "clientID": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB" + }, + "code": "unauthorized_client", + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "name": "CallbackMismatchError", + "status": 403 + }, + "type": "callback-url-mismatch" + }, + "qs": { + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "redirect_uri": "http://localhost:3000/callback", + "response_type": "code", + "scope": "openid profile", + "state": "Vz6G2zZf95/FCOQALrpvd4bS6jx5xvRos2pVldFAiw4=" + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Failed login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "failed-login", + "category": [ + "authentication" + ], + "id": "90020211103030609732115389415260839021644201259064885298", + "kind": "event", + "outcome": "failure", + "type": [ + "info" + ] + }, + "log": { + "level": "error" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T03:06:05.699Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Failure", + "date": "2021-11-03T03:06:05.699Z", + "description": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "details": { + "error": { + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "oauthError": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/aI61p8I8aFjmYRliLWgvM9ev97kCCNDB/settings' and make sure you are sending the same callback url from your application.", + "payload": { + "attempt": "http://localhost:3000/callback", + "client": { + "clientID": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB" + }, + "code": "unauthorized_client", + "log_url": "https://manage.auth0.com/#/logs/", + "message": "Callback URL mismatch. http://localhost:3000/callback is not in the list of allowed callback URLs", + "name": "CallbackMismatchError", + "status": 403 + }, + "type": "callback-url-mismatch" + }, + "qs": { + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "redirect_uri": "http://localhost:3000/callback", + "response_type": "code", + "scope": "openid profile", + "state": "Vz6G2zZf95/FCOQALrpvd4bS6jx5xvRos2pVldFAiw4=" + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Failed login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "failed-login", + "category": [ + "authentication" + ], + "id": "90020211103030609732115389415262047947463815888239591474", + "kind": "event", + "outcome": "failure", + "type": [ + "info" + ] + }, + "log": { + "level": "error" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-04T00:29:50.035Z", + "auth0": { + "logs": { + "data": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "classification": "Login - Failure", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "NewDB", + "connection_id": "con_H5LL8aMFnXVZ2TS8", + "date": "2021-11-04T00:29:50.035Z", + "description": "the connection is not enabled", + "details": { + "connection": "NewDB", + "error": { + "message": "the connection is not enabled", + "oauthError": "invalid_request", + "type": "request-error" + }, + "qs": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "NewDB", + "prompt": "login", + "redirect_uri": "https://manage.auth0.com/tester/callback?connection=NewDB", + "response_type": "code", + "scope": "openid profile" + }, + "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "scope": [ + "openid", + "profile" + ], + "type": "Failed login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "failed-login", + "category": [ + "authentication" + ], + "id": "90020211104002953320334544994860291215054924285237788770", + "kind": "event", + "outcome": "failure", + "type": [ + "info" + ] + }, + "log": { + "level": "error" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T03:07:24.384Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Failure", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T03:07:24.384Z", + "description": "Wrong email or password.", + "details": { + "error": { + "message": "Wrong email or password." + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Invalid email or username" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "invalid-username-or-email", + "category": [ + "authentication", + "threat" + ], + "id": "90020211103030725428115389447533113776256732300526485554", + "kind": "event", + "outcome": "failure", + "type": [ + "info", + "indicator" + ] + }, + "log": { + "level": "error" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "name": "neo@gmail.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T08:25:14.466Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Failure", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:25:14.466Z", + "description": "Wrong email or password.", + "details": { + "error": { + "message": "Wrong email or password." + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Incorrect password" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "incorrect-password", + "category": [ + "authentication" + ], + "id": "90020211103082515482106767167326018758436529088273317970", + "kind": "event", + "outcome": "failure", + "type": [ + "info" + ] + }, + "log": { + "level": "error" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-success.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-success.json new file mode 100644 index 000000000..b6d05f371 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-success.json @@ -0,0 +1,1250 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211104001515271334544008635532534914988032684720226", + "data": { + "date": "2021-11-04T00:15:10.706Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635984910474, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618223a4e3f49e006948565c", + "stats": { + "loginsCount": 4 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635984900427, + "completedAt": 1635984910503, + "timers": { + "rules": 4 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "elapsedTime": 10076 + } + ], + "initiatedAt": 1635984900418, + "completedAt": 1635984910705, + "elapsedTime": 10287, + "session_id": "m5SgtzMKxmeNBxj_kCfUUJhzrSdfvLFu", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211104001515271334544008635532534914988032684720226" + } + } + }, + { + "json": { + "log_id": "90020211103032530111223343147286033102509916061341581378", + "data": { + "date": "2021-11-03T03:25:28.923Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635909903693, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "6182002f34f4dd006b05b5c7", + "stats": { + "loginsCount": 1 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635908818843, + "completedAt": 1635909903745, + "timers": { + "rules": 5 + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "elapsedTime": 1084902 + }, + { + "name": "consent", + "flow": "consent", + "initiatedAt": 1635909904974, + "completedAt": 1635909928352, + "grantInfo": { + "id": "618201284369c9b4f9cd6d52", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": "openid profile", + "expiration": null + }, + "elapsedTime": 23378 + } + ], + "initiatedAt": 1635908818831, + "completedAt": 1635909928922, + "elapsedTime": 1110091, + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103032530111223343147286033102509916061341581378" + } + } + }, + { + "json": { + "log_id": "90020211103055358897115394211080445765255360986168164402", + "data": { + "date": "2021-11-03T05:53:54.497Z", + "type": "s", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "prompts": [], + "completedAt": 1635918834496, + "elapsedTime": null, + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "log_id": "90020211103055358897115394211080445765255360986168164402" + } + } + }, + { + "json": { + "log_id": "90020211103055417070115394218609635769815272723188809778", + "data": { + "date": "2021-11-03T05:54:15.721Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635918849692, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618223a4e3f49e006948565c", + "stats": { + "loginsCount": 1 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635918839167, + "completedAt": 1635918849714, + "timers": { + "rules": 3 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "elapsedTime": 10547 + }, + { + "name": "consent", + "flow": "consent", + "initiatedAt": 1635918849848, + "completedAt": 1635918855600, + "grantInfo": { + "id": "618224074369c9b4f979b8fd", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": "openid profile", + "expiration": null + }, + "elapsedTime": 5752 + } + ], + "initiatedAt": 1635918839161, + "completedAt": 1635918855720, + "elapsedTime": 16559, + "session_id": "SIMuasvKPfIe7_GhWAVKN9e2mNCtyLqV", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103055417070115394218609635769815272723188809778" + } + } + }, + { + "json": { + "log_id": "90020211103070023776106766408080709488401774690453946450", + "data": { + "date": "2021-11-03T07:00:20.901Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635922802377, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618232c562bac1006935a7af", + "stats": { + "loginsCount": 1 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635922789345, + "completedAt": 1635922802403, + "timers": { + "rules": 4 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "elapsedTime": 13058 + }, + { + "name": "consent", + "flow": "consent", + "initiatedAt": 1635922802608, + "completedAt": 1635922820747, + "grantInfo": { + "id": "618233844369c9b4f99bb257", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": "openid profile", + "expiration": null + }, + "elapsedTime": 18139 + } + ], + "initiatedAt": 1635922789338, + "completedAt": 1635922820899, + "elapsedTime": 31561, + "session_id": "W_t_rUyDtC_Zzg0UbQYlAmiWwAeRZgfU", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103070023776106766408080709488401774690453946450" + } + } + }, + { + "json": { + "log_id": "90020211103081328131115397696989032404368410264534515762", + "data": { + "date": "2021-11-03T08:13:24.062Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635927203775, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618223a4e3f49e006948565c", + "stats": { + "loginsCount": 2 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635927147098, + "completedAt": 1635927203800, + "timers": { + "rules": 5 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "elapsedTime": 56702 + } + ], + "initiatedAt": 1635927147085, + "completedAt": 1635927204061, + "elapsedTime": 56976, + "session_id": "64o8cYYqWbizfNgIEi0FNPDcC0y7dD5J", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103081328131115397696989032404368410264534515762" + } + } + }, + { + "json": { + "log_id": "90020211103081746881223368292279380811829523597632733250", + "data": { + "date": "2021-11-03T08:17:45.995Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635927465747, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618232c562bac1006935a7af", + "stats": { + "loginsCount": 2 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635927411241, + "completedAt": 1635927465771, + "timers": { + "rules": 4 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "elapsedTime": 54530 + } + ], + "initiatedAt": 1635927411233, + "completedAt": 1635927465994, + "elapsedTime": 54761, + "session_id": "ZYs3vYxcddXOwaZQW0vvHmDTuys177ni", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103081746881223368292279380811829523597632733250" + } + } + }, + { + "json": { + "log_id": "90020211103082255307115397925598113819314440794590412850", + "data": { + "date": "2021-11-03T08:22:52.918Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635927772715, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618232c562bac1006935a7af", + "stats": { + "loginsCount": 3 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635927753721, + "completedAt": 1635927772739, + "timers": { + "rules": 3 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "elapsedTime": 19018 + } + ], + "initiatedAt": 1635927753713, + "completedAt": 1635927772916, + "elapsedTime": 19203, + "session_id": "H6IbewiK1ZyHmQzlGRXPIarqxV3J3xA-", + "stats": { + "loginsCount": 3 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103082255307115397925598113819314440794590412850" + } + } + }, + { + "json": { + "log_id": "90020211103082502886106767165048402514282566829773684818", + "data": { + "date": "2021-11-03T08:25:00.106Z", + "type": "s", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [], + "completedAt": 1635927900104, + "elapsedTime": null, + "session_id": "H6IbewiK1ZyHmQzlGRXPIarqxV3J3xA-" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103082502886106767165048402514282566829773684818" + } + } + }, + { + "json": { + "log_id": "90020211103082523938106767168777938667793699345570725970", + "data": { + "date": "2021-11-03T08:25:22.927Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635927922758, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618223a4e3f49e006948565c", + "stats": { + "loginsCount": 3 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635927908108, + "completedAt": 1635927922781, + "timers": { + "rules": 3 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "elapsedTime": 14673 + } + ], + "initiatedAt": 1635927908100, + "completedAt": 1635927922926, + "elapsedTime": 14826, + "session_id": "OaSNVnavgh1v3trIypNKMy91KwW46vwV", + "stats": { + "loginsCount": 3 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103082523938106767168777938667793699345570725970" + } + } + }, + { + "json": { + "log_id": "90020211103085743984334492679133419381702055446601269346", + "data": { + "date": "2021-11-03T08:57:43.766Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635929857727, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "61823277a44a21007221a59a", + "stats": { + "loginsCount": 1 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635929845687, + "completedAt": 1635929857759, + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "elapsedTime": 12072 + }, + { + "name": "consent", + "flow": "consent", + "initiatedAt": 1635929857904, + "completedAt": 1635929863646, + "grantInfo": { + "id": "61824f074369c9b4f98894d2", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": "openid profile", + "expiration": null + }, + "elapsedTime": 5742 + } + ], + "initiatedAt": 1635929845677, + "completedAt": 1635929863765, + "elapsedTime": 18088, + "session_id": "cLW4Pfr8LsVBdqnPSt-m6rcY4rUZ_2IB", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103085743984334492679133419381702055446601269346" + } + } + }, + { + "json": { + "log_id": "90020211103085846311106767482389012311483635020016386130", + "data": { + "date": "2021-11-03T08:58:41.249Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635929921066, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "61823277a44a21007221a59a", + "stats": { + "loginsCount": 2 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635929907870, + "completedAt": 1635929921093, + "timers": { + "rules": 4 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "elapsedTime": 13223 + } + ], + "initiatedAt": 1635929907862, + "completedAt": 1635929921248, + "elapsedTime": 13386, + "session_id": "r4bE-y9UfSSVmmajSLRwUDv1LWIL6ZLN", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103085846311106767482389012311483635020016386130" + } + } + }, + { + "json": { + "log_id": "90020211103102326019106768307490555605025312816601497682", + "data": { + "date": "2021-11-03T10:23:21.134Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635935000929, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "61823277a44a21007221a59a", + "stats": { + "loginsCount": 3 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635934987423, + "completedAt": 1635935000954, + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "elapsedTime": 13531 + } + ], + "initiatedAt": 1635934987414, + "completedAt": 1635935001133, + "elapsedTime": 13719, + "session_id": "a0rY7F2WD761Y4_JSvT5xiKoYWm5lrad", + "stats": { + "loginsCount": 3 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103102326019106768307490555605025312816601497682" + } + } + }, + { + "json": { + "log_id": "90020211103103601619106768431214441836025743766305374290", + "data": { + "date": "2021-11-03T10:36:01.473Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635935761302, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "61823277a44a21007221a59a", + "stats": { + "loginsCount": 4 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635935753453, + "completedAt": 1635935761327, + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "elapsedTime": 7874 + } + ], + "initiatedAt": 1635935753446, + "completedAt": 1635935761471, + "elapsedTime": 8025, + "session_id": "n1a9tPB4WT9zDwIi1-MoUB3acjjlOpC_", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103103601619106768431214441836025743766305374290" + } + } + }, + { + "json": { + "log_id": "90020211103103728977106768445798922923856636177274634322", + "data": { + "date": "2021-11-03T10:37:24.815Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635935844611, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "6182002f34f4dd006b05b5c7", + "stats": { + "loginsCount": 2 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635935832421, + "completedAt": 1635935844636, + "timers": { + "rules": 3 + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "elapsedTime": 12215 + } + ], + "initiatedAt": 1635935832413, + "completedAt": 1635935844814, + "elapsedTime": 12401, + "session_id": "CrmzUMuPsXbBz95df4wVfYrGYaxqB7Hw", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103103728977106768445798922923856636177274634322" + } + } + }, + { + "json": { + "log_id": "90020211103104329992334500305177724905858622502505283682", + "data": { + "date": "2021-11-03T10:43:24.916Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635936204718, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618232c562bac1006935a7af", + "stats": { + "loginsCount": 4 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635936193430, + "completedAt": 1635936204745, + "timers": { + "rules": 3 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "elapsedTime": 11315 + } + ], + "initiatedAt": 1635936193423, + "completedAt": 1635936204915, + "elapsedTime": 11492, + "session_id": "-tfrm4nuYkLaJY-geUDlLSxqh_sDO7Qw", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103104329992334500305177724905858622502505283682" + } + } + }, + { + "json": { + "log_id": "90020211103105137404334500886230995142155564051687538786", + "data": { + "date": "2021-11-03T10:51:32.997Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635936692773, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "61823277a44a21007221a59a", + "stats": { + "loginsCount": 5 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635936685031, + "completedAt": 1635936692796, + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "elapsedTime": 7765 + } + ], + "initiatedAt": 1635936685023, + "completedAt": 1635936692996, + "elapsedTime": 7973, + "session_id": "Pbgtp8b2_F34Pv0B0L26myPifN1gacV3", + "stats": { + "loginsCount": 5 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103105137404334500886230995142155564051687538786" + } + } + }, + { + "json": { + "log_id": "90020211103105337123223384318516938634385981199129509954", + "data": { + "date": "2021-11-03T10:53:33.203Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635936813034, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "61823277a44a21007221a59a", + "stats": { + "loginsCount": 6 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635936804034, + "completedAt": 1635936813057, + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "elapsedTime": 9023 + } + ], + "initiatedAt": 1635936804026, + "completedAt": 1635936813202, + "elapsedTime": 9176, + "session_id": "kpQezDhAcvfcPJqdtnUVODhOUu3ZBdWc", + "stats": { + "loginsCount": 6 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103105337123223384318516938634385981199129509954" + } + } + }, + { + "json": { + "log_id": "90020211103221641031334535841785515161071694533024022626", + "data": { + "date": "2021-11-03T22:16:38.616Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635977798421, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618232c562bac1006935a7af", + "stats": { + "loginsCount": 5 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635977789152, + "completedAt": 1635977798445, + "timers": { + "rules": 3 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "elapsedTime": 9293 + } + ], + "initiatedAt": 1635977789145, + "completedAt": 1635977798614, + "elapsedTime": 9469, + "session_id": "-iZ5MQAr3gBWvn2IRCViL-tRLZ1xyowh", + "stats": { + "loginsCount": 5 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103221641031334535841785515161071694533024022626" + } + } + }, + { + "json": { + "log_id": "90020211104001515271334544008635532534914988032684720226", + "data": { + "date": "2021-11-04T00:15:10.706Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635984910474, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "618223a4e3f49e006948565c", + "stats": { + "loginsCount": 4 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635984900427, + "completedAt": 1635984910503, + "timers": { + "rules": 4 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "elapsedTime": 10076 + } + ], + "initiatedAt": 1635984900418, + "completedAt": 1635984910705, + "elapsedTime": 10287, + "session_id": "m5SgtzMKxmeNBxj_kCfUUJhzrSdfvLFu", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211104001515271334544008635532534914988032684720226" + } + } + }, + { + "json": { + "log_id": "90020211104011629842115419891701676038855773484430131250", + "data": { + "date": "2021-11-04T01:16:26.175Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635988582904, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "6183285d6e5071006a61f319", + "stats": { + "loginsCount": 1 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635985386617, + "completedAt": 1635988582930, + "timers": { + "rules": 6 + }, + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "elapsedTime": 3196313 + }, + { + "name": "consent", + "flow": "consent", + "initiatedAt": 1635988583097, + "completedAt": 1635988585993, + "grantInfo": { + "id": "618334694369c9b4f9944b99", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": "openid profile", + "expiration": null + }, + "elapsedTime": 2896 + } + ], + "initiatedAt": 1635985386610, + "completedAt": 1635988586174, + "elapsedTime": 3199564, + "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211104011629842115419891701676038855773484430131250" + } + } + }, + { + "json": { + "log_id": "90020211104011629842115419891701676038855773484430131250", + "data": { + "date": "2021-11-04T01:16:26.175Z", + "type": "s", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "prompts": [ + { + "name": "prompt-authenticate", + "completedAt": 1635988582904, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "strategy": "auth0", + "identity": "6183285d6e5071006a61f319", + "stats": { + "loginsCount": 1 + }, + "elapsedTime": null + }, + { + "name": "login", + "flow": "universal-login", + "initiatedAt": 1635985386617, + "completedAt": 1635988582930, + "timers": { + "rules": 6 + }, + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "elapsedTime": 3196313 + }, + { + "name": "consent", + "flow": "consent", + "initiatedAt": 1635988583097, + "completedAt": 1635988585993, + "grantInfo": { + "id": "618334694369c9b4f9944b99", + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "scope": "openid profile", + "expiration": null + }, + "elapsedTime": 2896 + } + ], + "initiatedAt": 1635985386610, + "completedAt": 1635988586174, + "elapsedTime": 3199564, + "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211104011629842115419891701676038855773484430131250" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json new file mode 100644 index 000000000..bde68e3a7 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json @@ -0,0 +1,2538 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-04T00:15:10.706Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-04T00:15:10.706Z", + "details": { + "completedAt": 1635984910705, + "elapsedTime": 10287, + "initiatedAt": 1635984900418, + "prompts": [ + { + "completedAt": 1635984910474, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618223a4e3f49e006948565c", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 4 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635984910503, + "elapsedTime": 10076, + "flow": "universal-login", + "initiatedAt": 1635984900427, + "name": "login", + "timers": { + "rules": 4 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com" + } + ], + "session_id": "m5SgtzMKxmeNBxj_kCfUUJhzrSdfvLFu", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-04T00:15:10.705Z", + "elapsedTime": 10287, + "initiatedAt": "2021-11-04T00:15:00.418Z", + "stats": { + "loginsCount": 4 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211104001515271334544008635532534914988032684720226", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T03:25:28.923Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T03:25:28.923Z", + "details": { + "completedAt": 1635909928922, + "elapsedTime": 1110091, + "initiatedAt": 1635908818831, + "prompts": [ + { + "completedAt": 1635909903693, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "6182002f34f4dd006b05b5c7", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635909903745, + "elapsedTime": 1084902, + "flow": "universal-login", + "initiatedAt": 1635908818843, + "name": "login", + "timers": { + "rules": 5 + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com" + }, + { + "completedAt": 1635909928352, + "elapsedTime": 23378, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618201284369c9b4f9cd6d52", + "scope": "openid profile" + }, + "initiatedAt": 1635909904974, + "name": "consent" + } + ], + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T03:25:28.922Z", + "elapsedTime": 1110091, + "initiatedAt": "2021-11-03T03:06:58.831Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103032530111223343147286033102509916061341581378", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T05:53:54.497Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T05:53:54.497Z", + "details": { + "completedAt": 1635918834496, + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T05:53:54.496Z" + }, + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103055358897115394211080445765255360986168164402", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T05:54:15.721Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T05:54:15.721Z", + "details": { + "completedAt": 1635918855720, + "elapsedTime": 16559, + "initiatedAt": 1635918839161, + "prompts": [ + { + "completedAt": 1635918849692, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618223a4e3f49e006948565c", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635918849714, + "elapsedTime": 10547, + "flow": "universal-login", + "initiatedAt": 1635918839167, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com" + }, + { + "completedAt": 1635918855600, + "elapsedTime": 5752, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618224074369c9b4f979b8fd", + "scope": "openid profile" + }, + "initiatedAt": 1635918849848, + "name": "consent" + } + ], + "session_id": "SIMuasvKPfIe7_GhWAVKN9e2mNCtyLqV", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T05:54:15.720Z", + "elapsedTime": 16559, + "initiatedAt": "2021-11-03T05:53:59.161Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103055417070115394218609635769815272723188809778", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T07:00:20.901Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T07:00:20.901Z", + "details": { + "completedAt": 1635922820899, + "elapsedTime": 31561, + "initiatedAt": 1635922789338, + "prompts": [ + { + "completedAt": 1635922802377, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618232c562bac1006935a7af", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635922802403, + "elapsedTime": 13058, + "flow": "universal-login", + "initiatedAt": 1635922789345, + "name": "login", + "timers": { + "rules": 4 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com" + }, + { + "completedAt": 1635922820747, + "elapsedTime": 18139, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618233844369c9b4f99bb257", + "scope": "openid profile" + }, + "initiatedAt": 1635922802608, + "name": "consent" + } + ], + "session_id": "W_t_rUyDtC_Zzg0UbQYlAmiWwAeRZgfU", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T07:00:20.899Z", + "elapsedTime": 31561, + "initiatedAt": "2021-11-03T06:59:49.338Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103070023776106766408080709488401774690453946450", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T08:13:24.062Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:13:24.062Z", + "details": { + "completedAt": 1635927204061, + "elapsedTime": 56976, + "initiatedAt": 1635927147085, + "prompts": [ + { + "completedAt": 1635927203775, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618223a4e3f49e006948565c", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 2 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635927203800, + "elapsedTime": 56702, + "flow": "universal-login", + "initiatedAt": 1635927147098, + "name": "login", + "timers": { + "rules": 5 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com" + } + ], + "session_id": "64o8cYYqWbizfNgIEi0FNPDcC0y7dD5J", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:13:24.061Z", + "elapsedTime": 56976, + "initiatedAt": "2021-11-03T08:12:27.085Z", + "stats": { + "loginsCount": 2 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103081328131115397696989032404368410264534515762", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T08:17:45.995Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:17:45.995Z", + "details": { + "completedAt": 1635927465994, + "elapsedTime": 54761, + "initiatedAt": 1635927411233, + "prompts": [ + { + "completedAt": 1635927465747, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618232c562bac1006935a7af", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 2 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635927465771, + "elapsedTime": 54530, + "flow": "universal-login", + "initiatedAt": 1635927411241, + "name": "login", + "timers": { + "rules": 4 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com" + } + ], + "session_id": "ZYs3vYxcddXOwaZQW0vvHmDTuys177ni", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:17:45.994Z", + "elapsedTime": 54761, + "initiatedAt": "2021-11-03T08:16:51.233Z", + "stats": { + "loginsCount": 2 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103081746881223368292279380811829523597632733250", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T08:22:52.918Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:22:52.918Z", + "details": { + "completedAt": 1635927772916, + "elapsedTime": 19203, + "initiatedAt": 1635927753713, + "prompts": [ + { + "completedAt": 1635927772715, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618232c562bac1006935a7af", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 3 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635927772739, + "elapsedTime": 19018, + "flow": "universal-login", + "initiatedAt": 1635927753721, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com" + } + ], + "session_id": "H6IbewiK1ZyHmQzlGRXPIarqxV3J3xA-", + "stats": { + "loginsCount": 3 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:22:52.916Z", + "elapsedTime": 19203, + "initiatedAt": "2021-11-03T08:22:33.713Z", + "stats": { + "loginsCount": 3 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103082255307115397925598113819314440794590412850", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T08:25:00.106Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:25:00.106Z", + "details": { + "completedAt": 1635927900104, + "session_id": "H6IbewiK1ZyHmQzlGRXPIarqxV3J3xA-" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:25:00.104Z" + }, + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103082502886106767165048402514282566829773684818", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T08:25:22.927Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:25:22.927Z", + "details": { + "completedAt": 1635927922926, + "elapsedTime": 14826, + "initiatedAt": 1635927908100, + "prompts": [ + { + "completedAt": 1635927922758, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618223a4e3f49e006948565c", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 3 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635927922781, + "elapsedTime": 14673, + "flow": "universal-login", + "initiatedAt": 1635927908108, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com" + } + ], + "session_id": "OaSNVnavgh1v3trIypNKMy91KwW46vwV", + "stats": { + "loginsCount": 3 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:25:22.926Z", + "elapsedTime": 14826, + "initiatedAt": "2021-11-03T08:25:08.100Z", + "stats": { + "loginsCount": 3 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103082523938106767168777938667793699345570725970", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T08:57:43.766Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:57:43.766Z", + "details": { + "completedAt": 1635929863765, + "elapsedTime": 18088, + "initiatedAt": 1635929845677, + "prompts": [ + { + "completedAt": 1635929857727, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "61823277a44a21007221a59a", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635929857759, + "elapsedTime": 12072, + "flow": "universal-login", + "initiatedAt": 1635929845687, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com" + }, + { + "completedAt": 1635929863646, + "elapsedTime": 5742, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "61824f074369c9b4f98894d2", + "scope": "openid profile" + }, + "initiatedAt": 1635929857904, + "name": "consent" + } + ], + "session_id": "cLW4Pfr8LsVBdqnPSt-m6rcY4rUZ_2IB", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:57:43.765Z", + "elapsedTime": 18088, + "initiatedAt": "2021-11-03T08:57:25.677Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103085743984334492679133419381702055446601269346", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T08:58:41.249Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T08:58:41.249Z", + "details": { + "completedAt": 1635929921248, + "elapsedTime": 13386, + "initiatedAt": 1635929907862, + "prompts": [ + { + "completedAt": 1635929921066, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "61823277a44a21007221a59a", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 2 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635929921093, + "elapsedTime": 13223, + "flow": "universal-login", + "initiatedAt": 1635929907870, + "name": "login", + "timers": { + "rules": 4 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com" + } + ], + "session_id": "r4bE-y9UfSSVmmajSLRwUDv1LWIL6ZLN", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T08:58:41.248Z", + "elapsedTime": 13386, + "initiatedAt": "2021-11-03T08:58:27.862Z", + "stats": { + "loginsCount": 2 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103085846311106767482389012311483635020016386130", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:23:21.134Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T10:23:21.134Z", + "details": { + "completedAt": 1635935001133, + "elapsedTime": 13719, + "initiatedAt": 1635934987414, + "prompts": [ + { + "completedAt": 1635935000929, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "61823277a44a21007221a59a", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 3 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635935000954, + "elapsedTime": 13531, + "flow": "universal-login", + "initiatedAt": 1635934987423, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com" + } + ], + "session_id": "a0rY7F2WD761Y4_JSvT5xiKoYWm5lrad", + "stats": { + "loginsCount": 3 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T10:23:21.133Z", + "elapsedTime": 13719, + "initiatedAt": "2021-11-03T10:23:07.414Z", + "stats": { + "loginsCount": 3 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103102326019106768307490555605025312816601497682", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:36:01.473Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T10:36:01.473Z", + "details": { + "completedAt": 1635935761471, + "elapsedTime": 8025, + "initiatedAt": 1635935753446, + "prompts": [ + { + "completedAt": 1635935761302, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "61823277a44a21007221a59a", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 4 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635935761327, + "elapsedTime": 7874, + "flow": "universal-login", + "initiatedAt": 1635935753453, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com" + } + ], + "session_id": "n1a9tPB4WT9zDwIi1-MoUB3acjjlOpC_", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T10:36:01.471Z", + "elapsedTime": 8025, + "initiatedAt": "2021-11-03T10:35:53.446Z", + "stats": { + "loginsCount": 4 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103103601619106768431214441836025743766305374290", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:37:24.815Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T10:37:24.815Z", + "details": { + "completedAt": 1635935844814, + "elapsedTime": 12401, + "initiatedAt": 1635935832413, + "prompts": [ + { + "completedAt": 1635935844611, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "6182002f34f4dd006b05b5c7", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 2 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635935844636, + "elapsedTime": 12215, + "flow": "universal-login", + "initiatedAt": 1635935832421, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com" + } + ], + "session_id": "CrmzUMuPsXbBz95df4wVfYrGYaxqB7Hw", + "stats": { + "loginsCount": 2 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T10:37:24.814Z", + "elapsedTime": 12401, + "initiatedAt": "2021-11-03T10:37:12.413Z", + "stats": { + "loginsCount": 2 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103103728977106768445798922923856636177274634322", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:43:24.916Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T10:43:24.916Z", + "details": { + "completedAt": 1635936204915, + "elapsedTime": 11492, + "initiatedAt": 1635936193423, + "prompts": [ + { + "completedAt": 1635936204718, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618232c562bac1006935a7af", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 4 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635936204745, + "elapsedTime": 11315, + "flow": "universal-login", + "initiatedAt": 1635936193430, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com" + } + ], + "session_id": "-tfrm4nuYkLaJY-geUDlLSxqh_sDO7Qw", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T10:43:24.915Z", + "elapsedTime": 11492, + "initiatedAt": "2021-11-03T10:43:13.423Z", + "stats": { + "loginsCount": 4 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103104329992334500305177724905858622502505283682", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:51:32.997Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T10:51:32.997Z", + "details": { + "completedAt": 1635936692996, + "elapsedTime": 7973, + "initiatedAt": 1635936685023, + "prompts": [ + { + "completedAt": 1635936692773, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "61823277a44a21007221a59a", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 5 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635936692796, + "elapsedTime": 7765, + "flow": "universal-login", + "initiatedAt": 1635936685031, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com" + } + ], + "session_id": "Pbgtp8b2_F34Pv0B0L26myPifN1gacV3", + "stats": { + "loginsCount": 5 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T10:51:32.996Z", + "elapsedTime": 7973, + "initiatedAt": "2021-11-03T10:51:25.023Z", + "stats": { + "loginsCount": 5 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103105137404334500886230995142155564051687538786", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:53:33.203Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T10:53:33.203Z", + "details": { + "completedAt": 1635936813202, + "elapsedTime": 9176, + "initiatedAt": 1635936804026, + "prompts": [ + { + "completedAt": 1635936813034, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "61823277a44a21007221a59a", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 6 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635936813057, + "elapsedTime": 9023, + "flow": "universal-login", + "initiatedAt": 1635936804034, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com" + } + ], + "session_id": "kpQezDhAcvfcPJqdtnUVODhOUu3ZBdWc", + "stats": { + "loginsCount": 6 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T10:53:33.202Z", + "elapsedTime": 9176, + "initiatedAt": "2021-11-03T10:53:24.026Z", + "stats": { + "loginsCount": 6 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103105337123223384318516938634385981199129509954", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T22:16:38.616Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T22:16:38.616Z", + "details": { + "completedAt": 1635977798614, + "elapsedTime": 9469, + "initiatedAt": 1635977789145, + "prompts": [ + { + "completedAt": 1635977798421, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618232c562bac1006935a7af", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 5 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635977798445, + "elapsedTime": 9293, + "flow": "universal-login", + "initiatedAt": 1635977789152, + "name": "login", + "timers": { + "rules": 3 + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com" + } + ], + "session_id": "-iZ5MQAr3gBWvn2IRCViL-tRLZ1xyowh", + "stats": { + "loginsCount": 5 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T22:16:38.614Z", + "elapsedTime": 9469, + "initiatedAt": "2021-11-03T22:16:29.145Z", + "stats": { + "loginsCount": 5 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211103221641031334535841785515161071694533024022626", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:15:10.706Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-04T00:15:10.706Z", + "details": { + "completedAt": 1635984910705, + "elapsedTime": 10287, + "initiatedAt": 1635984900418, + "prompts": [ + { + "completedAt": 1635984910474, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "618223a4e3f49e006948565c", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 4 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635984910503, + "elapsedTime": 10076, + "flow": "universal-login", + "initiatedAt": 1635984900427, + "name": "login", + "timers": { + "rules": 4 + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com" + } + ], + "session_id": "m5SgtzMKxmeNBxj_kCfUUJhzrSdfvLFu", + "stats": { + "loginsCount": 4 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-04T00:15:10.705Z", + "elapsedTime": 10287, + "initiatedAt": "2021-11-04T00:15:00.418Z", + "stats": { + "loginsCount": 4 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211104001515271334544008635532534914988032684720226", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T01:16:26.175Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-04T01:16:26.175Z", + "details": { + "completedAt": 1635988586174, + "elapsedTime": 3199564, + "initiatedAt": 1635985386610, + "prompts": [ + { + "completedAt": 1635988582904, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "6183285d6e5071006a61f319", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635988582930, + "elapsedTime": 3196313, + "flow": "universal-login", + "initiatedAt": 1635985386617, + "name": "login", + "timers": { + "rules": 6 + }, + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com" + }, + { + "completedAt": 1635988585993, + "elapsedTime": 2896, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618334694369c9b4f9944b99", + "scope": "openid profile" + }, + "initiatedAt": 1635988583097, + "name": "consent" + } + ], + "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-04T01:16:26.174Z", + "elapsedTime": 3199564, + "initiatedAt": "2021-11-04T00:23:06.610Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211104011629842115419891701676038855773484430131250", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6183285d6e5071006a61f319", + "name": "neo.theone@gmail.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T01:16:26.175Z", + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-04T01:16:26.175Z", + "details": { + "completedAt": 1635988586174, + "elapsedTime": 3199564, + "initiatedAt": 1635985386610, + "prompts": [ + { + "completedAt": 1635988582904, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "6183285d6e5071006a61f319", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635988582930, + "elapsedTime": 3196313, + "flow": "universal-login", + "initiatedAt": 1635985386617, + "name": "login", + "timers": { + "rules": 6 + }, + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com" + }, + { + "completedAt": 1635988585993, + "elapsedTime": 2896, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618334694369c9b4f9944b99", + "scope": "openid profile" + }, + "initiatedAt": 1635988583097, + "name": "consent" + } + ], + "session_id": "Z_IDr9JX5VzO1l-2IEk6bSXWP3mu4wMP", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-04T01:16:26.174Z", + "elapsedTime": 3199564, + "initiatedAt": "2021-11-04T00:23:06.610Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "successful-login", + "category": [ + "authentication", + "session" + ], + "id": "90020211104011629842115419891701676038855773484430131250", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6183285d6e5071006a61f319", + "name": "neo.theone@gmail.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-logout-success.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-logout-success.json new file mode 100644 index 000000000..0327a1abd --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-logout-success.json @@ -0,0 +1,82 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211103055400418223355659153263714766654532376068162", + "data": { + "date": "2021-11-03T05:53:57.546Z", + "type": "slo", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "return_to": "http://localhost:3000", + "allowed_logout_url": [ + "http://localhost:3000" + ], + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "morpheus@test.com", + "log_id": "90020211103055400418223355659153263714766654532376068162" + } + } + }, + { + "json": { + "log_id": "90020211103055419946223355688898883506384606750411063362", + "data": { + "date": "2021-11-03T05:54:18.787Z", + "type": "slo", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "return_to": "http://localhost:3000", + "allowed_logout_url": [ + "http://localhost:3000" + ], + "session_id": "SIMuasvKPfIe7_GhWAVKN9e2mNCtyLqV" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "log_id": "90020211103055419946223355688898883506384606750411063362" + } + } + }, + { + "json": { + "log_id": "90020211103070030748115395814004861398849375090635702322", + "data": { + "date": "2021-11-03T07:00:28.877Z", + "type": "slo", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "return_to": "http://localhost:3000", + "allowed_logout_url": [ + "http://localhost:3000" + ], + "session_id": "W_t_rUyDtC_Zzg0UbQYlAmiWwAeRZgfU" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103070030748115395814004861398849375090635702322" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json new file mode 100644 index 000000000..2f3037b1c --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json @@ -0,0 +1,235 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-03T05:53:57.546Z", + "auth0": { + "logs": { + "data": { + "classification": "Logout - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T05:53:57.546Z", + "details": { + "allowed_logout_url": [ + "http://localhost:3000" + ], + "return_to": "http://localhost:3000", + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "User successfully logged out" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "user-logout-successful", + "category": [ + "authentication", + "session" + ], + "id": "90020211103055400418223355659153263714766654532376068162", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "end" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "morpheus@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T05:54:18.787Z", + "auth0": { + "logs": { + "data": { + "classification": "Logout - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T05:54:18.787Z", + "details": { + "allowed_logout_url": [ + "http://localhost:3000" + ], + "return_to": "http://localhost:3000", + "session_id": "SIMuasvKPfIe7_GhWAVKN9e2mNCtyLqV" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "User successfully logged out" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "user-logout-successful", + "category": [ + "authentication", + "session" + ], + "id": "90020211103055419946223355688898883506384606750411063362", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "end" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + }, + { + "@timestamp": "2021-11-03T07:00:28.877Z", + "auth0": { + "logs": { + "data": { + "classification": "Logout - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T07:00:28.877Z", + "details": { + "allowed_logout_url": [ + "http://localhost:3000" + ], + "return_to": "http://localhost:3000", + "session_id": "W_t_rUyDtC_Zzg0UbQYlAmiWwAeRZgfU" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "User successfully logged out" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "user-logout-successful", + "category": [ + "authentication", + "session" + ], + "id": "90020211103070030748115395814004861398849375090635702322", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "end" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json new file mode 100644 index 000000000..dab14bf10 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json @@ -0,0 +1,3428 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211104001144643223441133851203963552710102024716354", + "data": { + "date": "2021-11-04T00:11:39.575Z", + "type": "sapi", + "description": "Create a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWeb Kit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/log-streams", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001144643223441133851203963552710102024716354" + } + } + }, + { + "json": { + "log_id": "90020211104001430299115418365351830745472004626724159538", + "data": { + "date": "2021-11-04T00:14:30.201Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001269", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001430299115418365351830745472004626724159538" + } + } + }, + { + "json": { + "log_id": "90020211103020611966106762909211229137199648175879618642", + "data": { + "date": "2021-11-03T02:06:06.888Z", + "type": "sapi", + "description": "Create aclient", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "method": "post", + "path": "/api/v2/clients", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "My Test App", + "grant_types": [ + "client_credentials" + ], + "token_endpoint_auth_method": "client_secret_post", + "app_type": "non_interactive", + "is_first_party": true, + "oidc_conformant": true, + "jwt_configuration": { + "lifetime_in_seconds": 36000, + "alg": "RS256" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 201, + "body": { + "client_secret": "REDACTED", + "name": "My Test App", + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "grant_types": [ + "client_credentials" + ], + "token_endpoint_auth_method": "client_secret_post", + "is_token_endpoint_ip_header_trusted": false, + "app_type": "non_interactive", + "is_first_party": true, + "oidc_conformant": true, + "jwt_configuration": { + "lifetime_in_seconds": 36000, + "alg": "RS256", + "secret_encoded": false + }, + "cross_origin_auth": false, + "sso_disabled": false, + "custom_login_page_on": true, + "refresh_token": { + "expiration_type": "non-expiring", + "leeway": 0, + "infinite_token_lifetime": true, + "infinite_idle_token_lifetime": true, + "token_lifetime": 31557600, + "idle_token_lifetime": 2592000, + "rotation_type": "non-rotating" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103020611966106762909211229137199648175879618642" + } + } + }, + { + "json": { + "log_id": "90020211103020613368223336527923928978012089011916505154", + "data": { + "date": "2021-11-03T02:06:08.310Z", + "type": "sapi", + "description": "Create client grant", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/client-grants", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "audience": "https://dev-yoj8axza.au.auth0.com/api/v2/", + "scope": [ + "read:client_grants", + "create:client_grants", + "delete:client_grants", + "update:client_grants", + "read:users", + "update:users", + "delete:users", + "create:users", + "read:users_app_metadata", + "update:users_app_metadata", + "delete:users_app_metadata", + "create:users_app_metadata", + "read:user_custom_blocks", + "create:user_custom_blocks", + "delete:user_custom_blocks", + "create:user_tickets", + "read:clients", + "update:clients", + "delete:clients", + "create:clients", + "read:client_keys", + "update:client_keys", + "delete:client_keys", + "create:client_keys", + "read:connections", + "update:connections", + "delete:connections", + "create:connections", + "read:resource_servers", + "update:resource_servers", + "delete:resource_servers", + "create:resource_servers", + "read:device_credentials", + "update:device_credentials", + "delete:device_credentials", + "create:device_credentials", + "read:rules", + "update:rules", + "delete:rules", + "create:rules", + "read:rules_configs", + "update:rules_configs", + "delete:rules_configs", + "read:hooks", + "update:hooks", + "delete:hooks", + "create:hooks", + "read:actions", + "update:actions", + "delete:actions", + "create:actions", + "read:email_provider", + "update:email_provider", + "delete:email_provider", + "create:email_provider", + "blacklist:tokens", + "read:stats", + "read:insights", + "read:tenant_settings", + "update:tenant_settings", + "read:logs", + "read:logs_users", + "read:shields", + "create:shields", + "update:shields", + "delete:shields", + "read:anomaly_blocks", + "delete:anomaly_blocks", + "update:triggers", + "read:triggers", + "read:grants", + "delete:grants", + "read:guardian_factors", + "update:guardian_factors", + "read:guardian_enrollments", + "delete:guardian_enrollments", + "create:guardian_enrollment_tickets", + "read:user_idp_tokens", + "create:passwords_checking_job", + "delete:passwords_checking_job", + "read:custom_domains", + "delete:custom_domains", + "create:custom_domains", + "update:custom_domains", + "read:email_templates", + "create:email_templates", + "update:email_templates", + "read:mfa_policies", + "update:mfa_policies", + "read:roles", + "create:roles", + "delete:roles", + "update:roles", + "read:prompts", + "update:prompts", + "read:branding", + "update:branding", + "delete:branding", + "read:log_streams", + "create:log_streams", + "delete:log_streams", + "update:log_streams", + "create:signing_keys", + "read:signing_keys", + "update:signing_keys", + "read:limits", + "update:limits", + "create:role_members", + "read:role_members", + "delete:role_members", + "read:entitlements", + "read:attack_protection", + "update:attack_protection", + "read:organizations", + "update:organizations", + "create:organizations", + "delete:organizations", + "create:organization_members", + "read:organization_members", + "delete:organization_members", + "create:organization_connections", + "read:organization_connections", + "update:organization_connections", + "delete:organization_connections", + "create:organization_member_roles", + "read:organization_member_roles", + "delete:organization_member_roles", + "create:organization_invitations", + "read:organization_invitations", + "delete:organization_invitations" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 201, + "body": { + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "audience": "https://dev-yoj8axza.au.auth0.com/api/v2/", + "scope": [ + "read:client_grants", + "create:client_grants", + "delete:client_grants", + "update:client_grants", + "read:users", + "update:users", + "delete:users", + "create:users", + "read:users_app_metadata", + "update:users_app_metadata", + "delete:users_app_metadata", + "create:users_app_metadata", + "read:user_custom_blocks", + "create:user_custom_blocks", + "delete:user_custom_blocks", + "create:user_tickets", + "read:clients", + "update:clients", + "delete:clients", + "create:clients", + "read:client_keys", + "update:client_keys", + "delete:client_keys", + "create:client_keys", + "read:connections", + "update:connections", + "delete:connections", + "create:connections", + "read:resource_servers", + "update:resource_servers", + "delete:resource_servers", + "create:resource_servers", + "read:device_credentials", + "update:device_credentials", + "delete:device_credentials", + "create:device_credentials", + "read:rules", + "update:rules", + "delete:rules", + "create:rules", + "read:rules_configs", + "update:rules_configs", + "delete:rules_configs", + "read:hooks", + "update:hooks", + "delete:hooks", + "create:hooks", + "read:actions", + "update:actions", + "delete:actions", + "create:actions", + "read:email_provider", + "update:email_provider", + "delete:email_provider", + "create:email_provider", + "blacklist:tokens", + "read:stats", + "read:insights", + "read:tenant_settings", + "update:tenant_settings", + "read:logs", + "read:logs_users", + "read:shields", + "create:shields", + "update:shields", + "delete:shields", + "read:anomaly_blocks", + "delete:anomaly_blocks", + "update:triggers", + "read:triggers", + "read:grants", + "delete:grants", + "read:guardian_factors", + "update:guardian_factors", + "read:guardian_enrollments", + "delete:guardian_enrollments", + "create:guardian_enrollment_tickets", + "read:user_idp_tokens", + "create:passwords_checking_job", + "delete:passwords_checking_job", + "read:custom_domains", + "delete:custom_domains", + "create:custom_domains", + "update:custom_domains", + "read:email_templates", + "create:email_templates", + "update:email_templates", + "read:mfa_policies", + "update:mfa_policies", + "read:roles", + "create:roles", + "delete:roles", + "update:roles", + "read:prompts", + "update:prompts", + "read:branding", + "update:branding", + "delete:branding", + "read:log_streams", + "create:log_streams", + "delete:log_streams", + "update:log_streams", + "create:signing_keys", + "read:signing_keys", + "update:signing_keys", + "read:limits", + "update:limits", + "create:role_members", + "read:role_members", + "delete:role_members", + "read:entitlements", + "read:attack_protection", + "update:attack_protection", + "read:organizations", + "update:organizations", + "create:organizations", + "delete:organizations", + "create:organization_members", + "read:organization_members", + "delete:organization_members", + "create:organization_connections", + "read:organization_connections", + "update:organization_connections", + "delete:organization_connections", + "create:organization_member_roles", + "read:organization_member_roles", + "delete:organization_member_roles", + "create:organization_invitations", + "read:organization_invitations", + "delete:organization_invitations" + ] + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103020613368223336527923928978012089011916505154" + } + } + }, + { + "json": { + "log_id": "90020211103022433749106763107276799719582109303184556114", + "data": { + "date": "2021-11-03T02:24:28.694Z", + "type": "sapi", + "description": "Delete a client", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "deleted": true, + "request": { + "method": "delete", + "path": "/api/v2/clients/OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103022433749106763107276799719582109303184556114" + } + } + }, + { + "json": { + "log_id": "90020211103030624570334467768583429092788396400448634978", + "data": { + "date": "2021-11-03T03:06:19.520Z", + "type": "sapi", + "description": "Update a client", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "method": "patch", + "path": "/api/v2/clients/aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Default App", + "callbacks": [ + "http://localhost:3000/callback" + ], + "client_aliases": [], + "allowed_clients": [], + "allowed_logout_urls": [ + "http://localhost:3000" + ], + "token_endpoint_auth_method": "client_secret_post", + "is_token_endpoint_ip_header_trusted": false, + "oidc_conformant": true, + "jwt_configuration": { + "lifetime_in_seconds": 36000, + "alg": "RS256" + }, + "cross_origin_auth": false, + "cross_origin_loc": null, + "refresh_token": { + "expiration_type": "non-expiring", + "rotation_type": "non-rotating", + "token_lifetime": 2592000, + "idle_token_lifetime": 1296000, + "infinite_idle_token_lifetime": true, + "infinite_token_lifetime": true + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "client_secret": "REDACTED", + "name": "Default App", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "callbacks": [ + "http://localhost:3000/callback" + ], + "client_aliases": [], + "allowed_clients": [], + "allowed_logout_urls": [ + "http://localhost:3000" + ], + "grant_types": [ + "authorization_code", + "implicit", + "refresh_token", + "client_credentials" + ], + "token_endpoint_auth_method": "client_secret_post", + "is_token_endpoint_ip_header_trusted": false, + "is_first_party": true, + "oidc_conformant": true, + "jwt_configuration": { + "lifetime_in_seconds": 36000, + "alg": "RS256", + "secret_encoded": false + }, + "cross_origin_auth": false, + "sso_disabled": false, + "custom_login_page_on": true, + "refresh_token": { + "expiration_type": "non-expiring", + "leeway": 0, + "infinite_token_lifetime": true, + "infinite_idle_token_lifetime": true, + "token_lifetime": 2592000, + "idle_token_lifetime": 1296000, + "rotation_type": "non-rotating" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103030624570334467768583429092788396400448634978" + } + } + }, + { + "json": { + "log_id": "90020211103032124568106763774270188620644010490909950034", + "data": { + "date": "2021-11-03T03:21:19.527Z", + "type": "sapi", + "description": "Create a User", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "email": "neo@test.com", + "connection": "Username-Password-Authentication" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 201, + "body": { + "created_at": "2021-11-03T03:21:19.513Z", + "email": "neo@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "user_id": "6182002f34f4dd006b05b5c7", + "provider": "auth0", + "isSocial": false + } + ], + "name": "neo@test.com", + "nickname": "neo", + "picture": "https://s.gravatar.com/avatar/c443e892986d3eeaa11624d291e12ff7?s=480\u0026r=pg\u0026d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fsa.png", + "updated_at": "2021-11-03T03:21:19.513Z", + "user_id": "auth0|6182002f34f4dd006b05b5c7" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103032124568106763774270188620644010490909950034" + } + } + }, + { + "json": { + "log_id": "90020211103055201651106765763656756713725338080159727698", + "data": { + "date": "2021-11-03T05:51:56.593Z", + "type": "sapi", + "description": "Create a role", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/roles", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Developer", + "description": "Developer" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "rol_wHAsjshEdEuy5Q6Q", + "name": "Developer", + "description": "Developer" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103055201651106765763656756713725338080159727698" + } + } + }, + { + "json": { + "log_id": "90020211103055241800334479420105301992278595094592880738", + "data": { + "date": "2021-11-03T05:52:36.724Z", + "type": "sapi", + "description": "Create a User", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "email": "dev@test.com", + "connection": "Username-Password-Authentication" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 201, + "body": { + "created_at": "2021-11-03T05:52:36.711Z", + "email": "dev@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "user_id": "618223a4e3f49e006948565c", + "provider": "auth0", + "isSocial": false + } + ], + "name": "dev@test.com", + "nickname": "dev", + "picture": "https://s.gravatar.com/avatar/eb51e8001ebce2e251a917b90e413651?s=480\u0026r=pg\u0026d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fde.png", + "updated_at": "2021-11-03T05:52:36.711Z", + "user_id": "auth0|618223a4e3f49e006948565c" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103055241800334479420105301992278595094592880738" + } + } + }, + { + "json": { + "log_id": "90020211103055256670115394184485286659553129442479964210", + "data": { + "date": "2021-11-03T05:52:51.627Z", + "type": "sapi", + "description": "Assign roles to a user", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users/auth0%7C618223a4e3f49e006948565c/roles", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "roles": [ + "rol_wHAsjshEdEuy5Q6Q" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103055256670115394184485286659553129442479964210" + } + } + }, + { + "json": { + "log_id": "90020211103065452635223360866384833983071056920485822530", + "data": { + "date": "2021-11-03T06:54:47.587Z", + "type": "sapi", + "description": "Create a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/log-streams", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103065452635223360866384833983071056920485822530" + } + } + }, + { + "json": { + "log_id": "90020211103065557018115395702077673315648528681783001138", + "data": { + "date": "2021-11-03T06:55:51.980Z", + "type": "sapi", + "description": "Create a User", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "email": "new@test.com", + "connection": "Username-Password-Authentication" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 201, + "body": { + "created_at": "2021-11-03T06:55:51.966Z", + "email": "new@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "user_id": "61823277a44a21007221a59a", + "provider": "auth0", + "isSocial": false + } + ], + "name": "new@test.com", + "nickname": "new", + "picture": "https://s.gravatar.com/avatar/0367d388004b3e117531783fd3fc55c0?s=480\u0026r=pg\u0026d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fne.png", + "updated_at": "2021-11-03T06:55:51.966Z", + "user_id": "auth0|61823277a44a21007221a59a" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103065557018115395702077673315648528681783001138" + } + } + }, + { + "json": { + "log_id": "90020211103065714339223361067039923671067987838033199170", + "data": { + "date": "2021-11-03T06:57:09.304Z", + "type": "sapi", + "description": "Create a User", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "email": "neo@test.com", + "connection": "Username-Password-Authentication" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 201, + "body": { + "created_at": "2021-11-03T06:57:09.292Z", + "email": "neo@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "user_id": "618232c562bac1006935a7af", + "provider": "auth0", + "isSocial": false + } + ], + "name": "neo@test.com", + "nickname": "neo", + "picture": "https://s.gravatar.com/avatar/04a903e8c7a0a59fcad5c0917198713c?s=480\u0026r=pg\u0026d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fne.png", + "updated_at": "2021-11-03T06:57:09.292Z", + "user_id": "auth0|618232c562bac1006935a7af" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103065714339223361067039923671067987838033199170" + } + } + }, + { + "json": { + "log_id": "90020211103065749319223361118823052228441016312579227714", + "data": { + "date": "2021-11-03T06:57:44.241Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103065749319223361118823052228441016312579227714" + } + } + }, + { + "json": { + "log_id": "90020211103065755703334484036594061580074854637857931362", + "data": { + "date": "2021-11-03T06:57:50.657Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103065755703334484036594061580074854637857931362" + } + } + }, + { + "json": { + "log_id": "90020211103102518772106768325799737143088879501546881106", + "data": { + "date": "2021-11-03T10:25:13.721Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103102518772106768325799737143088879501546881106" + } + } + }, + { + "json": { + "log_id": "90020211103102539283106768328796664249913546600033026130", + "data": { + "date": "2021-11-03T10:25:34.225Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103102539283106768328796664249913546600033026130" + } + } + }, + { + "json": { + "log_id": "90020211103103450924115401067497187080527810246993772594", + "data": { + "date": "2021-11-03T10:34:45.862Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103103450924115401067497187080527810246993772594" + } + } + }, + { + "json": { + "log_id": "90020211103103829322334499936628226315601595573261566050", + "data": { + "date": "2021-11-03T10:38:24.283Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103103829322334499936628226315601595573261566050" + } + } + }, + { + "json": { + "log_id": "90020211103105013648106768571684368520328024641108967506", + "data": { + "date": "2021-11-03T10:50:08.583Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103105013648106768571684368520328024641108967506" + } + } + }, + { + "json": { + "log_id": "90020211103105028636106768573844718959979368007101055058", + "data": { + "date": "2021-11-03T10:50:23.785Z", + "type": "sapi", + "description": "Delete log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001266", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103105028636106768573844718959979368007101055058" + } + } + }, + { + "json": { + "log_id": "90020211103105106453115401454081441047795921590151020594", + "data": { + "date": "2021-11-03T10:51:01.383Z", + "type": "sapi", + "description": "Create a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/log-streams", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Test", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001267", + "name": "Test", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103105106453115401454081441047795921590151020594" + } + } + }, + { + "json": { + "log_id": "90020211103105320277115401505863360679349342238750539826", + "data": { + "date": "2021-11-03T10:53:15.204Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001267", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Test", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001267", + "name": "Test", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103105320277115401505863360679349342238750539826" + } + } + }, + { + "json": { + "log_id": "90020211103221520095106773246826582098369803737091801170", + "data": { + "date": "2021-11-03T22:15:15.228Z", + "type": "sapi", + "description": "Delete log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001267", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103221520095106773246826582098369803737091801170" + } + } + }, + { + "json": { + "log_id": "90020211103221610905106773254275982998835152147605094482", + "data": { + "date": "2021-11-03T22:16:05.825Z", + "type": "sapi", + "description": "Create a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/log-streams", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Hookbin", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001268", + "name": "Hookbin", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103221610905106773254275982998835152147605094482" + } + } + }, + { + "json": { + "log_id": "90020211104001045161115418273886921085068375064922030130", + "data": { + "date": "2021-11-04T00:10:40.090Z", + "type": "sapi", + "description": "Delete log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001268", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001045161115418273886921085068375064922030130" + } + } + }, + { + "json": { + "log_id": "90020211104001144643223441133851203963552710102024716354", + "data": { + "date": "2021-11-04T00:11:39.575Z", + "type": "sapi", + "description": "Create a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/log-streams", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001144643223441133851203963552710102024716354" + } + } + }, + { + "json": { + "log_id": "90020211104001430299115418365351830745472004626724159538", + "data": { + "date": "2021-11-04T00:14:30.201Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001269", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001430299115418365351830745472004626724159538" + } + } + }, + { + "json": { + "log_id": "90020211104001805663334544207087959379574066518062792802", + "data": { + "date": "2021-11-04T00:18:00.623Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001269", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001805663334544207087959379574066518062792802" + } + } + }, + { + "json": { + "log_id": "90020211104001822312106774692132458296428313631568953426", + "data": { + "date": "2021-11-04T00:18:17.268Z", + "type": "sapi", + "description": "Delete log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001269", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001822312106774692132458296428313631568953426" + } + } + }, + { + "json": { + "log_id": "90020211104001911584334544267391597113591003546241728610", + "data": { + "date": "2021-11-04T00:19:09.845Z", + "type": "sapi", + "description": "Create a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/log-streams", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001270", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104001911584334544267391597113591003546241728610" + } + } + }, + { + "json": { + "log_id": "90020211104002506457115418623436941494261928504829411378", + "data": { + "date": "2021-11-04T00:25:01.407Z", + "type": "sapi", + "description": "Create a User", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh;Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "email": "neo.theone@gmail.com", + "connection": "Username-Password-Authentication" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 201, + "body": { + "created_at": "2021-11-04T00:25:01.393Z", + "email": "neo.theone@gmail.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "user_id": "6183285d6e5071006a61f319", + "provider": "auth0", + "isSocial": false + } + ], + "name": "neo.theone@gmail.com", + "nickname": "neo.theone", + "picture": "https://s.gravatar.com/avatar/5d83a68a5cecb60d7d1d0ff391585401?s=480\u0026r=pg\u0026d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fsa.png", + "updated_at": "2021-11-04T00:25:01.393Z", + "user_id": "auth0|6183285d6e5071006a61f319" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104002506457115418623436941494261928504829411378" + } + } + }, + { + "json": { + "log_id": "90020211104002802607223442397824251848514476856919982146", + "data": { + "date": "2021-11-04T00:27:57.519Z", + "type": "sapi", + "description": "Assign roles to a user", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/users/auth0%7C6183285d6e5071006a61f319/roles", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "roles": [ + "rol_wHAsjshEdEuy5Q6Q" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 204, + "body": {} + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104002802607223442397824251848514476856919982146" + } + } + }, + { + "json": { + "log_id": "90020211104002859000223442470816774985206561084339650626", + "data": { + "date": "2021-11-04T00:28:53.917Z", + "type": "sapi", + "description": "Create a connection", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/connections", + "query": {}, + "userAgent": "Mozilla/5.0(Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "strategy": "auth0", + "name": "NewDB" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 201, + "body": { + "id": "con_H5LL8aMFnXVZ2TS8", + "strategy": "auth0", + "name": "NewDB", + "enabled_clients": [], + "realms": [ + "NewDB" + ] + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104002859000223442470816774985206561084339650626" + } + } + }, + { + "json": { + "log_id": "90020211104002931210223442512137859499634588406100525122", + "data": { + "date": "2021-11-04T00:29:26.157Z", + "type": "sapi", + "description": "Update a connection", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/connections/con_H5LL8aMFnXVZ2TS8", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "con_H5LL8aMFnXVZ2TS8", + "strategy": "auth0", + "name": "NewDB", + "enabled_clients": [], + "realms": [ + "NewDB" + ] + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104002931210223442512137859499634588406100525122" + } + } + }, + { + "json": { + "log_id": "90020211104003216050223442733461953925582835972866834498", + "data": { + "date": "2021-11-04T00:32:11.014Z", + "type": "sapi", + "description": "Create an Organization", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/organizations", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "mistery-inc" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 201, + "body": { + "id": "org_r7r3LEpjEZMz4kyD", + "name": "mistery-inc" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104003216050223442733461953925582835972866834498" + } + } + }, + { + "json": { + "log_id": "90020211104003300765115418817947061241157722073492095026", + "data": { + "date": "2021-11-04T00:33:00.237Z", + "type": "sapi", + "description": "Create a role", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "post", + "path": "/api/v2/roles", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Manager", + "description": "Manager" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "rol_zoIO6vIuED99ZhK7", + "name": "Manager", + "description": "Manager" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104003300765115418817947061241157722073492095026" + } + } + }, + { + "json": { + "log_id": "90020211104003318817223442820361959691121614638423212098", + "data": { + "date": "2021-11-04T00:33:13.749Z", + "type": "sapi", + "description": "Update a role", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/roles/rol_zoIO6vIuED99ZhK7", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": { + "name": "Manager", + "description": "Manager" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "rol_zoIO6vIuED99ZhK7", + "name": "Manager", + "description": "Manager" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104003318817223442820361959691121614638423212098" + } + } + }, + { + "json": { + "log_id": "90020211104004029161106774958584544642771133444254597202", + "data": { + "date": "2021-11-04T00:40:24.117Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.144", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001270", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001270", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104004029161106774958584544642771133444254597202" + } + } + }, + { + "json": { + "log_id": "90020211104011520061106775348824590288553960102659358802", + "data": { + "date": "2021-11-04T01:15:14.992Z", + "type": "sapi", + "description": "Update a log stream", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "89.160.20.112", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "request": { + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001270", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": {}, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@gmail.com", + "email": "neo.theone@gmail.com" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "id": "lst_0000000000001270", + "name": "Postdump", + "type": "http", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211104011520061106775348824590288553960102659358802" + } + } + }, + { + "json": { + "log_id": "90020211103020611967106762909212438063019262805054324818", + "data": { + "date": "2021-11-03T02:06:10.315Z", + "type": "mgmt_api_read", + "description": "Get a client", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "", + "ip": "81.2.69.145", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "method": "get", + "path": "/api/v2/clients/OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "query": {}, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "body": null, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "auth": { + "user": { + "user_id": "auth0|6181ce2b0f293a006d158194", + "name": "neo.theone@elastic.co", + "email": "neo.theone@elastic.co" + }, + "strategy": "jwt", + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + } + } + }, + "response": { + "statusCode": 200, + "body": { + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ" + } + } + }, + "user_id": "auth0|6181ce2b0f293a006d158194", + "log_id": "90020211103020611967106762909212438063019262805054324818" + } + } + }, + { + "json": { + "log_id": "90020211103021424353223337200890620353789672222273568834", + "data": { + "date": "2021-11-03T02:14:21.659Z", + "type": "mgmt_api_read", + "description": "Get clients", + "client_name": "", + "ip": "89.160.20.156", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "method": "get", + "path": "/api/v2/clients", + "query": { + "per_page": 100, + "page": 0, + "fields": "name,tenant,client_id,client_secret,callbacks,global,app_type" + }, + "body": null, + "channel": "api", + "ip": "89.160.20.156", + "auth": { + "user": {}, + "strategy": "jwt", + "credentials": {} + } + }, + "response": { + "statusCode": 200, + "body": [ + { + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB" + }, + { + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ" + }, + { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL" + } + ] + } + }, + "log_id": "90020211103021424353223337200890620353789672222273568834" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json new file mode 100644 index 000000000..643a33f82 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json @@ -0,0 +1,5688 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-04T00:11:39.575Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:11:39.575Z", + "description": "Create a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "post", + "path": "/api/v2/log-streams", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001144643223441133851203963552710102024716354", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWeb Kit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:14:30.201Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:14:30.201Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001269", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001430299115418365351830745472004626724159538", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T02:06:06.888Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T02:06:06.888Z", + "description": "Create aclient", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "app_type": "non_interactive", + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000 + }, + "name": "My Test App", + "oidc_conformant": true, + "token_endpoint_auth_method": "client_secret_post" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "post", + "path": "/api/v2/clients", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "app_type": "non_interactive", + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "client_secret": "REDACTED", + "cross_origin_auth": false, + "custom_login_page_on": true, + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "is_token_endpoint_ip_header_trusted": false, + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000, + "secret_encoded": false + }, + "name": "My Test App", + "oidc_conformant": true, + "refresh_token": { + "expiration_type": "non-expiring", + "idle_token_lifetime": 2592000, + "infinite_idle_token_lifetime": true, + "infinite_token_lifetime": true, + "leeway": 0, + "rotation_type": "non-rotating", + "token_lifetime": 31557600 + }, + "sso_disabled": false, + "token_endpoint_auth_method": "client_secret_post" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103020611966106762909211229137199648175879618642", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T02:06:08.310Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T02:06:08.310Z", + "description": "Create client grant", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "audience": "https://dev-yoj8axza.au.auth0.com/api/v2/", + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "scope": [ + "read:client_grants", + "create:client_grants", + "delete:client_grants", + "update:client_grants", + "read:users", + "update:users", + "delete:users", + "create:users", + "read:users_app_metadata", + "update:users_app_metadata", + "delete:users_app_metadata", + "create:users_app_metadata", + "read:user_custom_blocks", + "create:user_custom_blocks", + "delete:user_custom_blocks", + "create:user_tickets", + "read:clients", + "update:clients", + "delete:clients", + "create:clients", + "read:client_keys", + "update:client_keys", + "delete:client_keys", + "create:client_keys", + "read:connections", + "update:connections", + "delete:connections", + "create:connections", + "read:resource_servers", + "update:resource_servers", + "delete:resource_servers", + "create:resource_servers", + "read:device_credentials", + "update:device_credentials", + "delete:device_credentials", + "create:device_credentials", + "read:rules", + "update:rules", + "delete:rules", + "create:rules", + "read:rules_configs", + "update:rules_configs", + "delete:rules_configs", + "read:hooks", + "update:hooks", + "delete:hooks", + "create:hooks", + "read:actions", + "update:actions", + "delete:actions", + "create:actions", + "read:email_provider", + "update:email_provider", + "delete:email_provider", + "create:email_provider", + "blacklist:tokens", + "read:stats", + "read:insights", + "read:tenant_settings", + "update:tenant_settings", + "read:logs", + "read:logs_users", + "read:shields", + "create:shields", + "update:shields", + "delete:shields", + "read:anomaly_blocks", + "delete:anomaly_blocks", + "update:triggers", + "read:triggers", + "read:grants", + "delete:grants", + "read:guardian_factors", + "update:guardian_factors", + "read:guardian_enrollments", + "delete:guardian_enrollments", + "create:guardian_enrollment_tickets", + "read:user_idp_tokens", + "create:passwords_checking_job", + "delete:passwords_checking_job", + "read:custom_domains", + "delete:custom_domains", + "create:custom_domains", + "update:custom_domains", + "read:email_templates", + "create:email_templates", + "update:email_templates", + "read:mfa_policies", + "update:mfa_policies", + "read:roles", + "create:roles", + "delete:roles", + "update:roles", + "read:prompts", + "update:prompts", + "read:branding", + "update:branding", + "delete:branding", + "read:log_streams", + "create:log_streams", + "delete:log_streams", + "update:log_streams", + "create:signing_keys", + "read:signing_keys", + "update:signing_keys", + "read:limits", + "update:limits", + "create:role_members", + "read:role_members", + "delete:role_members", + "read:entitlements", + "read:attack_protection", + "update:attack_protection", + "read:organizations", + "update:organizations", + "create:organizations", + "delete:organizations", + "create:organization_members", + "read:organization_members", + "delete:organization_members", + "create:organization_connections", + "read:organization_connections", + "update:organization_connections", + "delete:organization_connections", + "create:organization_member_roles", + "read:organization_member_roles", + "delete:organization_member_roles", + "create:organization_invitations", + "read:organization_invitations", + "delete:organization_invitations" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "post", + "path": "/api/v2/client-grants", + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "audience": "https://dev-yoj8axza.au.auth0.com/api/v2/", + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "scope": [ + "read:client_grants", + "create:client_grants", + "delete:client_grants", + "update:client_grants", + "read:users", + "update:users", + "delete:users", + "create:users", + "read:users_app_metadata", + "update:users_app_metadata", + "delete:users_app_metadata", + "create:users_app_metadata", + "read:user_custom_blocks", + "create:user_custom_blocks", + "delete:user_custom_blocks", + "create:user_tickets", + "read:clients", + "update:clients", + "delete:clients", + "create:clients", + "read:client_keys", + "update:client_keys", + "delete:client_keys", + "create:client_keys", + "read:connections", + "update:connections", + "delete:connections", + "create:connections", + "read:resource_servers", + "update:resource_servers", + "delete:resource_servers", + "create:resource_servers", + "read:device_credentials", + "update:device_credentials", + "delete:device_credentials", + "create:device_credentials", + "read:rules", + "update:rules", + "delete:rules", + "create:rules", + "read:rules_configs", + "update:rules_configs", + "delete:rules_configs", + "read:hooks", + "update:hooks", + "delete:hooks", + "create:hooks", + "read:actions", + "update:actions", + "delete:actions", + "create:actions", + "read:email_provider", + "update:email_provider", + "delete:email_provider", + "create:email_provider", + "blacklist:tokens", + "read:stats", + "read:insights", + "read:tenant_settings", + "update:tenant_settings", + "read:logs", + "read:logs_users", + "read:shields", + "create:shields", + "update:shields", + "delete:shields", + "read:anomaly_blocks", + "delete:anomaly_blocks", + "update:triggers", + "read:triggers", + "read:grants", + "delete:grants", + "read:guardian_factors", + "update:guardian_factors", + "read:guardian_enrollments", + "delete:guardian_enrollments", + "create:guardian_enrollment_tickets", + "read:user_idp_tokens", + "create:passwords_checking_job", + "delete:passwords_checking_job", + "read:custom_domains", + "delete:custom_domains", + "create:custom_domains", + "update:custom_domains", + "read:email_templates", + "create:email_templates", + "update:email_templates", + "read:mfa_policies", + "update:mfa_policies", + "read:roles", + "create:roles", + "delete:roles", + "update:roles", + "read:prompts", + "update:prompts", + "read:branding", + "update:branding", + "delete:branding", + "read:log_streams", + "create:log_streams", + "delete:log_streams", + "update:log_streams", + "create:signing_keys", + "read:signing_keys", + "update:signing_keys", + "read:limits", + "update:limits", + "create:role_members", + "read:role_members", + "delete:role_members", + "read:entitlements", + "read:attack_protection", + "update:attack_protection", + "read:organizations", + "update:organizations", + "create:organizations", + "delete:organizations", + "create:organization_members", + "read:organization_members", + "delete:organization_members", + "create:organization_connections", + "read:organization_connections", + "update:organization_connections", + "delete:organization_connections", + "create:organization_member_roles", + "read:organization_member_roles", + "delete:organization_member_roles", + "create:organization_invitations", + "read:organization_invitations", + "delete:organization_invitations" + ] + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103020613368223336527923928978012089011916505154", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T02:24:28.694Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T02:24:28.694Z", + "description": "Delete a client", + "details": { + "deleted": true, + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "delete", + "path": "/api/v2/clients/OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103022433749106763107276799719582109303184556114", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T03:06:19.520Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T03:06:19.520Z", + "description": "Update a client", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "allowed_logout_urls": [ + "http://localhost:3000" + ], + "callbacks": [ + "http://localhost:3000/callback" + ], + "cross_origin_auth": false, + "is_token_endpoint_ip_header_trusted": false, + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000 + }, + "name": "Default App", + "oidc_conformant": true, + "refresh_token": { + "expiration_type": "non-expiring", + "idle_token_lifetime": 1296000, + "infinite_idle_token_lifetime": true, + "infinite_token_lifetime": true, + "rotation_type": "non-rotating", + "token_lifetime": 2592000 + }, + "token_endpoint_auth_method": "client_secret_post" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/clients/aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "allowed_logout_urls": [ + "http://localhost:3000" + ], + "callbacks": [ + "http://localhost:3000/callback" + ], + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_secret": "REDACTED", + "cross_origin_auth": false, + "custom_login_page_on": true, + "grant_types": [ + "authorization_code", + "implicit", + "refresh_token", + "client_credentials" + ], + "is_first_party": true, + "is_token_endpoint_ip_header_trusted": false, + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000, + "secret_encoded": false + }, + "name": "Default App", + "oidc_conformant": true, + "refresh_token": { + "expiration_type": "non-expiring", + "idle_token_lifetime": 1296000, + "infinite_idle_token_lifetime": true, + "infinite_token_lifetime": true, + "leeway": 0, + "rotation_type": "non-rotating", + "token_lifetime": 2592000 + }, + "sso_disabled": false, + "token_endpoint_auth_method": "client_secret_post" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103030624570334467768583429092788396400448634978", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T03:21:19.527Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T03:21:19.527Z", + "description": "Create a User", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "connection": "Username-Password-Authentication", + "email": "neo@test.com" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/users", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "created_at": "2021-11-03T03:21:19.513Z", + "email": "neo@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "isSocial": false, + "provider": "auth0", + "user_id": "6182002f34f4dd006b05b5c7" + } + ], + "name": "neo@test.com", + "nickname": "neo", + "picture": "https://s.gravatar.com/avatar/c443e892986d3eeaa11624d291e12ff7?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fsa.png", + "updated_at": "2021-11-03T03:21:19.513Z", + "user_id": "auth0|6182002f34f4dd006b05b5c7" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103032124568106763774270188620644010490909950034", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T05:51:56.593Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T05:51:56.593Z", + "description": "Create a role", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "description": "Developer", + "name": "Developer" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/roles", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "description": "Developer", + "id": "rol_wHAsjshEdEuy5Q6Q", + "name": "Developer" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103055201651106765763656756713725338080159727698", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T05:52:36.724Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T05:52:36.724Z", + "description": "Create a User", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "connection": "Username-Password-Authentication", + "email": "dev@test.com" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "post", + "path": "/api/v2/users", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "created_at": "2021-11-03T05:52:36.711Z", + "email": "dev@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "isSocial": false, + "provider": "auth0", + "user_id": "618223a4e3f49e006948565c" + } + ], + "name": "dev@test.com", + "nickname": "dev", + "picture": "https://s.gravatar.com/avatar/eb51e8001ebce2e251a917b90e413651?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fde.png", + "updated_at": "2021-11-03T05:52:36.711Z", + "user_id": "auth0|618223a4e3f49e006948565c" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103055241800334479420105301992278595094592880738", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T05:52:51.627Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T05:52:51.627Z", + "description": "Assign roles to a user", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "roles": [ + "rol_wHAsjshEdEuy5Q6Q" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/users/auth0%7C618223a4e3f49e006948565c/roles", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103055256670115394184485286659553129442479964210", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T06:54:47.587Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T06:54:47.587Z", + "description": "Create a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/log-streams", + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103065452635223360866384833983071056920485822530", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T06:55:51.980Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T06:55:51.980Z", + "description": "Create a User", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "connection": "Username-Password-Authentication", + "email": "new@test.com" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/users", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "created_at": "2021-11-03T06:55:51.966Z", + "email": "new@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "isSocial": false, + "provider": "auth0", + "user_id": "61823277a44a21007221a59a" + } + ], + "name": "new@test.com", + "nickname": "new", + "picture": "https://s.gravatar.com/avatar/0367d388004b3e117531783fd3fc55c0?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fne.png", + "updated_at": "2021-11-03T06:55:51.966Z", + "user_id": "auth0|61823277a44a21007221a59a" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103065557018115395702077673315648528681783001138", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T06:57:09.304Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T06:57:09.304Z", + "description": "Create a User", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "connection": "Username-Password-Authentication", + "email": "neo@test.com" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/users", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "created_at": "2021-11-03T06:57:09.292Z", + "email": "neo@test.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "isSocial": false, + "provider": "auth0", + "user_id": "618232c562bac1006935a7af" + } + ], + "name": "neo@test.com", + "nickname": "neo", + "picture": "https://s.gravatar.com/avatar/04a903e8c7a0a59fcad5c0917198713c?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fne.png", + "updated_at": "2021-11-03T06:57:09.292Z", + "user_id": "auth0|618232c562bac1006935a7af" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103065714339223361067039923671067987838033199170", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T06:57:44.241Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T06:57:44.241Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103065749319223361118823052228441016312579227714", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T06:57:50.657Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T06:57:50.657Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103065755703334484036594061580074854637857931362", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:25:13.721Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:25:13.721Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103102518772106768325799737143088879501546881106", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:25:34.225Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:25:34.225Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103102539283106768328796664249913546600033026130", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:34:45.862Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:34:45.862Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103103450924115401067497187080527810246993772594", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:38:24.283Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:38:24.283Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103103829322334499936628226315601595573261566050", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:50:08.583Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:50:08.583Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001266", + "name": "Elasticsearch", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103105013648106768571684368520328024641108967506", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:50:23.785Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:50:23.785Z", + "description": "Delete log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001266", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103105028636106768573844718959979368007101055058", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:51:01.383Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:51:01.383Z", + "description": "Create a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Test", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/log-streams", + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001267", + "name": "Test", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103105106453115401454081441047795921590151020594", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T10:53:15.204Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T10:53:15.204Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Test", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001267", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001267", + "name": "Test", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103105320277115401505863360679349342238750539826", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T22:15:15.228Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T22:15:15.228Z", + "description": "Delete log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001267", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103221520095106773246826582098369803737091801170", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T22:16:05.825Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T22:16:05.825Z", + "description": "Create a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Hookbin", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/log-streams", + "userAgent": "Mozilla/5.0 (Macintosh; IntelMac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001268", + "name": "Hookbin", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103221610905106773254275982998835152147605094482", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:10:40.090Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:10:40.090Z", + "description": "Delete log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001268", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001045161115418273886921085068375064922030130", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:11:39.575Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:11:39.575Z", + "description": "Create a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "post", + "path": "/api/v2/log-streams", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001144643223441133851203963552710102024716354", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:14:30.201Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:14:30.201Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001269", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001430299115418365351830745472004626724159538", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:18:00.623Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:18:00.623Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001269", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001269", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001805663334544207087959379574066518062792802", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:18:17.268Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:18:17.268Z", + "description": "Delete log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "delete", + "path": "/api/v2/log-streams/lst_0000000000001269", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001822312106774692132458296428313631568953426", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:19:09.845Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:19:09.845Z", + "description": "Create a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/log-streams", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001270", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104001911584334544267391597113591003546241728610", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:25:01.407Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:25:01.407Z", + "description": "Create a User", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "connection": "Username-Password-Authentication", + "email": "neo.theone@gmail.com" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/users", + "userAgent": "Mozilla/5.0 (Macintosh;Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "created_at": "2021-11-04T00:25:01.393Z", + "email": "neo.theone@gmail.com", + "email_verified": false, + "identities": [ + { + "connection": "Username-Password-Authentication", + "isSocial": false, + "provider": "auth0", + "user_id": "6183285d6e5071006a61f319" + } + ], + "name": "neo.theone@gmail.com", + "nickname": "neo.theone", + "picture": "https://s.gravatar.com/avatar/5d83a68a5cecb60d7d1d0ff391585401?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fsa.png", + "updated_at": "2021-11-04T00:25:01.393Z", + "user_id": "auth0|6183285d6e5071006a61f319" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104002506457115418623436941494261928504829411378", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:27:57.519Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:27:57.519Z", + "description": "Assign roles to a user", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "roles": [ + "rol_wHAsjshEdEuy5Q6Q" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/users/auth0%7C6183285d6e5071006a61f319/roles", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "statusCode": 204 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104002802607223442397824251848514476856919982146", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:28:53.917Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:28:53.917Z", + "description": "Create a connection", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "NewDB", + "strategy": "auth0" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/connections", + "userAgent": "Mozilla/5.0(Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "con_H5LL8aMFnXVZ2TS8", + "name": "NewDB", + "realms": [ + "NewDB" + ], + "strategy": "auth0" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104002859000223442470816774985206561084339650626", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:29:26.157Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:29:26.157Z", + "description": "Update a connection", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806", + "scopes": [ + "create:actions", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:branding", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "update:actions", + "update:attack_protection", + "update:branding", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/connections/con_H5LL8aMFnXVZ2TS8", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "con_H5LL8aMFnXVZ2TS8", + "name": "NewDB", + "realms": [ + "NewDB" + ], + "strategy": "auth0" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104002931210223442512137859499634588406100525122", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:32:11.014Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:32:11.014Z", + "description": "Create an Organization", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "name": "mistery-inc" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "post", + "path": "/api/v2/organizations", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "org_r7r3LEpjEZMz4kyD", + "name": "mistery-inc" + }, + "statusCode": 201 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104003216050223442733461953925582835972866834498", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:33:00.237Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:33:00.237Z", + "description": "Create a role", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "description": "Manager", + "name": "Manager" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "post", + "path": "/api/v2/roles", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "description": "Manager", + "id": "rol_zoIO6vIuED99ZhK7", + "name": "Manager" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104003300765115418817947061241157722073492095026", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:33:13.749Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:33:13.749Z", + "description": "Update a role", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "body": { + "description": "Manager", + "name": "Manager" + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "patch", + "path": "/api/v2/roles/rol_zoIO6vIuED99ZhK7", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "description": "Manager", + "id": "rol_zoIO6vIuED99ZhK7", + "name": "Manager" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104003318817223442820361959691121614638423212098", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T00:40:24.117Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T00:40:24.117Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001270", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001270", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104004029161106774958584544642771133444254597202", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-04T01:15:14.992Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-04T01:15:14.992Z", + "description": "Update a log stream", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@gmail.com", + "name": "neo.theone@gmail.com", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "89.160.20.112", + "method": "patch", + "path": "/api/v2/log-streams/lst_0000000000001270", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "id": "lst_0000000000001270", + "name": "Postdump", + "sink": { + "httpContentFormat": "JSONLINES", + "httpContentType": "application/json" + }, + "type": "http" + }, + "statusCode": 200 + } + }, + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211104011520061106775348824590288553960102659358802", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T02:06:10.315Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "date": "2021-11-03T02:06:10.315Z", + "description": "Get a client", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "08eb25a1ae7ae2bea404571e84634806" + }, + "strategy": "jwt", + "user": { + "email": "neo.theone@elastic.co", + "name": "neo.theone@elastic.co", + "user_id": "auth0|6181ce2b0f293a006d158194" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.145", + "method": "get", + "path": "/api/v2/clients/OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ", + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" + }, + "response": { + "body": { + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ" + }, + "statusCode": 200 + } + }, + "type": "API GET operation returning secrets completed successfully" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op-secrets-returned", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103020611967106762909212438063019262805054324818", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|6181ce2b0f293a006d158194" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36", + "os": { + "full": "Mac OS X 10.15.7", + "name": "Mac OS X", + "version": "10.15.7" + }, + "version": "95.0.4638.69" + } + }, + { + "@timestamp": "2021-11-03T02:14:21.659Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "date": "2021-11-03T02:14:21.659Z", + "description": "Get clients", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "strategy": "jwt" + }, + "channel": "api", + "ip": "89.160.20.156", + "method": "get", + "path": "/api/v2/clients", + "query": { + "fields": "name,tenant,client_id,client_secret,callbacks,global,app_type", + "page": 0, + "per_page": 100 + } + }, + "response": { + "body": [ + { + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB" + }, + { + "client_id": "OjVPkOH645QsMFPitAEmQOx2J7NcAYCZ" + }, + { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL" + } + ], + "statusCode": 200 + } + }, + "type": "API GET operation returning secrets completed successfully" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op-secrets-returned", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020211103021424353223337200890620353789672222273568834", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.156" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-pull-responses.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-pull-responses.json new file mode 100644 index 000000000..5e0097404 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-pull-responses.json @@ -0,0 +1,599 @@ +{ + "events": [ + { + "json": { + "data": { + "_id": "90020240308035328208838000000000000001223372052034940964", + "date": "2024-03-08T03:53:28.106Z", + "description": "Guardian - Updates tenant settings", + "details": { + "request": { + "auth": { + "scopes": [ + "read:authenticators", + "remove:authenticators", + "update:authenticators", + "create:authenticators", + "read:enrollments", + "delete:enrollments", + "read:factors", + "update:factors", + "update:tenant_settings", + "update:users", + "create:enrollment_tickets", + "create:users" + ], + "strategy": "jwt_api2_internal_token", + "subject": "github|32487232" + }, + "body": {}, + "ip": "81.2.69.144", + "method": "PATCH", + "path": "/api/tenants/settings", + "query": {} + }, + "response": { + "body": { + "friendly_name": "[REDACTED]", + "guardian_mfa_page": "[REDACTED]", + "name": "dev-fulaoenaspapatoulp", + "picture_url": "[REDACTED]" + }, + "statusCode": 200 + } + }, + "ip": "81.2.69.144", + "isMobile": false, + "log_id": "90020240308035328208838000000000000001223372052034940964", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "gd_tenant_update", + "user_agent": "Other 0.0.0 / Other 0.0.0", + "user_id": "github|32487232" + }, + "log_id": "90020240308035328208838000000000000001223372052034940964" + } + }, + { + "json": { + "data": { + "$event_schema": { + "version": "1.0.0" + }, + "_id": "90020240308035328377107000000000000001223372052034941034", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "date": "2024-03-08T03:53:28.286Z", + "description": "Update tenant settings", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3", + "scopes": [ + "create:actions", + "create:authentication_methods", + "create:client_credentials", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:encryption_keys", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:phone_providers", + "create:phone_templates", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:scim_config", + "create:scim_token", + "create:self_service_profiles", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:authentication_methods", + "delete:branding", + "delete:client_credentials", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:encryption_keys", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:phone_providers", + "delete:phone_templates", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:scim_config", + "delete:scim_token", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:authentication_methods", + "read:branding", + "read:checks", + "read:client_credentials", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:encryption_keys", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:phone_providers", + "read:phone_templates", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:scim_config", + "read:scim_token", + "read:self_service_profiles", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "run:checks", + "update:actions", + "update:attack_protection", + "update:authentication_methods", + "update:branding", + "update:client_credentials", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:encryption_keys", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:phone_providers", + "update:phone_templates", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:scim_config", + "update:self_service_profiles", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "flags": { + "dashboard_new_onboarding": false + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/tenants/settings", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "enabled_locales": [ + "en" + ], + "flags": { + "allow_changing_enable_sso": false, + "cannot_change_enforce_client_authentication_on_passwordless_start": true, + "dashboard_new_onboarding": false, + "disable_clickjack_protection_headers": false, + "disable_impersonation": true, + "enable_sso": true, + "enforce_client_authentication_on_passwordless_start": true, + "revoke_refresh_token_grant": false, + "universal_login": true + }, + "oidc_logout": { + "rp_logout_end_session_endpoint_discovery": true + }, + "sandbox_version": "18" + }, + "statusCode": 200 + } + }, + "ip": "81.2.69.144", + "isMobile": false, + "log_id": "90020240308035328377107000000000000001223372052034941034", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "sapi", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "user_id": "github|32487232" + }, + "log_id": "90020240308035328377107000000000000001223372052034941034" + } + }, + { + "json": { + "data": { + "$event_schema": { + "version": "1.0.0" + }, + "_id": "90020240308035905133220000000000000001223372052035100299", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "date": "2024-03-08T03:59:05.059Z", + "description": "Create a client", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "app_type": "non_interactive", + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000 + }, + "name": "cel_test", + "oidc_conformant": true, + "token_endpoint_auth_method": "*****" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/clients", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "app_type": "non_interactive", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "client_secret": "*****", + "cross_origin_auth": false, + "custom_login_page_on": true, + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "is_token_endpoint_ip_header_trusted": "*****", + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000, + "secret_encoded": "*****" + }, + "name": "cel_test", + "oidc_conformant": true, + "refresh_token": "*****", + "sso_disabled": false, + "token_endpoint_auth_method": "*****" + }, + "statusCode": 201 + } + }, + "ip": "81.2.69.144", + "isMobile": false, + "log_id": "90020240308035905133220000000000000001223372052035100299", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "sapi", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "user_id": "github|32487232" + }, + "log_id": "90020240308035905133220000000000000001223372052035100299" + } + }, + { + "json": { + "data": { + "$event_schema": { + "version": "1.0.0" + }, + "_id": "90020240308035905601176000000000000001223372052035100532", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "date": "2024-03-08T03:59:05.520Z", + "description": "Create client grant", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "scope": [ + "read:logs", + "read:logs_users" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/client-grants", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "scope": [ + "read:logs", + "read:logs_users" + ] + }, + "statusCode": 201 + } + }, + "ip": "81.2.69.144", + "isMobile": false, + "log_id": "90020240308035905601176000000000000001223372052035100532", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "sapi", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "user_id": "github|32487232" + }, + "log_id": "90020240308035905601176000000000000001223372052035100532" + } + }, + { + "json": { + "data": { + "$event_schema": { + "version": "1.0.0" + }, + "_id": "90020240308035906742643000000000000001223372052035101088", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "date": "2024-03-08T03:59:06.700Z", + "description": "Get client by ID", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "get", + "path": "/api/v2/clients/MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl" + }, + "statusCode": 200 + } + }, + "ip": "81.2.69.144", + "isMobile": false, + "log_id": "90020240308035906742643000000000000001223372052035101088", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "mgmt_api_read", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "user_id": "github|32487232" + }, + "log_id": "90020240308035906742643000000000000001223372052035101088" + } + }, + { + "json": { + "data": { + "_id": "90020240308043029390629000000000000001223372052036013632", + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "client_name": "cel_test", + "connection_id": "", + "date": "2024-03-08T04:30:29.321Z", + "description": "", + "hostname": "dev-fulaoenaspapatoulp.us.auth0.com", + "ip": "216.160.83.56", + "isMobile": false, + "log_id": "90020240308043029390629000000000000001223372052036013632", + "scope": "read:logs read:logs_users", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "seccft", + "user_agent": "Other 0.0.0 / Other 0.0.0", + "user_id": "", + "user_name": "" + }, + "log_id": "90020240308043029390629000000000000001223372052036013632" + } + }, + { + "json": { + "data": { + "$event_schema": { + "version": "1.0.0" + }, + "_id": "90020240308043140198979000000000000001223372052036047895", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "client_name": "", + "date": "2024-03-08T04:31:40.136Z", + "description": "Update a client", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "allowed_clients": [], + "app_type": "non_interactive", + "callbacks": [], + "client_aliases": [], + "cross_origin_auth": false, + "cross_origin_loc": null, + "is_token_endpoint_ip_header_trusted": "*****", + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000 + }, + "name": "cel_test", + "oidc_conformant": true, + "refresh_token": "*****", + "token_endpoint_auth_method": "*****" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/clients/MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "query": {}, + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "allowed_clients": [], + "app_type": "non_interactive", + "callbacks": [], + "client_aliases": [], + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "client_secret": "*****", + "cross_origin_auth": false, + "custom_login_page_on": true, + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "is_token_endpoint_ip_header_trusted": "*****", + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000, + "secret_encoded": "*****" + }, + "name": "cel_test", + "oidc_conformant": true, + "refresh_token": "*****", + "sso_disabled": false, + "token_endpoint_auth_method": "*****" + }, + "statusCode": 200 + } + }, + "ip": "81.2.69.144", + "isMobile": false, + "log_id": "90020240308043140198979000000000000001223372052036047895", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "sapi", + "user_agent": "Firefox 125.0.0 / Arch 0.0.0", + "user_id": "github|32487232" + }, + "log_id": "90020240308043140198979000000000000001223372052036047895" + } + } + ] +} diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-pull-responses.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-pull-responses.json-expected.json new file mode 100644 index 000000000..87fb36004 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-pull-responses.json-expected.json @@ -0,0 +1,893 @@ +{ + "expected": [ + { + "@timestamp": "2024-03-08T03:53:28.106Z", + "auth0": { + "logs": { + "data": { + "classification": "Other", + "date": "2024-03-08T03:53:28.106Z", + "description": "Guardian - Updates tenant settings", + "details": { + "request": { + "auth": { + "scopes": [ + "read:authenticators", + "remove:authenticators", + "update:authenticators", + "create:authenticators", + "read:enrollments", + "delete:enrollments", + "read:factors", + "update:factors", + "update:tenant_settings", + "update:users", + "create:enrollment_tickets", + "create:users" + ], + "strategy": "jwt_api2_internal_token", + "subject": "github|32487232" + }, + "ip": "81.2.69.144", + "method": "PATCH", + "path": "/api/tenants/settings" + }, + "response": { + "body": { + "friendly_name": "[REDACTED]", + "guardian_mfa_page": "[REDACTED]", + "name": "dev-fulaoenaspapatoulp", + "picture_url": "[REDACTED]" + }, + "statusCode": 200 + } + }, + "is_mobile": false, + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "Guardian tenant update" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "guardian-tenant-update", + "category": [ + "authentication" + ], + "id": "90020240308035328208838000000000000001223372052034940964", + "kind": "event", + "outcome": "unknown", + "type": [ + "info" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "github|32487232" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Other 0.0.0 / Other 0.0.0" + } + }, + { + "@timestamp": "2024-03-08T03:53:28.286Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "date": "2024-03-08T03:53:28.286Z", + "description": "Update tenant settings", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3", + "scopes": [ + "create:actions", + "create:authentication_methods", + "create:client_credentials", + "create:client_grants", + "create:clients", + "create:connections", + "create:custom_domains", + "create:email_provider", + "create:email_templates", + "create:encryption_keys", + "create:guardian_enrollment_tickets", + "create:integrations", + "create:log_streams", + "create:organization_connections", + "create:organization_invitations", + "create:organization_member_roles", + "create:organization_members", + "create:organizations", + "create:phone_providers", + "create:phone_templates", + "create:requested_scopes", + "create:resource_servers", + "create:roles", + "create:rules", + "create:scim_config", + "create:scim_token", + "create:self_service_profiles", + "create:shields", + "create:signing_keys", + "create:tenant_invitations", + "create:test_email_dispatch", + "create:users", + "delete:actions", + "delete:anomaly_blocks", + "delete:authentication_methods", + "delete:branding", + "delete:client_credentials", + "delete:client_grants", + "delete:clients", + "delete:connections", + "delete:custom_domains", + "delete:device_credentials", + "delete:email_provider", + "delete:email_templates", + "delete:encryption_keys", + "delete:grants", + "delete:guardian_enrollments", + "delete:integrations", + "delete:log_streams", + "delete:organization_connections", + "delete:organization_invitations", + "delete:organization_member_roles", + "delete:organization_members", + "delete:organizations", + "delete:owners", + "delete:phone_providers", + "delete:phone_templates", + "delete:requested_scopes", + "delete:resource_servers", + "delete:roles", + "delete:rules", + "delete:rules_configs", + "delete:scim_config", + "delete:scim_token", + "delete:shields", + "delete:tenant_invitations", + "delete:tenant_members", + "delete:tenants", + "delete:users", + "read:actions", + "read:anomaly_blocks", + "read:attack_protection", + "read:authentication_methods", + "read:branding", + "read:checks", + "read:client_credentials", + "read:client_grants", + "read:client_keys", + "read:clients", + "read:connections", + "read:custom_domains", + "read:device_credentials", + "read:email_provider", + "read:email_templates", + "read:email_triggers", + "read:encryption_keys", + "read:entity_counts", + "read:grants", + "read:guardian_factors", + "read:insights", + "read:integrations", + "read:log_streams", + "read:logs", + "read:mfa_policies", + "read:organization_connections", + "read:organization_invitations", + "read:organization_member_roles", + "read:organization_members", + "read:organizations", + "read:phone_providers", + "read:phone_templates", + "read:prompts", + "read:requested_scopes", + "read:resource_servers", + "read:roles", + "read:rules", + "read:rules_configs", + "read:scim_config", + "read:scim_token", + "read:self_service_profiles", + "read:shields", + "read:signing_keys", + "read:stats", + "read:tenant_invitations", + "read:tenant_members", + "read:tenant_settings", + "read:triggers", + "read:users", + "run:checks", + "update:actions", + "update:attack_protection", + "update:authentication_methods", + "update:branding", + "update:client_credentials", + "update:client_grants", + "update:client_keys", + "update:clients", + "update:connections", + "update:custom_domains", + "update:email_provider", + "update:email_templates", + "update:email_triggers", + "update:encryption_keys", + "update:guardian_factors", + "update:integrations", + "update:log_streams", + "update:mfa_policies", + "update:organization_connections", + "update:organizations", + "update:phone_providers", + "update:phone_templates", + "update:prompts", + "update:requested_scopes", + "update:resource_servers", + "update:roles", + "update:rules", + "update:rules_configs", + "update:scim_config", + "update:self_service_profiles", + "update:shields", + "update:signing_keys", + "update:tenant_members", + "update:tenant_settings", + "update:triggers", + "update:users" + ] + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "flags": { + "dashboard_new_onboarding": false + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/tenants/settings", + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "enabled_locales": [ + "en" + ], + "flags": { + "allow_changing_enable_sso": false, + "cannot_change_enforce_client_authentication_on_passwordless_start": true, + "dashboard_new_onboarding": false, + "disable_clickjack_protection_headers": false, + "disable_impersonation": true, + "enable_sso": true, + "enforce_client_authentication_on_passwordless_start": true, + "revoke_refresh_token_grant": false, + "universal_login": true + }, + "oidc_logout": { + "rp_logout_end_session_endpoint_discovery": true + }, + "sandbox_version": "18" + }, + "statusCode": 200 + } + }, + "is_mobile": false, + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020240308035328377107000000000000001223372052034941034", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "github|32487232" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Firefox 125.0.0 / Arch 0.0.0" + } + }, + { + "@timestamp": "2024-03-08T03:59:05.059Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "date": "2024-03-08T03:59:05.059Z", + "description": "Create a client", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "app_type": "non_interactive", + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000 + }, + "name": "cel_test", + "oidc_conformant": true, + "token_endpoint_auth_method": "*****" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/clients", + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "app_type": "non_interactive", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "client_secret": "*****", + "cross_origin_auth": false, + "custom_login_page_on": true, + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "is_token_endpoint_ip_header_trusted": "*****", + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000, + "secret_encoded": "*****" + }, + "name": "cel_test", + "oidc_conformant": true, + "refresh_token": "*****", + "sso_disabled": false, + "token_endpoint_auth_method": "*****" + }, + "statusCode": 201 + } + }, + "is_mobile": false, + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020240308035905133220000000000000001223372052035100299", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "github|32487232" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Firefox 125.0.0 / Arch 0.0.0" + } + }, + { + "@timestamp": "2024-03-08T03:59:05.520Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "date": "2024-03-08T03:59:05.520Z", + "description": "Create client grant", + "details": { + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "scope": [ + "read:logs", + "read:logs_users" + ] + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "post", + "path": "/api/v2/client-grants", + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "scope": [ + "read:logs", + "read:logs_users" + ] + }, + "statusCode": 201 + } + }, + "is_mobile": false, + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020240308035905601176000000000000001223372052035100532", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "github|32487232" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Firefox 125.0.0 / Arch 0.0.0" + } + }, + { + "@timestamp": "2024-03-08T03:59:06.700Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "date": "2024-03-08T03:59:06.700Z", + "description": "Get client by ID", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "get", + "path": "/api/v2/clients/MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl" + }, + "statusCode": 200 + } + }, + "is_mobile": false, + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "API GET operation returning secrets completed successfully" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op-secrets-returned", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020240308035906742643000000000000001223372052035101088", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "github|32487232" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Firefox 125.0.0 / Arch 0.0.0" + } + }, + { + "@timestamp": "2024-03-08T04:30:29.321Z", + "auth0": { + "logs": { + "data": { + "audience": "https://dev-fulaoenaspapatoulp.us.auth0.com/api/v2/", + "classification": "Token Exchange - Success", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "client_name": "cel_test", + "date": "2024-03-08T04:30:29.321Z", + "hostname": "dev-fulaoenaspapatoulp.us.auth0.com", + "is_mobile": false, + "scope": "read:logs read:logs_users", + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "Successful exchange of Access Token for a Client Credentials Grant" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-access-token-for-client-cred-grant", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020240308043029390629000000000000001223372052036013632", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 209 + }, + "geo": { + "city_name": "Milton", + "continent_name": "North America", + "country_iso_code": "US", + "country_name": "United States", + "location": { + "lat": 47.2513, + "lon": -122.3149 + }, + "region_iso_code": "US-WA", + "region_name": "Washington" + }, + "ip": "216.160.83.56" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Other 0.0.0 / Other 0.0.0" + } + }, + { + "@timestamp": "2024-03-08T04:31:40.136Z", + "auth0": { + "logs": { + "data": { + "classification": "Management API - Success", + "client_id": "xZjM1MjUxOGVhYzYxNTAxZmE3NmI1MGIgIC", + "date": "2024-03-08T04:31:40.136Z", + "description": "Update a client", + "details": { + "accessedSecrets": [ + "client_secret" + ], + "request": { + "auth": { + "credentials": { + "jti": "e01983470586edb819c8c5d9967a63d3" + }, + "strategy": "jwt", + "user": { + "email": "user.mcuserface@company.com", + "name": "User McUserface", + "user_id": "github|32487232" + } + }, + "body": { + "app_type": "non_interactive", + "cross_origin_auth": false, + "is_token_endpoint_ip_header_trusted": "*****", + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000 + }, + "name": "cel_test", + "oidc_conformant": true, + "refresh_token": "*****", + "token_endpoint_auth_method": "*****" + }, + "channel": "https://manage.auth0.com/", + "ip": "81.2.69.144", + "method": "patch", + "path": "/api/v2/clients/MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "userAgent": "Mozilla/5.0 (X11; Arch; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" + }, + "response": { + "body": { + "app_type": "non_interactive", + "client_id": "MWNhMmRiOGY5MGIxNjE0ZTVmMjc0NDhl", + "client_secret": "*****", + "cross_origin_auth": false, + "custom_login_page_on": true, + "grant_types": [ + "client_credentials" + ], + "is_first_party": true, + "is_token_endpoint_ip_header_trusted": "*****", + "jwt_configuration": { + "alg": "RS256", + "lifetime_in_seconds": 36000, + "secret_encoded": "*****" + }, + "name": "cel_test", + "oidc_conformant": true, + "refresh_token": "*****", + "sso_disabled": false, + "token_endpoint_auth_method": "*****" + }, + "statusCode": 200 + } + }, + "is_mobile": false, + "tenant_name": "dev-fulaoenaspapatoulp", + "type": "Successful Management API operation" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-mgmt-api-op", + "category": [ + "authentication", + "web", + "iam" + ], + "id": "90020240308043140198979000000000000001223372052036047895", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "access", + "change" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "github|32487232" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "Firefox 125.0.0 / Arch 0.0.0" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-failure.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-failure.json new file mode 100644 index 000000000..bb2636db8 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-failure.json @@ -0,0 +1,78 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211103032053864115389799397018204192682338689220658", + "data": { + "date": "2021-11-03T03:20:52.800Z", + "type": "fs", + "description": "Password is too weak", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.145", + "user_agent": "unknown", + "details": { + "description": { + "rules": [ + { + "message": "At least %d characters in length", + "format": [ + 8 + ], + "code": "lengthAtLeast", + "verified": true + }, + { + "message": "Contain at least %d of the following %d types of characters:", + "code": "containsAtLeast", + "format": [ + 3, + 4 + ], + "items": [ + { + "message": "lower case letters (a-z)", + "code": "lowerCase", + "verified": true + }, + { + "message": "upper case letters (A-Z)", + "code": "upperCase", + "verified": false + }, + { + "message": "numbers (i.e. 0-9)", + "code": "numbers", + "verified": true + }, + { + "message": "special characters (e.g. !@#$%^\u0026*)", + "code": "specialCharacters", + "verified": false + } + ], + "verified": false + } + ], + "verified": false + }, + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "tenant": "dev-yoj8axza", + "email": "neo@test.com", + "password": "*****", + "connection": "Username-Password-Authentication" + } + }, + "user_id": "", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103032053864115389799397018204192682338689220658" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json new file mode 100644 index 000000000..42cc18be1 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json @@ -0,0 +1,125 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-03T03:20:52.800Z", + "auth0": { + "logs": { + "data": { + "classification": "Signup - Failure", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T03:20:52.800Z", + "description": "Password is too weak", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "neo@test.com", + "password": "*****", + "tenant": "dev-yoj8axza" + }, + "description": { + "rules": [ + { + "code": "lengthAtLeast", + "format": [ + 8 + ], + "message": "At least %d characters in length", + "verified": true + }, + { + "code": "containsAtLeast", + "format": [ + 3, + 4 + ], + "items": [ + { + "code": "lowerCase", + "message": "lower case letters (a-z)", + "verified": true + }, + { + "code": "upperCase", + "message": "upper case letters (A-Z)", + "verified": false + }, + { + "code": "numbers", + "message": "numbers (i.e. 0-9)", + "verified": true + }, + { + "code": "specialCharacters", + "message": "special characters (e.g. !@#$%^&*)", + "verified": false + } + ], + "message": "Contain at least %d of the following %d types of characters:", + "verified": false + } + ], + "verified": false + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "User signup failed" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "user-signup-failed", + "category": [ + "authentication", + "iam" + ], + "id": "90020211103032053864115389799397018204192682338689220658", + "kind": "event", + "outcome": "failure", + "type": [ + "info", + "creation", + "user" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "unknown" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-success.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-success.json new file mode 100644 index 000000000..26d3e58c6 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-success.json @@ -0,0 +1,154 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211103032120540334468831529038137311930506436149346", + "data": { + "date": "2021-11-03T03:21:19.503Z", + "type": "ss", + "description": "", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.144", + "user_agent": "unknown", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "tenant": "dev-yoj8axza", + "email": "neo@test.com", + "password": "*****", + "connection": "Username-Password-Authentication" + } + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103032120540334468831529038137311930506436149346" + } + } + }, + { + "json": { + "log_id": "90020211103055237748223355541577974202326273882155122754", + "data": { + "date": "2021-11-03T05:52:36.705Z", + "type": "ss", + "description": "", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "89.160.20.112", + "user_agent": "unknown", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "tenant": "dev-yoj8axza", + "email": "dev@test.com", + "password": "*****", + "connection": "Username-Password-Authentication" + } + }, + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103055237748223355541577974202326273882155122754" + } + } + }, + { + "json": { + "log_id": "90020211103065553011334483867488309006560902529568211042", + "data": { + "date": "2021-11-03T06:55:51.962Z", + "type": "ss", + "description": "", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.145", + "user_agent": "unknown", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "tenant": "dev-yoj8axza", + "email": "new@test.com", + "password": "*****", + "connection": "Username-Password-Authentication" + } + }, + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103065553011334483867488309006560902529568211042" + } + } + }, + { + "json": { + "log_id": "90020211103065710326106766380077151802848491224701075538", + "data": { + "date": "2021-11-03T06:57:09.282Z", + "type": "ss", + "description": "", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.145", + "user_agent": "unknown", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "tenant": "dev-yoj8axza", + "email": "neo@test.com", + "password": "*****", + "connection": "Username-Password-Authentication" + } + }, + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211103065710326106766380077151802848491224701075538" + } + } + }, + { + "json": { + "log_id": "90020211104002502463115418621740818569342603360399786034", + "data": { + "date": "2021-11-04T00:25:01.385Z", + "type": "ss", + "description": "", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.144", + "user_agent": "unknown", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "tenant": "dev-yoj8axza", + "email": "neo.theone@gmail.com", + "password": "*****", + "connection": "Username-Password-Authentication" + } + }, + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211104002502463115418621740818569342603360399786034" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json new file mode 100644 index 000000000..243ef6e7b --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json @@ -0,0 +1,380 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-03T03:21:19.503Z", + "auth0": { + "logs": { + "data": { + "classification": "Other", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T03:21:19.503Z", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "neo@test.com", + "password": "*****", + "tenant": "dev-yoj8axza" + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Success Signup" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-signup", + "category": [ + "authentication" + ], + "id": "90020211103032120540334468831529038137311930506436149346", + "kind": "event", + "outcome": "unknown", + "type": [ + "info" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "unknown" + } + }, + { + "@timestamp": "2021-11-03T05:52:36.705Z", + "auth0": { + "logs": { + "data": { + "classification": "Other", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T05:52:36.705Z", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "dev@test.com", + "password": "*****", + "tenant": "dev-yoj8axza" + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Success Signup" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-signup", + "category": [ + "authentication" + ], + "id": "90020211103055237748223355541577974202326273882155122754", + "kind": "event", + "outcome": "unknown", + "type": [ + "info" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "unknown" + } + }, + { + "@timestamp": "2021-11-03T06:55:51.962Z", + "auth0": { + "logs": { + "data": { + "classification": "Other", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T06:55:51.962Z", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "new@test.com", + "password": "*****", + "tenant": "dev-yoj8axza" + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Success Signup" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-signup", + "category": [ + "authentication" + ], + "id": "90020211103065553011334483867488309006560902529568211042", + "kind": "event", + "outcome": "unknown", + "type": [ + "info" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "unknown" + } + }, + { + "@timestamp": "2021-11-03T06:57:09.282Z", + "auth0": { + "logs": { + "data": { + "classification": "Other", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T06:57:09.282Z", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "neo@test.com", + "password": "*****", + "tenant": "dev-yoj8axza" + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Success Signup" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-signup", + "category": [ + "authentication" + ], + "id": "90020211103065710326106766380077151802848491224701075538", + "kind": "event", + "outcome": "unknown", + "type": [ + "info" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "unknown" + } + }, + { + "@timestamp": "2021-11-04T00:25:01.385Z", + "auth0": { + "logs": { + "data": { + "classification": "Other", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-04T00:25:01.385Z", + "details": { + "body": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "neo.theone@gmail.com", + "password": "*****", + "tenant": "dev-yoj8axza" + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Success Signup" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-signup", + "category": [ + "authentication" + ], + "id": "90020211104002502463115418621740818569342603360399786034", + "kind": "event", + "outcome": "unknown", + "type": [ + "info" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144" + }, + "user": { + "id": "auth0|6183285d6e5071006a61f319", + "name": "neo.theone@gmail.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "unknown" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json new file mode 100644 index 000000000..b1130a3a5 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json @@ -0,0 +1,466 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211104001514276223441402873466602396154780480176194", + "data": { + "date": "2021-11-04T00:15:10.907Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************VM-" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "log_id": "90020211104001514276223441402873466602396154780480176194" + } + } + }, + { + "json": { + "log_id": "90020211103032533223115389920819109674646826560562135090", + "data": { + "date": "2021-11-03T03:25:29.382Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************JEu" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "log_id": "90020211103032533223115389920819109674646826560562135090" + } + } + }, + { + "json": { + "log_id": "90020211103055356921223355655001812450210017671557152834", + "data": { + "date": "2021-11-03T05:53:54.714Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************Rqs" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "log_id": "90020211103055356921223355655001812450210017671557152834" + } + } + }, + { + "json": { + "log_id": "90020211103055417070115394218610844695634887352363515954", + "data": { + "date": "2021-11-03T05:54:15.863Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************VcE" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "log_id": "90020211103055417070115394218610844695634887352363515954" + } + } + }, + { + "json": { + "log_id": "90020211103070025453223361339703470878590694285033603138", + "data": { + "date": "2021-11-03T07:00:21.161Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************q12" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103070025453223361339703470878590694285033603138" + } + } + }, + { + "json": { + "log_id": "90020211103081329169106767059161007825876379053011763282", + "data": { + "date": "2021-11-03T08:13:24.290Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************Zhk" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "log_id": "90020211103081329169106767059161007825876379053011763282" + } + } + }, + { + "json": { + "log_id": "90020211103081747834106767097563745411754707146353147986", + "data": { + "date": "2021-11-03T08:17:46.184Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************upP" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103081747834106767097563745411754707146353147986" + } + } + }, + { + "json": { + "log_id": "90020211103082505159223368972684592755695916615263584322", + "data": { + "date": "2021-11-03T08:25:00.234Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************frS" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103082505159223368972684592755695916615263584322" + } + } + }, + { + "json": { + "log_id": "90020211103082528115223369008130297786796845598196629570", + "data": { + "date": "2021-11-03T08:25:23.077Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************6z4" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "log_id": "90020211103082528115223369008130297786796845598196629570" + } + } + }, + { + "json": { + "log_id": "90020211103085744439115398741355869453054444297355526194", + "data": { + "date": "2021-11-03T08:57:43.955Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************gq4" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "log_id": "90020211103085744439115398741355869453054444297355526194" + } + } + }, + { + "json": { + "log_id": "90020211103085843618106767481997320345928494961253154898", + "data": { + "date": "2021-11-03T08:58:41.378Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************vaC" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "log_id": "90020211103085843618106767481997320345928494961253154898" + } + } + }, + { + "json": { + "log_id": "90020211103102326019106768307491764530844927445776203858", + "data": { + "date": "2021-11-03T10:23:21.308Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************mVU" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "log_id": "90020211103102326019106768307491764530844927445776203858" + } + } + }, + { + "json": { + "log_id": "90020211103103606684106768432065525613034443117615382610", + "data": { + "date": "2021-11-03T10:36:01.665Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************OLf" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "log_id": "90020211103103606684106768432065525613034443117615382610" + } + } + }, + { + "json": { + "log_id": "90020211103103728977106768445800131849676250806449340498", + "data": { + "date": "2021-11-03T10:37:24.933Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************P8g" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com", + "log_id": "90020211103103728977106768445800131849676250806449340498" + } + } + }, + { + "json": { + "log_id": "90020211103104330288223383260091503229401565368577687618", + "data": { + "date": "2021-11-03T10:43:25.246Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************HTC" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103104330288223383260091503229401565368577687618" + } + } + }, + { + "json": { + "log_id": "90020211103105137698223384111124505353676723471492579394", + "data": { + "date": "2021-11-03T10:51:33.221Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************0wG" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "log_id": "90020211103105137698223384111124505353676723471492579394" + } + } + }, + { + "json": { + "log_id": "90020211103105337123223384318518147560205595828304216130", + "data": { + "date": "2021-11-03T10:53:33.520Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************bBO" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|61823277a44a21007221a59a", + "user_name": "new@test.com", + "log_id": "90020211103105337123223384318518147560205595828304216130" + } + } + }, + { + "json": { + "log_id": "90020211103221641308223432165971774216334598458560217154", + "data": { + "date": "2021-11-03T22:16:38.865Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************vzq" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618232c562bac1006935a7af", + "user_name": "neo@test.com", + "log_id": "90020211103221641308223432165971774216334598458560217154" + } + } + }, + { + "json": { + "log_id": "90020211104001514276223441402873466602396154780480176194", + "data": { + "date": "2021-11-04T00:15:10.907Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************VM-" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|618223a4e3f49e006948565c", + "user_name": "dev@test.com", + "log_id": "90020211104001514276223441402873466602396154780480176194" + } + } + }, + { + "json": { + "log_id": "90020211104011631432334548139276348032705599973097472098", + "data": { + "date": "2021-11-04T01:16:26.371Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************6hm" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "log_id": "90020211104011631432334548139276348032705599973097472098" + } + } + }, + { + "json": { + "log_id": "90020211104011631432334548139276348032705599973097472098", + "data": { + "date": "2021-11-04T01:16:26.371Z", + "type": "seacft", + "description": "", + "connection_id": "", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "ip": "81.2.69.143", + "user_agent": "Go-http-client/2.0", + "details": { + "code": "******************************************6hm" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "neo.theone@gmail.com", + "log_id": "90020211104011631432334548139276348032705599973097472098" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json new file mode 100644 index 000000000..55aa0de56 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json @@ -0,0 +1,1474 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-04T00:15:10.907Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-04T00:15:10.907Z", + "details": { + "code": "******************************************VM-" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211104001514276223441402873466602396154780480176194", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T03:25:29.382Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T03:25:29.382Z", + "details": { + "code": "******************************************JEu" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103032533223115389920819109674646826560562135090", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T05:53:54.714Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T05:53:54.714Z", + "details": { + "code": "******************************************Rqs" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103055356921223355655001812450210017671557152834", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T05:54:15.863Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T05:54:15.863Z", + "details": { + "code": "******************************************VcE" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103055417070115394218610844695634887352363515954", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T07:00:21.161Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T07:00:21.161Z", + "details": { + "code": "******************************************q12" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103070025453223361339703470878590694285033603138", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T08:13:24.290Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:13:24.290Z", + "details": { + "code": "******************************************Zhk" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103081329169106767059161007825876379053011763282", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T08:17:46.184Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:17:46.184Z", + "details": { + "code": "******************************************upP" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103081747834106767097563745411754707146353147986", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T08:25:00.234Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:25:00.234Z", + "details": { + "code": "******************************************frS" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103082505159223368972684592755695916615263584322", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T08:25:23.077Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:25:23.077Z", + "details": { + "code": "******************************************6z4" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103082528115223369008130297786796845598196629570", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T08:57:43.955Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:57:43.955Z", + "details": { + "code": "******************************************gq4" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103085744439115398741355869453054444297355526194", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T08:58:41.378Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T08:58:41.378Z", + "details": { + "code": "******************************************vaC" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103085843618106767481997320345928494961253154898", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T10:23:21.308Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T10:23:21.308Z", + "details": { + "code": "******************************************mVU" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103102326019106768307491764530844927445776203858", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T10:36:01.665Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T10:36:01.665Z", + "details": { + "code": "******************************************OLf" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103103606684106768432065525613034443117615382610", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T10:37:24.933Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T10:37:24.933Z", + "details": { + "code": "******************************************P8g" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103103728977106768445800131849676250806449340498", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T10:43:25.246Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T10:43:25.246Z", + "details": { + "code": "******************************************HTC" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103104330288223383260091503229401565368577687618", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T10:51:33.221Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T10:51:33.221Z", + "details": { + "code": "******************************************0wG" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103105137698223384111124505353676723471492579394", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T10:53:33.520Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T10:53:33.520Z", + "details": { + "code": "******************************************bBO" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103105337123223384318518147560205595828304216130", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|61823277a44a21007221a59a", + "name": "new@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-03T22:16:38.865Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-03T22:16:38.865Z", + "details": { + "code": "******************************************vzq" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211103221641308223432165971774216334598458560217154", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618232c562bac1006935a7af", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-04T00:15:10.907Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-04T00:15:10.907Z", + "details": { + "code": "******************************************VM-" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211104001514276223441402873466602396154780480176194", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|618223a4e3f49e006948565c", + "name": "dev@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-04T01:16:26.371Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-04T01:16:26.371Z", + "details": { + "code": "******************************************6hm" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211104011631432334548139276348032705599973097472098", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6183285d6e5071006a61f319", + "name": "neo.theone@gmail.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + }, + { + "@timestamp": "2021-11-04T01:16:26.371Z", + "auth0": { + "logs": { + "data": { + "classification": "Token Exchange - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "date": "2021-11-04T01:16:26.371Z", + "details": { + "code": "******************************************6hm" + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "type": "Successful exchange of Authorization Code for Access Token" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "success-exchange-auth-code-for-access-token", + "category": [ + "authentication", + "network", + "web" + ], + "id": "90020211104011631432334548139276348032705599973097472098", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "protocol", + "access" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6183285d6e5071006a61f319", + "name": "neo.theone@gmail.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Go-http-client", + "original": "Go-http-client/2.0", + "version": "2.0" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json new file mode 100644 index 000000000..87bfa39a6 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json @@ -0,0 +1,42 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211103032124567106763774271397546463625120084656210", + "data": { + "date": "2021-11-03T03:21:19.527Z", + "type": "fn", + "description": "To: neo@test.com", + "connection": "Username-Password-Authentication", + "connection_id": "", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "details": { + "email_type": "verify_email", + "to": "neo@test.com", + "error": "the domain is blacklisted" + }, + "log_id": "90020211103032124567106763774271397546463625120084656210" + } + } + }, + { + "json": { + "log_id": "90020211103055241795106765770073734964239792488279179346", + "data": { + "date": "2021-11-03T05:52:36.722Z", + "type": "fn", + "description": "To: dev@test.com", + "connection": "Username-Password-Authentication", + "connection_id": "", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "details": { + "email_type": "verify_email", + "to": "dev@test.com", + "error": "the domain is blacklisted" + }, + "log_id": "90020211103055241795106765770073734964239792488279179346" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json new file mode 100644 index 000000000..39f6db477 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json @@ -0,0 +1,80 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-03T03:21:19.527Z", + "auth0": { + "logs": { + "data": { + "classification": "User/Behavioral - Failure", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "date": "2021-11-03T03:21:19.527Z", + "description": "To: neo@test.com", + "details": { + "email_type": "verify_email", + "error": "the domain is blacklisted", + "to": "neo@test.com" + }, + "type": "Failed to send email notification" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "failed-to-send-email-notification", + "category": [ + "authentication" + ], + "id": "90020211103032124567106763774271397546463625120084656210", + "kind": "event", + "outcome": "failure", + "type": [ + "info" + ] + }, + "log": { + "level": "error" + } + }, + { + "@timestamp": "2021-11-03T05:52:36.722Z", + "auth0": { + "logs": { + "data": { + "classification": "User/Behavioral - Failure", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "date": "2021-11-03T05:52:36.722Z", + "description": "To: dev@test.com", + "details": { + "email_type": "verify_email", + "error": "the domain is blacklisted", + "to": "dev@test.com" + }, + "type": "Failed to send email notification" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "failed-to-send-email-notification", + "category": [ + "authentication" + ], + "id": "90020211103055241795106765770073734964239792488279179346", + "kind": "event", + "outcome": "failure", + "type": [ + "info" + ] + }, + "log": { + "level": "error" + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json new file mode 100644 index 000000000..f27786040 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json @@ -0,0 +1,43 @@ +{ + "events": [ + { + "json": { + "log_id": "90020211104002646275334544781046043980552751708637233250", + "data": { + "date": "2021-11-04T00:26:45.208Z", + "type": "sv", + "description": "Your email was verified. You can continue using the application.", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "ip": "81.2.69.143", + "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:93.0) Gecko/20100101 Firefox/93.0", + "details": { + "title": "Email Verification", + "email": "monklinux5@gmail.com", + "body": { + "ticket": "0Mv2ahpY1NemCgOEgqoILAsGGhc7mMNK", + "tenant": "dev-yoj8axza" + }, + "query": { + "email": "monklinux5@gmail.com", + "user_id": "auth0|6183285d6e5071006a61f319", + "tenant": "dev-yoj8axza", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "idp_user_id": null, + "resultUrl": null, + "includeEmailInRedirect": false + } + }, + "user_id": "auth0|6183285d6e5071006a61f319", + "user_name": "monklinux5@gmail.com", + "strategy": "auth0", + "strategy_type": "database", + "log_id": "90020211104002646275334544781046043980552751708637233250" + } + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json new file mode 100644 index 000000000..db588ef37 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json @@ -0,0 +1,94 @@ +{ + "expected": [ + { + "@timestamp": "2021-11-04T00:26:45.208Z", + "auth0": { + "logs": { + "data": { + "classification": "User/Behavioral - Success", + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "client_name": "All Applications", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-04T00:26:45.208Z", + "description": "Your email was verified. You can continue using the application.", + "details": { + "body": { + "tenant": "dev-yoj8axza", + "ticket": "0Mv2ahpY1NemCgOEgqoILAsGGhc7mMNK" + }, + "email": "monklinux5@gmail.com", + "query": { + "client_id": "360yuN1BXP4u3tBChK5VOgekgGJ7CwLL", + "connection": "Username-Password-Authentication", + "email": "monklinux5@gmail.com", + "includeEmailInRedirect": false, + "tenant": "dev-yoj8axza", + "user_id": "auth0|6183285d6e5071006a61f319" + }, + "title": "Email Verification" + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Sent verification email" + } + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "sent-verification-email", + "category": [ + "authentication", + "iam" + ], + "id": "90020211104002646275334544781046043980552751708637233250", + "kind": "event", + "outcome": "success", + "type": [ + "info", + "user" + ] + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "user": { + "id": "auth0|6183285d6e5071006a61f319", + "name": "monklinux5@gmail.com" + }, + "user_agent": { + "device": { + "name": "Mac" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "full": "Mac OS X 10.15", + "name": "Mac OS X", + "version": "10.15" + }, + "version": "93.0." + } + } + ] +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-cel-config.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-cel-config.yml new file mode 100644 index 000000000..8fc7d8821 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-cel-config.yml @@ -0,0 +1,13 @@ +input: cel +service: auth0-http-server +data_stream: + vars: + url: http://{{Hostname}}:{{Port}} + client_id: wwwwwwww + client_secret: xxxxxxxx + interval: 10s + batch_size: 1 + preserve_original_event: true + enable_request_tracer: true +assert: + hit_count: 2 diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-http-config.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-http-config.yml new file mode 100644 index 000000000..c23880262 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-http-config.yml @@ -0,0 +1,11 @@ +service: auth0-webhook-http +service_notify_signal: SIGHUP +input: http_endpoint +policy_template: auth0_events +data_stream: + vars: + listen_address: 0.0.0.0 + listen_port: 8383 + url: /auth0/logs + secret_value: abc123 + preserve_original_event: true diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-https-config.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-https-config.yml new file mode 100644 index 000000000..5744a7537 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/_dev/test/system/test-auth0-https-config.yml @@ -0,0 +1,62 @@ +service: auth0-webhook-https +service_notify_signal: SIGHUP +input: http_endpoint +policy_template: auth0_events +data_stream: + vars: + listen_address: 0.0.0.0 + listen_port: 8384 + preserve_original_event: true + url: /auth0/logs + secret_value: abc123 + ssl: |- + certificate: | + -----BEGIN CERTIFICATE----- + MIIDJjCCAg6gAwIBAgIRAO76bP2QhJVqbLjcsWD6gkUwDQYJKoZIhvcNAQELBQAw + JjEkMCIGA1UEChMbVEVTVCAtIEVsYXN0aWMgSW50ZWdyYXRpb25zMB4XDTIxMDIw + MjE2NTUzOVoXDTQxMDEyODE2NTUzOVowJjEkMCIGA1UEChMbVEVTVCAtIEVsYXN0 + aWMgSW50ZWdyYXRpb25zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + vUs3YgX4RnEKzSyqH599ffHMDidw3JUTNzp/alRByiGN2gnC2YLLeB8gbZHn2Xkl + YCET1oUrVmPAijwV2RzPYwIn0kIh4zVOKO7+RDCCrgq8CgIG1xZyUhMF3uwn868r + SmX5FZ3T3/max51EsAJmzawef1TqrQRdEKxuPBQs/4qWaYeQCeYeZBVcg2b8CUmg + 3w1lB072Xzt7cJUp8FU1s7U9Hfgg2Dslh9+DSVX0yoqwN8Ynw4FXMSyqAu/OdBbG + aidOR6YjlKx3OSUUYsuB7q3XDyigb6Va7W737QTLIhtEb56l4E0iO4jDT41LaYyw + vRpWegfvHoFBHXbXT6AxtQIDAQABo08wTTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l + BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAYBgNVHREEETAPgg1lbGFzdGlj + LWFnZW50MA0GCSqGSIb3DQEBCwUAA4IBAQAcFeQS0QtPFpGMQ55NO+ycsXAsYZsJ + XvdUMoGygkkbrUQXmQbMMSMPGAGdMfc9V6BMA8x6JgGyKZBcIN/RTkBKjpXFwL03 + su+9liQnIMbYFvBfc1HDjAN5u2HpMdH0sCOe0W4XF5r6n8Q+6WuCl51HND6ObsyR + nU/7PySQ6Bv2PftPI1LMFeLsmgQsCJ/z8jcP4oW4PtgyK7vb+NWGLzRnkgaHYqh3 + oT7VnxPZQtWBJQa2LJhcp+u5k2Y6PipAyh4mCm/IRr1UHpGT/qBGnaUC+DRWd/pk + T4UnmUgq6eJL4IY+v/wpUPS+uHVtFhPSvRp+5hhicuK1YN4Ug/qKirVs + -----END CERTIFICATE----- + key: | + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9SzdiBfhGcQrN + LKofn3198cwOJ3DclRM3On9qVEHKIY3aCcLZgst4HyBtkefZeSVgIRPWhStWY8CK + PBXZHM9jAifSQiHjNU4o7v5EMIKuCrwKAgbXFnJSEwXe7CfzrytKZfkVndPf+ZrH + nUSwAmbNrB5/VOqtBF0QrG48FCz/ipZph5AJ5h5kFVyDZvwJSaDfDWUHTvZfO3tw + lSnwVTWztT0d+CDYOyWH34NJVfTKirA3xifDgVcxLKoC7850FsZqJ05HpiOUrHc5 + JRRiy4HurdcPKKBvpVrtbvftBMsiG0RvnqXgTSI7iMNPjUtpjLC9GlZ6B+8egUEd + dtdPoDG1AgMBAAECggEAP2ks+ldJnj9MAQNPUhyZa1FOrAcmVZ5Su5OLD1F+YHnx + DPNsJHUeN/UlZc8UvdNJY/RwstIVfHEaFLSgFQUDrAUS1ep1c6ltr2SwJKOjgy3x + Y+Dd7buFPF1HADBYCdfKRrf2QvmF+mehI/FZCyUizw8zgDAwFRl7G5THsLSJhmiQ + wDc9WbPFLyswtmeKoAqMiHHqV63PtJunqvGbrDTHh9f4P5JVtreMoPWzE9czQ2ZI + 5nBHOFP/EA6twyRalqOsm3XoFmyrWMmJtm/JJsDlGr/LZcVbtghxybEYo8p/VLpo + JmBSJgM17rwGhniDWXWXXOfx2fkNZEhVIeGvZYJRgQKBgQDOHnepihIu650pTfRD + fcUyPN9oYLzI2mwv70H3FzJQftt3pqmWhlX2adaXYJ65/8xwr6SmkHmYjTvfuCoT + SFApzv9fnYcD6vCsk5AhLpbarWR3MEU1SCvaiFuRNrdTcR8MGSglWPLLVXCI6f/g + F9kZ/Ngz7MkvD2bNT/WjNj3LMQKBgQDrGmPo0gvfk+QoFtL05+dDDrB2IxUokdqa + RzdecC8wV01l8lIj4TDqo7W1wwxdEUvCbUYriE2BoXi1v3jF+wfluqJOL30Ex5kb + UO5At+DWakxzgy3v0F32AOZRISAGMdbrNFaLpjD9t9NGbL8kiestfs2QuTISHJwU + fD47jFDlxQKBgHrczGVh6O7RAVByqCxm1tnYUS8torpzAFQeYQrBZ/t1cqrCzInu + L2V/tytqq5KheKKfAB1NNz4IyezUITh3PVl+itja1HUwYR/todc1pzRYcO9e9ZIK + ICHWcAaCQArb/i6+/CAvAiLUHg1utlhEvuNvxQxGk7Gak6PEit4r4e+xAoGBAIOR + rT/p7IMefJyCyWQNM7qvScmTMJAXr8KPAEl1drMS6FmZFqbFq15kZ5hko1KiD0er + Z42NJfLZrnfnw2roZS8HFzWyFcDLAr/qtqq5PLZBnq82RkrizPKS5lGYvBc7ZQ8T + pytXwir66N2MlhuYo2g+gkPvoDnKkP5V2W3xxIQRAoGBAIDayGKqE1iZwF72R0xQ + Vg8y2x9JoxY1lDGA8oLzYKcp7OslI6sPhv/NGnkQBwV964dcffnn6dezFyKKBGir + DSiM9duWTttlzzUhUQMHCua2z/LXjz1XMb0LoSEOVdk00TDgRMSFhBLhr3ZXmoLb + Iqi7is4z2mP8pbcIIlmloogE + -----END PRIVATE KEY----- + verification_mode: none diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/agent/stream/cel.yml.hbs b/test/packages/parallel/auth0_logsdb/data_stream/logs/agent/stream/cel.yml.hbs new file mode 100644 index 000000000..5c2c4ec93 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/agent/stream/cel.yml.hbs @@ -0,0 +1,135 @@ +config_version: 2 +interval: {{interval}} +{{#if enable_request_tracer}} +resource.tracer.filename: "../../logs/cel/http-request-trace-*.ndjson" +request.tracer.maxbackups: 5 +{{/if}} +{{#if proxy_url}} +resource.proxy_url: {{proxy_url}} +{{/if}} +{{#if ssl}} +resource.ssl: {{ssl}} +{{/if}} +{{#if http_client_timeout}} +resource.timeout: {{http_client_timeout}} +{{/if}} +resource.url: {{url}} +state: + client_id: {{client_id}} + client_secret: {{client_secret}} + look_back: {{initial_interval}} + want_more: false + take: {{batch_size}} +redact: + fields: + - client_secret +program: | + state.with( + post(state.url.trim_right("/") + "/oauth/token", "application/json", { + "client_id": state.client_id, + "client_secret": state.client_secret, + "audience": state.url.trim_right("/") + "/api/v2/", + "grant_type": "client_credentials", + }.encode_json()).as(auth_resp, auth_resp.StatusCode != 200 ? + { + "events": { + "error": { + "code": string(auth_resp.StatusCode), + "id": string(auth_resp.Status), + "message": "POST:"+( + size(auth_resp.Body) != 0 ? + string(auth_resp.Body) + : + string(auth_resp.Status) + ' (' + string(auth_resp.StatusCode) + ')' + ), + }, + }, + "want_more": false, + } + : + { + "Body": bytes(auth_resp.Body).decode_json(), + } + ).as(token, has(token.events) ? token : + get_request( + state.?next.orValue( + has(state.?cursor.next) ? + // Use the cursor next rel link if it exists. + state.cursor.next.parse_url().as(next, next.with({ + // The next rel link includes the take parameter which the + // user may have changed, so replace it with the config's + // value. + "RawQuery": next.RawQuery.parse_query().with({ + ?"take": has(state.take) ? + optional.of([string(state.take)]) + : + optional.none(), + }).format_query() + }).format_url()) + : + // Otherwise construct a next rel-ish link to look back. + state.url.trim_right("/") + "/api/v2/logs?" + { + ?"take": has(state.take) ? + optional.of([string(state.take)]) + : + optional.none(), + ?"from": has(state.look_back) ? + // Format a relative timestamp into a log ID. + optional.of(["900" + (now-duration(state.look_back)).format("20060102150405") + "000000000000000000000000000000000000000"]) + : + optional.none(), + }.format_query() + ) + ).with({ + "Header": { + "Authorization": [token.?Body.token_type.orValue("Bearer") + " " + token.?Body.access_token.orValue("MISSING")], + "Accept": ["application/json"], + } + }).do_request().as(resp, resp.StatusCode != 200 ? + { + "events": { + "error": { + "code": string(resp.StatusCode), + "id": string(resp.Status), + "message": "GET:"+( + size(resp.Body) != 0 ? + string(resp.Body) + : + string(resp.Status) + ' (' + string(resp.StatusCode) + ')' + ), + }, + }, + "want_more": false, + } + : + { + "Body": bytes(resp.Body).decode_json(), + ?"next": resp.Header.?Link[0].orValue("").as(next, next.split(";").as(attrs, attrs.exists(attr, attr.contains('rel="next"')) ? + attrs.map(attr, attr.matches("^'))[?0] + : + optional.none() + )), + }.as(result, result.with({ + "events": result.Body.map(e, {"json": {"log_id": e.log_id, "data": e}}), + "cursor": { + ?"next": result.?next, + }, + "want_more": has(result.next) && size(result.Body) != 0, + })).drop("Body") + ) + ) + ) +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/agent/stream/http_endpoint.yml.hbs b/test/packages/parallel/auth0_logsdb/data_stream/logs/agent/stream/http_endpoint.yml.hbs new file mode 100644 index 000000000..1203728f1 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/agent/stream/http_endpoint.yml.hbs @@ -0,0 +1,41 @@ +type: http_endpoint +enabled: true +prefix: json + +{{#if listen_address}} +listen_address: {{listen_address}} +{{/if}} +{{#if listen_port}} +listen_port: {{listen_port}} +{{/if}} +{{#if url}} +url: {{url}} +{{/if}} + +{{#if secret_value}} +secret.header: Authorization +secret.value: "{{secret_value}}" +{{/if}} + +{{#if ssl}} +ssl: {{ssl}} +{{/if}} + +{{#if preserve_original_event}} +preserve_original_event: true +{{/if}} + +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 000000000..f83dccef5 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,1115 @@ +--- +description: Pipeline for processing Auth0 log stream events +processors: +- set: + field: ecs.version + value: '8.11.0' +- set: + field: auth0.logs.data + copy_from: json.data +- date: + field: auth0.logs.data.date + formats: + - ISO8601 +- set: + field: log.level + value: info +- set: + field: log.level + value: error + if: ctx?.auth0?.logs?.data?.details?.error != null +- set: + field: source.ip + copy_from: auth0.logs.data.ip + if: ctx?.auth0?.logs?.data?.ip != null +- rename: + field: auth0.logs.data.isMobile + target_field: auth0.logs.data.is_mobile + ignore_missing: true + ignore_failure: true +# IP Geolocation Lookup +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + if: 'ctx.source?.geo == null && ctx?.source?.ip != null' +# IP Autonomous System (AS) Lookup +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + if: ctx?.source?.ip != null +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: network.type + value: ipv6 + if: 'ctx.source?.ip != null && ctx.source?.ip.contains(":")' +- set: + field: network.type + value: ipv4 + if: 'ctx.network?.type == null && ctx.source?.ip != null' +- set: + field: user.name + copy_from: auth0.logs.data.user_name + if: 'ctx?.auth0?.logs?.data?.user_name != null' +- set: + field: user.id + copy_from: auth0.logs.data.user_id + if: 'ctx?.auth0?.logs?.data?.user_id != null' +- user_agent: + field: auth0.logs.data.user_agent + ignore_missing: true +- set: + field: event.id + copy_from: auth0.logs.data.log_id + if: 'ctx?.auth0?.logs?.data?.log_id != null' +## +# Event kind, code and action +## +- set: + field: event.kind + value: event +- append: + field: event.category + value: authentication +- script: + lang: painless + description: Sets event type, category and action based on type + if: ctx?.auth0?.logs?.data?.type != null + params: + actions: + f: + classification: "Login - Failure" + value: "Failed login" + type: + - info + action: failed-login + fc: + classification: "Login - Failure" + value: "Failed connector login" + type: + - info + action: failed-connector-login + fco: + classification: "Login - Failure" + value: "Origin is not in the application's Allowed Origins list" + type: + - info + action: origin-not-allowed + fcoa: + classification: "Login - Failure" + value: "Failed cross-origin authentication" + type: + - info + action: failed-cross-origin-authentication + fens: + classification: "Login - Failure" + value: "Failed native social login" + type: + - info + action: failed-native-social-login + fp: + classification: "Login - Failure" + value: "Incorrect password" + type: + - info + action: incorrect-password + fu: + classification: "Login - Failure" + value: "Invalid email or username" + type: + - info + - indicator + category: + - threat + action: invalid-username-or-email + w: + classification: "Login - Notification" + value: "Warnings during login" + type: + - info + - indicator + category: + - threat + action: warnings-during-login + s: + classification: "Login - Success" + value: "Successful login" + type: + - info + - start + category: + - session + action: successful-login + scoa: + classification: "Login - Success" + value: "Successful cross-origin authentication" + type: + - info + - start + category: + - session + action: successful-cross-origin-authentication + sens: + classification: "Login - Success" + value: "Successful native social login" + type: + - info + - start + category: + - session + action: successful-native-social-login + flo: + classification: "Logout - Failure" + value: "User logout failed" + type: + - info + category: + - session + action: user-logout-failed + slo: + classification: "Logout - Success" + value: "User successfully logged out" + type: + - info + - end + category: + - session + action: user-logout-successful + fs: + classification: "Signup - Failure" + value: "User signup failed" + type: + - info + - creation + - user + category: + - iam + action: user-signup-failed + fsa: + classification: "Silent Authentication - Failure" + value: "Failed silent authentication" + type: + - info + - indicator + category: + - threat + action: failed-silent-authentication + ssa: + classification: "Silent Authentication - Success" + value: "Successful silent authentication" + type: + - info + action: successful-silent-authentication + feacft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Authorization Code for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-auth-code-for-access-token + feccft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Access Token for a Client Credentials Grant" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-access-token-for-client-cred-grant + fede: + classification: "Token Exchange - Failure" + value: "Failed exchange of Device Code for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-device-code-for-access-token + feoobft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Password and OOB Challenge for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-password-oob-challenge-for-access-token + feotpft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Password and OTP Challenge for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-password-otp-challenge-for-access-token + fepft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Password for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-password-for-access-token + fepotpft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Passwordless OTP for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-passwordless-otp-for-access-token + fercft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Password and MFA Recovery code for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-password-mfa-recovery-code-for-access-token + ferrt: + classification: "Token Exchange - Failure" + value: "Failed exchange of Rotating Refresh Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-rotating-refresh-token + fertft: + classification: "Token Exchange - Failure" + value: "Failed exchange of Refresh Token for Access Token" + type: + - info + - protocol + - error + category: + - network + - web + action: failed-exchange-refresh-token-for-access-token + seacft: + classification: "Token Exchange - Success" + value: "Successful exchange of Authorization Code for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-auth-code-for-access-token + seccft: + classification: "Token Exchange - Success" + value: "Successful exchange of Access Token for a Client Credentials Grant" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-access-token-for-client-cred-grant + sede: + classification: "Token Exchange - Success" + value: "Successful exchange of Device Code for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-device-code-for-access-token + seoobft: + classification: "Token Exchange - Success" + value: "Successful exchange of Password and OOB Challenge for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-password-oob-challange-for-access-token + seotpft: + classification: "Token Exchange - Success" + value: "Successful exchange of Password and OTP Challenge for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-password-otp-challenge-for-access-token + sepft: + classification: "Token Exchange - Success" + value: "Successful exchange of Password for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-password-for-access-token + sercft: + classification: "Token Exchange - Success" + value: "Successful exchange of Password and MFA Recovery code for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-mfa-recovery-code-for-access-token + sertft: + classification: "Token Exchange - Success" + value: "Successful exchange of Refresh Token for Access Token" + type: + - info + - protocol + - access + category: + - network + - web + action: success-exchange-refresh-token-for-access-token + fapi: + classification: "Management API - Failure" + value: "Failed Management API operation" + type: + - info + - error + category: + - web + action: failed-mgmt-api-operation + sapi: + classification: "Management API - Success" + value: "Successful Management API operation" + type: + - info + - access + - change + category: + - web + - iam + action: success-mgmt-api-op + mgmt_api_read: + classification: "Management API - Success" + value: "API GET operation returning secrets completed successfully" + type: + - info + - access + category: + - web + - iam + action: success-mgmt-api-op-secrets-returned + admin_update_launch: + classification: "System - Notification" + value: "Auth0 Update Launched" + type: + - change + category: + - configuration + action: auth0-update-launched + api_limit: + classification: "System - Notification" + value: "The maximum number of requests to the Authentication or Management APIs in given time has reached" + type: + - info + - access + category: + - network + action: max-requests-reached + coff: + classification: "System - Notification" + value: "AD/LDAP Connector is offline" + type: + - error + - connection + category: + - network + - web + action: ad-ldap-connector-offline + con: + classification: "System - Notification" + value: "AD/LDAP Connector is online and working" + type: + - info + - connection + category: + - network + action: ad-ldap-connector-online + depnote: + classification: "System - Notification" + value: "Deprecation Notice" + type: + - info + action: deprecation-notice + fcpro: + classification: "System - Notification" + value: "Failed to provision a AD/LDAP connector" + type: + - info + - connection + - error + category: + - network + action: failed-ad-ldap-provision + fui: + classification: "System - Notification" + value: "Failed to import users" + type: + - info + - user + - error + category: + - iam + - web + action: failed-to-import-users + limit_delegation: + classification: "System - Notification" + value: "Rate limit exceeded to /delegation endpoint" + type: + - info + - access + category: + - network + action: rate-limit-exceeded-to-delegation-endpoint + limit_mu: + classification: "System - Notification" + value: "An IP address is blocked with 100 failed login attempts using different usernames" + type: + - indicator + - info + category: + - threat + - intrusion_detection + action: hundred-failed-logins-ip-address-blocked + limit_wc: + classification: "System - Notification" + value: "An IP address is blocked with 10 failed login attempts into a single account from the same IP address" + type: + - indicator + - info + category: + - threat + - intrusion_detection + action: ten-failed-logins-ip-address-blocked + sys_os_update_start: + classification: "System - Notification" + value: "Auth0 OS Update Started" + type: + - change + - start + - installation + category: + - configuration + - package + action: auth0-os-update-started + sys_os_update_end: + classification: "System - Notification" + value: "Auth0 OS Update Ended" + type: + - change + - end + - installation + category: + - configuration + - package + action: auth0-os-update-ended + sys_update_start: + classification: "System - Notification" + value: "Auth0 Update Started" + type: + - change + - start + - installation + category: + - configuration + - package + action: auth0-update-started + sys_update_end: + classification: "System - Notification" + value: "Auth0 Update Ended" + type: + - change + - end + - installation + category: + - configuration + - package + action: auth0-update-ended + fce: + classification: "User/Behavioral - Failure" + value: "Failed to change user email" + type: + - change + - user + category: + - iam + action: failed-to-change-user-email + fcp: + classification: "User/Behavioral - Failure" + value: "Failed to change password" + type: + - change + - user + category: + - iam + action: failed-to-change-password + fcpn: + classification: "User/Behavioral - Failure" + value: "Failed to change phone number" + type: + - change + - user + category: + - iam + action: failed-to-change-phone-number + fcpr: + classification: "User/Behavioral - Failure" + value: "Failed change password request" + type: + - change + - user + category: + - iam + action: failed-change-password-request + fcu: + classification: "User/Behavioral - Failure" + value: "Failed to change username" + type: + - change + - user + category: + - iam + action: failed-to-change-username + fd: + classification: "User/Behavioral - Failure" + value: "Failed to generate delegation token" + type: + - info + - user + category: + - iam + action: failed-to-generate-delegation-token + fdeaz: + classification: "User/Behavioral - Failure" + value: "Device authorization request failed" + type: + - info + - user + category: + - iam + action: failed-device-authorization-request + fdecc: + classification: "User/Behavioral - Failure" + value: "User did not confirm device" + type: + - info + action: user-device-not-confirmed + fdu: + classification: "User/Behavioral - Failure" + value: "Failed user deletion" + type: + - deletion + - user + category: + - iam + action: failed-user-deletion + fn: + classification: "User/Behavioral - Failure" + value: "Failed to send email notification" + type: + - info + action: failed-to-send-email-notification + fv: + classification: "User/Behavioral - Failure" + value: "Failed to send verification email" + type: + - info + action: failed-to-send-verification-email + fvr: + classification: "User/Behavioral - Failure" + value: "Failed to process verification email request" + type: + - info + action: failed-to-process-verification-email + cs: + classification: "User/Behavioral - Notification" + value: "Passwordless login code has been sent" + type: + - info + action: passwordless-login-code-sent + du: + classification: "User/Behavioral - Notification" + value: "User has been deleted" + type: + - info + - user + - deletion + category: + - iam + action: user-deleted + gd_enrollment_complete: + classification: "User/Behavioral - Notification" + value: "A first time MFA user has successfully enrolled using one of the factors" + type: + - info + - change + - end + category: + - iam + - session + action: mfa-enrollment-completed + gd_start_enroll: + classification: "User/Behavioral - Notification" + value: "Multi-factor authentication enroll has started" + type: + - info + - change + - start + category: + - iam + - session + action: mfa-enrollment-started + gd_unenroll: + classification: "User/Behavioral - Notification" + value: "Device used for second factor authentication has been unenrolled" + type: + - info + - deletion + category: + - iam + action: mfa-device-unenrolled + gd_update_device_account: + classification: "User/Behavioral - Notification" + value: "Device used for second factor authentication has been updated" + type: + - info + - change + category: + - iam + action: mfa-device-updated + ublkdu: + classification: "User/Behavioral - Notification" + value: "User block setup by anomaly detection has been released" + type: + - info + action: user-login-block-released + sce: + classification: "User/Behavioral - Success" + value: "Successfully changed user email" + type: + - info + - change + - user + category: + - iam + action: user-email-changed-successfully + scp: + classification: "User/Behavioral - Success" + value: "Successfully changed password" + type: + - info + - change + - user + category: + - iam + action: user-password-changed-successfully + scpn: + classification: "User/Behavioral - Success" + value: "Successfully changed phone number" + type: + - info + - change + - user + category: + - iam + action: user-phone-number-changed-successfully + scpr: + classification: "User/Behavioral - Success" + value: "Successful change password request" + type: + - info + - change + - user + category: + - iam + action: user-password-change-request-successful + scu: + classification: "User/Behavioral - Success" + value: "Successfully changed username" + type: + - info + - change + - user + category: + - iam + action: username-changed-successfully + sdu: + classification: "User/Behavioral - Success" + value: "User successfully deleted" + type: + - info + - deletion + category: + - iam + action: user-deleted-successfully + srrt: + classification: "User/Behavioral - Success" + value: "Successfully revoked a Refresh Token" + type: + - info + - deletion + category: + - iam + action: revoked-refresh-token-successfully + sui: + classification: "User/Behavioral - Success" + value: "Successfully imported users" + type: + - info + - user + category: + - iam + action: imported-users-successfully + sv: + classification: "User/Behavioral - Success" + value: "Sent verification email" + type: + - info + - user + category: + - iam + action: sent-verification-email + svr: + classification: "User/Behavioral - Success" + value: "Successfully processed verification email request" + type: + - info + - user + category: + - iam + action: email-verification-processed-successfully + fcph: + classification: "Other" + value: "Failed Post Change Password Hook" + type: + - change + - user + category: + - iam + action: failed-post-change-password-hook + fdeac: + classification: "Other" + value: "Failed to activate device" + type: + - info + action: failed-to-activate-device + fi: + classification: "Other" + value: "Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation." + type: + - info + action: failed-to-accept-user-invitation + gd_auth_failed: + classification: "Other" + value: "Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure." + type: + - info + action: mfa-authentication-failed-wrong-code + gd_auth_rejected: + classification: "Other" + value: "A user rejected a Multi-factor authentication request via push-notification." + type: + - info + action: user-rejected-mfa-request + gd_auth_succeed: + classification: "Other" + value: "Multi-factor authentication success." + type: + - info + action: mfa-authentication-succeeded + gd_otp_rate_limit_exceed: + classification: "Other" + value: "A user, during enrollment or authentication, enters an incorrect code more than the maximum allowed number of times. Ex: A user enrolling in SMS enters the 6-digit code wrong more than 10 times in a row." + type: + - info + - indicator + category: + - threat + action: user-entered-too-many-incorrect-codes + gd_recovery_failed: + classification: "Other" + value: "A user enters a wrong recovery code when attempting to authenticate." + type: + - info + action: user-entered-wrong-recovery-code + gd_recovery_rate_limit_exceed: + classification: "Other" + value: "A user enters a wrong recovery code too many times." + type: + - info + - indicator + category: + - threat + action: user-entered-too-many-wrong-codes + gd_recovery_succeed: + classification: "Other" + value: "A user successfully authenticates with a recovery code" + type: + - info + action: recovery-succeeded + gd_send_pn: + classification: "Other" + value: "Push notification for MFA sent successfully sent." + type: + - info + action: push-notification-sent + gd_send_sms: + classification: "Other" + value: "SMS for MFA successfully sent." + type: + - info + action: sms-sent + gd_send_sms_failure: + classification: "Other" + value: "Attempt to send SMS for MFA failed." + type: + - info + action: failed-to-send-sms + gd_send_voice: + classification: "Other" + value: "Voice call for MFA successfully made." + type: + - info + action: voice-call-made + gd_send_voice_failure: + classification: "Other" + value: "Attempt to make Voice call for MFA failed." + type: + - info + action: voice-call-failure + gd_start_auth: + classification: "Other" + value: "Second factor authentication event started for MFA." + type: + - info + action: 2fa-auth-event-started + gd_tenant_update: + classification: "Other" + value: "Guardian tenant update" + type: + - info + action: guardian-tenant-update + limit_sul: + classification: "Other" + value: "A user is temporarily prevented from logging in because more than 20 logins per minute occurred from the same IP address" + type: + - info + - indicator + category: + - threat + action: user-blocked-too-many-failed-logins-from-same-ip + mfar: + classification: "Other" + value: "A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment." + type: + - info + action: user-prompted-for-mfa + pla: + classification: "Other" + value: "This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it." + type: + - info + action: pre-login-assessment + pwd_leak: + classification: "Other" + value: "Someone behind the IP address attempted to login with a leaked password." + type: + - info + category: + - intrusion_detection + action: login-with-breached-password + scph: + classification: "Other" + value: "Success Post Change Password Hook" + type: + - info + action: success-post-change-password-hook + sd: + classification: "Other" + value: "Success delegation" + type: + - info + action: success-delegation + si: + classification: "Other" + value: "Successfully accepted a user invitation" + type: + - info + action: successfully-accepted-user-invitation + ss: + classification: "Other" + value: "Success Signup" + type: + - info + action: success-signup + source: |- + def eventType = ctx.auth0.logs.data.type; + def actions = params.get('actions'); + def actionData = actions.get(eventType); + if (actionData == null) { + ctx.event.action = 'unknown-' + eventType; + ctx.event.type = ['info']; + return; + } + // overwrite type abbreviation with actual value + def eventTypeVal = actionData.get('value'); + if (eventTypeVal != null) { + ctx.auth0.logs.data.type = eventTypeVal; + } + // event.type + def actionType = actionData.get('type'); + if (actionType != null) { + ctx.event.type = new ArrayList(actionType); + } + // event.category + def actionCategory = actionData.get('category'); + if (actionCategory != null) { + for (def c : actionCategory) { + ctx.event.category.add(c); + } + } + // event.action + def action = actionData.get('action'); + if (action != null) { + ctx.event.action = action; + } + // auth0 event category / classification group + def classification = actionData.get('classification'); + if (classification != null) { + ctx.auth0.logs.data.classification = classification; + } + // event.outcome + if (classification.toLowerCase().contains("success")) { + ctx.event.outcome = "success"; + } else if (classification.toLowerCase().contains("failure")) { + ctx.event.outcome = "failure"; + } else { + ctx.event.outcome = "unknown"; + } +- date: + if: ctx?.auth0?.logs?.data?.details?.initiatedAt != null + field: auth0.logs.data.details.initiatedAt + target_field: auth0.logs.data.login.initiatedAt + formats: + - UNIX_MS +- date: + if: ctx?.auth0?.logs?.data?.details?.completedAt != null + field: auth0.logs.data.details.completedAt + target_field: auth0.logs.data.login.completedAt + formats: + - UNIX_MS +- convert: + if: ctx?.auth0?.logs?.data?.details?.elapsedTime != null + field: auth0.logs.data.details.elapsedTime + target_field: auth0.logs.data.login.elapsedTime + type: long + ignore_missing: true +- convert: + if: "ctx.auth0.logs.data.type == 'Successful login'" + field: auth0.logs.data.details.stats.loginsCount + target_field: auth0.logs.data.login.stats.loginsCount + type: long + ignore_missing: true +## +# Clean up +## +- remove: + field: + - json + - auth0.logs.data.$event_schema.version + - auth0.logs.data._id + - auth0.logs.data.ip + - auth0.logs.data.user_name + - auth0.logs.data.user_id + - auth0.logs.data.user_agent + - auth0.logs.data.log_id + ignore_missing: true +- remove: + field: event.original + if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))" + ignore_failure: true + ignore_missing: true +- script: + lang: painless + description: This script processor iterates over the whole document to remove fields with null values. + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null || v == '' || (v instanceof Map && v.size() == 0) || (v instanceof List && v.size() == 0)); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + list.removeIf(v -> v == null || v == '' || (v instanceof Map && v.size() == 0) || (v instanceof List && v.size() == 0)); + } + handleMap(ctx); + +on_failure: +- set: + field: event.kind + value: pipeline_error +- append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/agent.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/agent.yml new file mode 100644 index 000000000..b4f84cf84 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/agent.yml @@ -0,0 +1,3 @@ +- name: input.type + type: keyword + description: Input type. diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/base-fields.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/base-fields.yml new file mode 100644 index 000000000..bc27cfd1c --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/base-fields.yml @@ -0,0 +1,20 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. +- name: event.module + type: constant_keyword + description: Event timestamp. + value: auth0 +- name: event.dataset + type: constant_keyword + description: Event timestamp. + value: auth0.logs diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/fields.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/fields.yml new file mode 100644 index 000000000..bc842a552 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/fields/fields.yml @@ -0,0 +1,126 @@ +- name: auth0 + type: group + description: Fields for Auth0 events. + fields: + - name: logs + type: group + description: Fields for Auth0 log events. + fields: + - name: log_id + type: keyword + description: Unique log event identifier + - name: data + type: group + description: log stream event data + fields: + - name: log_id + type: keyword + description: Unique log event identifier + - name: tenant_name + type: keyword + description: The name of the auth0 tenant. + - name: date + type: date + description: Date when the event occurred in ISO 8601 format. + - name: type + type: keyword + description: Type of event. + - name: description + type: text + description: Description of this event. + - name: connection + type: keyword + description: Name of the connection the event relates to. + - name: connection_id + type: keyword + description: ID of the connection the event relates to. + - name: client_id + type: keyword + description: ID of the client (application). + - name: client_name + type: keyword + description: Name of the client (application). + - name: ip + type: ip + description: IP address of the log event source. + - name: hostname + type: keyword + description: Hostname the event applies to. + - name: user_id + type: keyword + description: ID of the user involved in the event. + - name: user_name + type: keyword + description: Name of the user involved in the event. + - name: audience + type: keyword + description: API audience the event applies to. + - name: scope + type: keyword + description: Scope permissions applied to the event. + - name: strategy + type: keyword + description: Name of the strategy involved in the event. + - name: strategy_type + type: keyword + description: Type of strategy involved in the event. + - name: is_mobile + type: boolean + description: Whether the client was a mobile device (true) or desktop/laptop/server (false). + - name: classification + type: keyword + description: Log stream filters + - name: details + type: flattened + description: Additional useful details about this event (values here depend upon event type). + - name: login + type: group + description: Filtered fields for login type + fields: + - name: initiatedAt + type: date + description: Time at which the operation was initiated + - name: completedAt + type: date + description: Time at which the operation was completed + - name: elapsedTime + type: long + description: The total amount of time in milliseconds the operation took to complete. + - name: stats + type: group + description: login stats + fields: + - name: loginsCount + type: long + description: Total number of logins performed by the user + - name: user_agent + type: text + description: User agent string from the client device that caused the event. + - name: location_info + type: group + description: Information about the location that triggered this event based on the IP. + fields: + - name: country_code + type: keyword + description: Two-letter [Alpha-2 ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) country code + - name: country_code3 + type: keyword + description: Three-letter [Alpha-3 ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) country code + - name: country_name + type: keyword + description: Full country name in English. + - name: city_name + type: keyword + description: Full city name in English. + - name: latitude + type: keyword + description: Global latitude (horizontal) position. + - name: longitude + type: keyword + description: Global longitude (vertical) position. + - name: time_zone + type: keyword + description: Time zone name as found in the [tz database](https://www.iana.org/time-zones). + - name: continent_code + type: keyword + description: Continent the country is located within. Can be AF (Africa), AN (Antarctica), AS (Asia), EU (Europe), NA (North America), OC (Oceania) or SA (South America). diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/manifest.yml b/test/packages/parallel/auth0_logsdb/data_stream/logs/manifest.yml new file mode 100644 index 000000000..aa7760eef --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/manifest.yml @@ -0,0 +1,167 @@ +title: "Auth0 logs" +type: logs +streams: + - input: http_endpoint + title: Auth0 log events via Webhooks + description: Receives log events from Auth0 via Webhooks + enabled: false + template_path: http_endpoint.yml.hbs + vars: + - name: listen_address + type: text + title: Listen Address + description: Bind address for the listener. Use 0.0.0.0 to listen on all interfaces. + multi: false + required: true + show_user: true + default: localhost + - name: listen_port + type: integer + title: Listen Port + multi: false + required: true + show_user: true + default: 8383 + - name: url + type: text + title: Webhook path + description: URL path where the webhook will accept requests. + multi: false + required: true + show_user: false + default: /auth0/logs + - name: secret_value + type: password + description: Authorization token + multi: false + required: false + show_user: true + secret: true + - name: ssl + type: yaml + title: TLS + description: Options for enabling TLS for the listening webhook endpoint. See the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html) for a list of all options. + multi: false + required: false + show_user: false + default: | + enabled: false + certificate: "/etc/pki/client/cert.pem" + key: "/etc/pki/client/cert.key" + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - auth0-logstream + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + - input: cel + title: Auth0 log events via API requests + description: Collects log events from Auth0 via API requests. + enabled: false + template_path: cel.yml.hbs + vars: + - name: url + type: text + title: URL + description: Base URL of the Auth0 API. + default: https://tenant.us.auth0.com + required: true + show_user: true + - name: client_id + type: text + title: Client ID + description: Client ID for the Auth0 API. + multi: false + required: true + show_user: true + - name: client_secret + type: password + title: Client Secret + description: Client Secret for the Auth0 API. + multi: false + required: true + show_user: true + secret: true + - name: initial_interval + type: text + title: Initial Interval + description: How far back to pull logs from the Auth0 API. Supported units for this parameter are h/m/s. + multi: false + required: true + show_user: true + default: 24h + - name: interval + type: text + title: Interval + description: Duration between requests to the Auth0 API. Supported units for this parameter are h/m/s. + default: 5m + multi: false + required: true + show_user: true + - name: batch_size + type: integer + title: Batch Size + description: Batch size for the response of the Auth0 API. + default: 100 + multi: false + required: true + show_user: false + - name: http_client_timeout + type: text + title: HTTP Client Timeout + description: Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h. + multi: false + required: true + show_user: false + default: 30s + - name: enable_request_tracer + type: bool + title: Enable request tracing + multi: false + required: false + show_user: false + description: The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details. + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - auth0-logstream + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original`. + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/test/packages/parallel/auth0_logsdb/data_stream/logs/sample_event.json b/test/packages/parallel/auth0_logsdb/data_stream/logs/sample_event.json new file mode 100644 index 000000000..93511e872 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/data_stream/logs/sample_event.json @@ -0,0 +1,155 @@ +{ + "@timestamp": "2021-11-03T03:25:28.923Z", + "agent": { + "ephemeral_id": "667cd3fd-5cbb-420c-91e4-060bb1455023", + "id": "d45df655-b57b-4c5d-8017-17c41cca0d2b", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.13.0" + }, + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T03:25:28.923Z", + "details": { + "completedAt": 1635909928922, + "elapsedTime": 1110091, + "initiatedAt": 1635908818831, + "prompts": [ + { + "completedAt": 1635909903693, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "6182002f34f4dd006b05b5c7", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635909903745, + "elapsedTime": 1084902, + "flow": "universal-login", + "initiatedAt": 1635908818843, + "name": "login", + "timers": { + "rules": 5 + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com" + }, + { + "completedAt": 1635909928352, + "elapsedTime": 23378, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618201284369c9b4f9cd6d52", + "scope": "openid profile" + }, + "initiatedAt": 1635909904974, + "name": "consent" + } + ], + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T03:25:28.922Z", + "elapsedTime": 1110091, + "initiatedAt": "2021-11-03T03:06:58.831Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "data_stream": { + "dataset": "auth0.logs", + "namespace": "93795", + "type": "logs" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "d45df655-b57b-4c5d-8017-17c41cca0d2b", + "snapshot": false, + "version": "8.13.0" + }, + "event": { + "action": "successful-login", + "agent_id_status": "verified", + "category": [ + "authentication", + "session" + ], + "dataset": "auth0.logs", + "id": "90020211103032530111223343147286033102509916061341581378", + "ingested": "2024-07-30T05:19:59Z", + "kind": "event", + "original": "{\"data\":{\"client_id\":\"aI61p8I8aFjmYRliLWgvM9ev97kCCNDB\",\"client_name\":\"Default App\",\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"date\":\"2021-11-03T03:25:28.923Z\",\"details\":{\"completedAt\":1635909928922,\"elapsedTime\":1110091,\"initiatedAt\":1635908818831,\"prompts\":[{\"completedAt\":1635909903693,\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"elapsedTime\":null,\"identity\":\"6182002f34f4dd006b05b5c7\",\"name\":\"prompt-authenticate\",\"stats\":{\"loginsCount\":1},\"strategy\":\"auth0\"},{\"completedAt\":1635909903745,\"elapsedTime\":1084902,\"flow\":\"universal-login\",\"initiatedAt\":1635908818843,\"name\":\"login\",\"timers\":{\"rules\":5},\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},{\"completedAt\":1635909928352,\"elapsedTime\":23378,\"flow\":\"consent\",\"grantInfo\":{\"audience\":\"https://dev-yoj8axza.au.auth0.com/userinfo\",\"expiration\":null,\"id\":\"618201284369c9b4f9cd6d52\",\"scope\":\"openid profile\"},\"initiatedAt\":1635909904974,\"name\":\"consent\"}],\"session_id\":\"1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc\",\"stats\":{\"loginsCount\":1}},\"hostname\":\"dev-yoj8axza.au.auth0.com\",\"ip\":\"81.2.69.143\",\"log_id\":\"90020211103032530111223343147286033102509916061341581378\",\"strategy\":\"auth0\",\"strategy_type\":\"database\",\"type\":\"s\",\"user_agent\":\"Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0\",\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},\"log_id\":\"90020211103032530111223343147286033102509916061341581378\"}", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "input": { + "type": "http_endpoint" + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event", + "forwarded", + "auth0-logstream" + ], + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/docs/README.md b/test/packages/parallel/auth0_logsdb/docs/README.md new file mode 100644 index 000000000..9690bf7d7 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/docs/README.md @@ -0,0 +1,274 @@ +# Auth0 Log Streams Integration + +Auth0 offers integrations that push log events via log streams to Elasticsearch or allows an Elastic Agent to make API requests for log events. The [Auth0 Log Streams](https://auth0.com/docs/customize/log-streams) integration package creates a HTTP listener that accepts incoming log events or runs periodic API requests to collect events and ingests them into Elasticsearch. This allows you to search, observe and visualize the Auth0 log events through Elasticsearch. + +## Compatibility + +The package collects log events either sent via log stream webhooks, or by API request to the Auth0 v2 API. + +## Enabling the integration in Elastic + +1. In Kibana go to **Management > Integrations** +2. In "Search for integrations" search bar type **Auth0** +3. Click on "Auth0" integration from the search results. +4. Click on **Add Auth0** button to add Auth0 integration. + +## Configuration for Webhook input + +The agent running this integration must be able to accept requests from the Internet in order for Auth0 to be able connect. Auth0 requires that the webhook accept requests over HTTPS. So you must either configure the integration with a valid TLS certificate or use a reverse proxy in front of the integration. + +For more information, see Auth0's webpage on [integration to Elastic Security](https://marketplace.auth0.com/integrations/elastic-security). + +### Configure the Auth0 integration + +1. Click on **Collect Auth0 log streams events via Webhooks** to enable it. +2. Enter values for "Listen Address", "Listen Port" and "Webhook path" to form the endpoint URL. Make note of the **Endpoint URL** `https://{AGENT_ADDRESS}:8383/auth0/logs`. +3. Enter value for "Secret value". This must match the "Authorization Token" value entered when configuring the "Custom Webhook" from Auth0 cloud. +4. Enter values for "TLS". Auth0 requires that the webhook accept requests over HTTPS. So you must either configure the integration with a valid TLS certificate or use a reverse proxy in front of the integration. + +### Creating the stream in Auth0 + +1. From the Auth0 management console, navigate to **Logs > Streams** and click **+ Create Stream**. +2. Choose **Custom Webhook**. +3. Name the new **Event Stream** appropriately (e.g. Elastic) and click **Create**. +4. In **Payload URL**, paste the **Endpoint URL** collected during Step 1 of **Configure the Auth0 integration** section. +5. In **Authorization Token**, paste the **Authorization Token**. This must match the value entered in Step 2 of **Configure the Auth0 integration** section. +6. In **Content Type**, choose **application/json**. +7. In **Content Format**, choose **JSON Lines**. +8. Click **Save**. + +## Configuration for API request input + +### Creating an application in Auth0 + +1. From the Auth0 management console, navigate to **Applications > Applications** and click **+ Create Application**. +2. Choose **Machine to Machine Application**. +3. Name the new **Application** appropriately (e.g. Elastic) and click **Create**. +4. Select the **Auth0 Management API** option and click **Authorize**. +5. Select the `read:logs` and `read:logs_users` permissions and then click **Authorize**. +6. Navigate to the **Settings** tab. Take note of the "Domain", "Client ID" and "Client Secret" values in the **Basic Information** section. +7. Click **Save Changes**. + +### Configure the Auth0 integration + +1. In the Elastic Auth0 integration user interface click on **Collect Auth0 log events via API requests** to enable it. +2. Enter value for "URL". This must be an https URL using the **Domain** value obtained from Auth cloud above. +3. Enter value for "Client ID". This must match the "Client ID" value obtained from Auth0 cloud above. +4. Enter value for "Client Secret". This must match the "Client Secret" value obtained from Auth0 cloud above. + +## Log Events + +Enable to collect Auth0 log events for all the applications configured for the chosen log stream. + +## Logs + +### Log Stream Events + +The Auth0 logs dataset provides events from Auth0 log stream. All Auth0 log events are available in the `auth0.logs` field group. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| auth0.logs.data.audience | API audience the event applies to. | keyword | +| auth0.logs.data.classification | Log stream filters | keyword | +| auth0.logs.data.client_id | ID of the client (application). | keyword | +| auth0.logs.data.client_name | Name of the client (application). | keyword | +| auth0.logs.data.connection | Name of the connection the event relates to. | keyword | +| auth0.logs.data.connection_id | ID of the connection the event relates to. | keyword | +| auth0.logs.data.date | Date when the event occurred in ISO 8601 format. | date | +| auth0.logs.data.description | Description of this event. | text | +| auth0.logs.data.details | Additional useful details about this event (values here depend upon event type). | flattened | +| auth0.logs.data.hostname | Hostname the event applies to. | keyword | +| auth0.logs.data.ip | IP address of the log event source. | ip | +| auth0.logs.data.is_mobile | Whether the client was a mobile device (true) or desktop/laptop/server (false). | boolean | +| auth0.logs.data.location_info.city_name | Full city name in English. | keyword | +| auth0.logs.data.location_info.continent_code | Continent the country is located within. Can be AF (Africa), AN (Antarctica), AS (Asia), EU (Europe), NA (North America), OC (Oceania) or SA (South America). | keyword | +| auth0.logs.data.location_info.country_code | Two-letter [Alpha-2 ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) country code | keyword | +| auth0.logs.data.location_info.country_code3 | Three-letter [Alpha-3 ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) country code | keyword | +| auth0.logs.data.location_info.country_name | Full country name in English. | keyword | +| auth0.logs.data.location_info.latitude | Global latitude (horizontal) position. | keyword | +| auth0.logs.data.location_info.longitude | Global longitude (vertical) position. | keyword | +| auth0.logs.data.location_info.time_zone | Time zone name as found in the [tz database](https://www.iana.org/time-zones). | keyword | +| auth0.logs.data.log_id | Unique log event identifier | keyword | +| auth0.logs.data.login.completedAt | Time at which the operation was completed | date | +| auth0.logs.data.login.elapsedTime | The total amount of time in milliseconds the operation took to complete. | long | +| auth0.logs.data.login.initiatedAt | Time at which the operation was initiated | date | +| auth0.logs.data.login.stats.loginsCount | Total number of logins performed by the user | long | +| auth0.logs.data.scope | Scope permissions applied to the event. | keyword | +| auth0.logs.data.strategy | Name of the strategy involved in the event. | keyword | +| auth0.logs.data.strategy_type | Type of strategy involved in the event. | keyword | +| auth0.logs.data.tenant_name | The name of the auth0 tenant. | keyword | +| auth0.logs.data.type | Type of event. | keyword | +| auth0.logs.data.user_agent | User agent string from the client device that caused the event. | text | +| auth0.logs.data.user_id | ID of the user involved in the event. | keyword | +| auth0.logs.data.user_name | Name of the user involved in the event. | keyword | +| auth0.logs.log_id | Unique log event identifier | keyword | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| event.dataset | Event timestamp. | constant_keyword | +| event.module | Event timestamp. | constant_keyword | +| input.type | Input type. | keyword | + + +An example event for `logs` looks as following: + +```json +{ + "@timestamp": "2021-11-03T03:25:28.923Z", + "agent": { + "ephemeral_id": "667cd3fd-5cbb-420c-91e4-060bb1455023", + "id": "d45df655-b57b-4c5d-8017-17c41cca0d2b", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.13.0" + }, + "auth0": { + "logs": { + "data": { + "classification": "Login - Success", + "client_id": "aI61p8I8aFjmYRliLWgvM9ev97kCCNDB", + "client_name": "Default App", + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "date": "2021-11-03T03:25:28.923Z", + "details": { + "completedAt": 1635909928922, + "elapsedTime": 1110091, + "initiatedAt": 1635908818831, + "prompts": [ + { + "completedAt": 1635909903693, + "connection": "Username-Password-Authentication", + "connection_id": "con_1a5wCUmAs6VOU17n", + "identity": "6182002f34f4dd006b05b5c7", + "name": "prompt-authenticate", + "stats": { + "loginsCount": 1 + }, + "strategy": "auth0" + }, + { + "completedAt": 1635909903745, + "elapsedTime": 1084902, + "flow": "universal-login", + "initiatedAt": 1635908818843, + "name": "login", + "timers": { + "rules": 5 + }, + "user_id": "auth0|6182002f34f4dd006b05b5c7", + "user_name": "neo@test.com" + }, + { + "completedAt": 1635909928352, + "elapsedTime": 23378, + "flow": "consent", + "grantInfo": { + "audience": "https://dev-yoj8axza.au.auth0.com/userinfo", + "id": "618201284369c9b4f9cd6d52", + "scope": "openid profile" + }, + "initiatedAt": 1635909904974, + "name": "consent" + } + ], + "session_id": "1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc", + "stats": { + "loginsCount": 1 + } + }, + "hostname": "dev-yoj8axza.au.auth0.com", + "login": { + "completedAt": "2021-11-03T03:25:28.922Z", + "elapsedTime": 1110091, + "initiatedAt": "2021-11-03T03:06:58.831Z", + "stats": { + "loginsCount": 1 + } + }, + "strategy": "auth0", + "strategy_type": "database", + "type": "Successful login" + } + } + }, + "data_stream": { + "dataset": "auth0.logs", + "namespace": "93795", + "type": "logs" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "d45df655-b57b-4c5d-8017-17c41cca0d2b", + "snapshot": false, + "version": "8.13.0" + }, + "event": { + "action": "successful-login", + "agent_id_status": "verified", + "category": [ + "authentication", + "session" + ], + "dataset": "auth0.logs", + "id": "90020211103032530111223343147286033102509916061341581378", + "ingested": "2024-07-30T05:19:59Z", + "kind": "event", + "original": "{\"data\":{\"client_id\":\"aI61p8I8aFjmYRliLWgvM9ev97kCCNDB\",\"client_name\":\"Default App\",\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"date\":\"2021-11-03T03:25:28.923Z\",\"details\":{\"completedAt\":1635909928922,\"elapsedTime\":1110091,\"initiatedAt\":1635908818831,\"prompts\":[{\"completedAt\":1635909903693,\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"elapsedTime\":null,\"identity\":\"6182002f34f4dd006b05b5c7\",\"name\":\"prompt-authenticate\",\"stats\":{\"loginsCount\":1},\"strategy\":\"auth0\"},{\"completedAt\":1635909903745,\"elapsedTime\":1084902,\"flow\":\"universal-login\",\"initiatedAt\":1635908818843,\"name\":\"login\",\"timers\":{\"rules\":5},\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},{\"completedAt\":1635909928352,\"elapsedTime\":23378,\"flow\":\"consent\",\"grantInfo\":{\"audience\":\"https://dev-yoj8axza.au.auth0.com/userinfo\",\"expiration\":null,\"id\":\"618201284369c9b4f9cd6d52\",\"scope\":\"openid profile\"},\"initiatedAt\":1635909904974,\"name\":\"consent\"}],\"session_id\":\"1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc\",\"stats\":{\"loginsCount\":1}},\"hostname\":\"dev-yoj8axza.au.auth0.com\",\"ip\":\"81.2.69.143\",\"log_id\":\"90020211103032530111223343147286033102509916061341581378\",\"strategy\":\"auth0\",\"strategy_type\":\"database\",\"type\":\"s\",\"user_agent\":\"Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0\",\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},\"log_id\":\"90020211103032530111223343147286033102509916061341581378\"}", + "outcome": "success", + "type": [ + "info", + "start" + ] + }, + "input": { + "type": "http_endpoint" + }, + "log": { + "level": "info" + }, + "network": { + "type": "ipv4" + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event", + "forwarded", + "auth0-logstream" + ], + "user": { + "id": "auth0|6182002f34f4dd006b05b5c7", + "name": "neo@test.com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Firefox", + "original": "Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0", + "os": { + "name": "Ubuntu" + }, + "version": "93.0." + } +} +``` diff --git a/test/packages/parallel/auth0_logsdb/img/auth0-logo.svg b/test/packages/parallel/auth0_logsdb/img/auth0-logo.svg new file mode 100644 index 000000000..e0f2aa1d3 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/img/auth0-logo.svg @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + + diff --git a/test/packages/parallel/auth0_logsdb/img/auth0-screenshot.png b/test/packages/parallel/auth0_logsdb/img/auth0-screenshot.png new file mode 100755 index 000000000..72b880f16 Binary files /dev/null and b/test/packages/parallel/auth0_logsdb/img/auth0-screenshot.png differ diff --git a/test/packages/parallel/auth0_logsdb/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json b/test/packages/parallel/auth0_logsdb/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json new file mode 100644 index 000000000..5fdc17c4d --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json @@ -0,0 +1,1142 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "c9215ac0-57f7-4fbb-af81-9f5bb365a238": { + "columnOrder": [ + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31", + "becf928d-1e95-4cf0-a37f-e4eb735dcc27" + ], + "columns": { + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "becf928d-1e95-4cf0-a37f-e4eb735dcc27", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.category" + }, + "becf928d-1e95-4cf0-a37f-e4eb735dcc27": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "layerType": "data", + "legendDisplay": "default", + "legendSize": "auto", + "metrics": [ + "becf928d-1e95-4cf0-a37f-e4eb735dcc27" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "ad18389f-67bd-47ae-bd5e-7a0a8a74ef31" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "title": "Auth0 Log Stream Event Types", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35": { + "columnOrder": [ + "234dec72-0dd2-42cb-b486-059fa3e0a077", + "9fb2da13-fb8b-4041-b60e-0840068dc570" + ], + "columns": { + "234dec72-0dd2-42cb-b486-059fa3e0a077": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "9fb2da13-fb8b-4041-b60e-0840068dc570": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of event.type", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "event.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "9fb2da13-fb8b-4041-b60e-0840068dc570" + ], + "layerId": "1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "234dec72-0dd2-42cb-b486-059fa3e0a077" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "6089a77e-3c96-4414-9932-eda55ced3d07", + "w": 14, + "x": 15, + "y": 0 + }, + "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", + "title": "Rate of events", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f4e91fff-3766-4adf-bcbf-f0ceb8ea19fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b88d295-b9e0-412b-9bff-d6e5893a485a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "335cb626-370d-4e95-9a6c-4f231edeb186", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f4e91fff-3766-4adf-bcbf-f0ceb8ea19fa": { + "columnOrder": [ + "7c1be01f-a2e6-41e3-80e6-088855e73800" + ], + "columns": { + "7c1be01f-a2e6-41e3-80e6-088855e73800": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3b88d295-b9e0-412b-9bff-d6e5893a485a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "335cb626-370d-4e95-9a6c-4f231edeb186", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "f4e91fff-3766-4adf-bcbf-f0ceb8ea19fa", + "layerType": "data", + "metricAccessor": "7c1be01f-a2e6-41e3-80e6-088855e73800" + } + }, + "title": "Number of Failed Logins", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "5124c723-8890-477e-aad5-bc4fd529bd46", + "w": 9, + "x": 29, + "y": 0 + }, + "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f637aea7-1a8a-4c6f-bea3-83b1910bd16d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5f62b07-86eb-481b-b6b5-308fdf2ee125", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fefc1a3f-fa1c-455f-9f0e-836cb58b93b4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f637aea7-1a8a-4c6f-bea3-83b1910bd16d": { + "columnOrder": [ + "07d7e830-73dc-4cc0-9426-892fc45589d4" + ], + "columns": { + "07d7e830-73dc-4cc0-9426-892fc45589d4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "f5f62b07-86eb-481b-b6b5-308fdf2ee125", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "fefc1a3f-fa1c-455f-9f0e-836cb58b93b4", + "key": "event.category", + "negate": false, + "params": { + "query": "Signup - Success" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Signup - Success" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "f637aea7-1a8a-4c6f-bea3-83b1910bd16d", + "layerType": "data", + "metricAccessor": "07d7e830-73dc-4cc0-9426-892fc45589d4" + } + }, + "title": "Number of Successful Signups", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 10, + "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "w": 10, + "x": 38, + "y": 0 + }, + "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "e7270679-c5d0-496a-9fd2-7409b402bdb0": { + "columnOrder": [ + "60724141-ecf4-4f42-b263-d12cd64fe1a3", + "14ed1312-1743-452e-89e9-52018d6db787" + ], + "columns": { + "14ed1312-1743-452e-89e9-52018d6db787": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "60724141-ecf4-4f42-b263-d12cd64fe1a3": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-1", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Success" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Success" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "14ed1312-1743-452e-89e9-52018d6db787" + ], + "layerId": "e7270679-c5d0-496a-9fd2-7409b402bdb0", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "60724141-ecf4-4f42-b263-d12cd64fe1a3" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "d00429d4-502f-41d8-8a2b-7300859930ea", + "w": 15, + "x": 0, + "y": 10 + }, + "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", + "title": "Rate of Successful Logins", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e": { + "columnOrder": [ + "56478895-2ad9-4541-9b3c-debffe3de81d", + "d8ee79e4-d617-4809-9065-217bcd1f628c" + ], + "columns": { + "56478895-2ad9-4541-9b3c-debffe3de81d": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d8ee79e4-d617-4809-9065-217bcd1f628c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filter-index-pattern-1", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "d8ee79e4-d617-4809-9065-217bcd1f628c" + ], + "layerId": "4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "56478895-2ad9-4541-9b3c-debffe3de81d" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "w": 14, + "x": 15, + "y": 10 + }, + "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "title": "Rate of Failed Logins", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e62e3521-0ee8-4488-931d-4474a54c10a7", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "e62e3521-0ee8-4488-931d-4474a54c10a7": { + "columnOrder": [ + "80cab385-f007-47be-80af-a825f0381d20", + "9b47063f-6502-47ca-80be-f0b98869fc5e" + ], + "columns": { + "80cab385-f007-47be-80af-a825f0381d20": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "IP Address", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "9b47063f-6502-47ca-80be-f0b98869fc5e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "auth0.logs.data.ip" + }, + "9b47063f-6502-47ca-80be-f0b98869fc5e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "9b47063f-6502-47ca-80be-f0b98869fc5e" + ], + "layerId": "e62e3521-0ee8-4488-931d-4474a54c10a7", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "80cab385-f007-47be-80af-a825f0381d20" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 12, + "i": "7f0587d4-ef04-4913-9ccb-cd2c93f470df", + "w": 19, + "x": 29, + "y": 10 + }, + "panelIndex": "7f0587d4-ef04-4913-9ccb-cd2c93f470df", + "title": "IP Addresses of failed logins", + "type": "lens", + "version": "8.7.1" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 11, + "i": "253f1007-1537-4012-a663-48bccf233f4c", + "w": 48, + "x": 0, + "y": 22 + }, + "panelIndex": "253f1007-1537-4012-a663-48bccf233f4c", + "panelRefName": "panel_253f1007-1537-4012-a663-48bccf233f4c", + "type": "search", + "version": "8.7.1" + } + ], + "timeRestore": false, + "title": "Auth0", + "version": 1 + }, + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-11T05:13:37.961Z", + "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", + "migrationVersion": { + "dashboard": "8.7.0" + }, + "references": [ + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:indexpattern-datasource-layer-c9215ac0-57f7-4fbb-af81-9f5bb365a238", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1a13814d-17bf-42cf-8ef9-2dc599fb6766:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:indexpattern-datasource-layer-1f92a60a-ed7e-42e4-b03c-4a3fb37e1a35", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6089a77e-3c96-4414-9932-eda55ced3d07:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:indexpattern-datasource-layer-f4e91fff-3766-4adf-bcbf-f0ceb8ea19fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:3b88d295-b9e0-412b-9bff-d6e5893a485a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5124c723-8890-477e-aad5-bc4fd529bd46:335cb626-370d-4e95-9a6c-4f231edeb186", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:indexpattern-datasource-layer-f637aea7-1a8a-4c6f-bea3-83b1910bd16d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:f5f62b07-86eb-481b-b6b5-308fdf2ee125", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cb337534-d263-480b-b6a3-80cc4f14d73b:fefc1a3f-fa1c-455f-9f0e-836cb58b93b4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:indexpattern-datasource-layer-e7270679-c5d0-496a-9fd2-7409b402bdb0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d00429d4-502f-41d8-8a2b-7300859930ea:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:indexpattern-datasource-layer-4fc38bcd-1242-43bb-a213-0c6fe6e7a26e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7f0587d4-ef04-4913-9ccb-cd2c93f470df:indexpattern-datasource-layer-e62e3521-0ee8-4488-931d-4474a54c10a7", + "type": "index-pattern" + }, + { + "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", + "name": "253f1007-1537-4012-a663-48bccf233f4c:panel_253f1007-1537-4012-a663-48bccf233f4c", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/kibana/search/auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf.json b/test/packages/parallel/auth0_logsdb/kibana/search/auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf.json new file mode 100644 index 000000000..d504b9c69 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/kibana/search/auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf.json @@ -0,0 +1,57 @@ +{ + "attributes": { + "columns": [ + "auth0.logs.data.connection", + "auth0.logs.data.user_name", + "auth0.logs.data.user_agent" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"auth0.logs\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Auth0 logs", + "version": 1 + }, + "coreMigrationVersion": "8.7.1", + "created_at": "2023-07-11T05:07:28.181Z", + "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", + "migrationVersion": { + "search": "8.0.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/test/packages/parallel/auth0_logsdb/kibana/tags.yml b/test/packages/parallel/auth0_logsdb/kibana/tags.yml new file mode 100644 index 000000000..47f20a8f5 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/kibana/tags.yml @@ -0,0 +1,4 @@ +- text: Security Solution + asset_types: + - dashboard + - search diff --git a/test/packages/parallel/auth0_logsdb/manifest.yml b/test/packages/parallel/auth0_logsdb/manifest.yml new file mode 100644 index 000000000..089282509 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/manifest.yml @@ -0,0 +1,36 @@ +format_version: "3.0.2" +name: auth0 +title: "Auth0" +version: "1.17.0" +description: Collect logs from Auth0 with Elastic Agent. +type: integration +categories: + - security + - iam +conditions: + kibana: + version: "^8.13.0" +screenshots: + - src: /img/auth0-screenshot.png + title: Auth0 Dashboard + size: 600x600 + type: image/png +icons: + - src: /img/auth0-logo.svg + title: Auth0 logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: auth0_events + title: Auth0 log stream events + description: Collect Auth0 log streams events. + inputs: + - type: http_endpoint + title: Collect Auth0 log streams events via Webhooks + description: Collecting Auth0 log stream events via Webhooks. + - type: cel + title: Collect Auth0 log events via API requests + description: Collect Auth0 log events via API requests. +owner: + github: elastic/security-service-integrations + type: elastic diff --git a/test/packages/parallel/auth0_logsdb/validation.yml b/test/packages/parallel/auth0_logsdb/validation.yml new file mode 100644 index 000000000..9dcaa3b03 --- /dev/null +++ b/test/packages/parallel/auth0_logsdb/validation.yml @@ -0,0 +1,5 @@ +errors: + exclude_checks: + - SVR00002 # Mandatory filters in dashboards. + - SVR00004 # References in dashboards. + - SVR00005 # Kibana version for saved tags. diff --git a/test/packages/parallel/ti_anomali.stack_provider_settings b/test/packages/parallel/ti_anomali.stack_provider_settings new file mode 100644 index 000000000..f5d43ecd5 --- /dev/null +++ b/test/packages/parallel/ti_anomali.stack_provider_settings @@ -0,0 +1 @@ +stack.logsdb_enabled=false