diff options
Diffstat (limited to 'testSchemaFiles/dos_event.json')
| -rw-r--r-- | testSchemaFiles/dos_event.json | 434 |
1 files changed, 434 insertions, 0 deletions
diff --git a/testSchemaFiles/dos_event.json b/testSchemaFiles/dos_event.json new file mode 100644 index 0000000..d0e0f33 --- /dev/null +++ b/testSchemaFiles/dos_event.json @@ -0,0 +1,434 @@ +{ + "type":"record", + "name":"dos_event", + "namespace":"tsg_galaxy_v3", + "doc": + { + "primary_key":"log_id", + "partition_key":"start_time", + "ttl":null, + "default_ttl":2592000, + "index_key": + [ + "log_id", + "start_time", + "destination_ip" + ], + "functions": + { + "aggregation": + [ + { + "name":"COUNT", + "label":"COUNT", + "function":"count(expr)" + }, + { + "name":"COUNT_DISTINCT", + "label":"COUNT_DISTINCT", + "function":"count(distinct expr)" + }, + { + "name":"AVG", + "label":"AVG", + "function":"avg(expr)" + }, + { + "name":"SUM", + "label":"SUM", + "function":"sum(expr)" + }, + { + "name":"MAX", + "label":"MAX", + "function":"max(expr)" + }, + { + "name":"MIN", + "label":"MIN", + "function":"min(expr)" + } + + ], + "operator": + [ + { + "name":"=", + "label":"=", + "function":"expr = value" + }, + { + "name":"!=", + "label":"!=", + "function":"expr != value" + }, + { + "name":">", + "label":">", + "function":"expr > value" + }, + { + "name":"<", + "label":"<", + "function":"expr < value" + }, + { + "name":">=", + "label":">=", + "function":"expr >= value" + }, + { + "name":"<=", + "label":"<=", + "function":"expr <= value" + }, + { + "name":"has", + "label":"HAS", + "function":"has(expr, value)" + }, + { + "name":"in", + "label":"IN", + "function":"expr in (values)" + }, + { + "name":"not in", + "label":"NOT IN", + "function":"expr not in (values)" + }, + { + "name":"like", + "label":"LIKE", + "function":"expr like value" + }, + { + "name":"not like", + "label":"NOT LIKE", + "function":"expr not like value" + }, + { + "name":"notEmpty", + "label":"NOT EMPTY", + "function":"notEmpty(expr)" + }, + { + "name":"empty", + "label":"EMPTY", + "function":"empty(expr)" + } + + ] + + }, + "schema_query": + { + "references": + { + "aggregation": + [ + { + "type":"int", + "functions":"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" + }, + { + "type":"long", + "functions":"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" + }, + { + "type":"float", + "functions":"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" + }, + { + "type":"double", + "functions":"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" + }, + { + "type":"string", + "functions":"COUNT,COUNT_DISTINCT" + }, + { + "type":"date", + "functions":"COUNT,COUNT_DISTINCT,MAX,MIN" + }, + { + "type":"timestamp", + "functions":"COUNT,COUNT_DISTINCT,MAX,MIN" + } + + ], + "operator": + [ + { + "type":"int", + "functions":"=,!=,>,<,>=,<=,in,not in" + }, + { + "type":"long", + "functions":"=,!=,>,<,>=,<=,in,not in" + }, + { + "type":"float", + "functions":"=,!=,>,<,>=,<=" + }, + { + "type":"double", + "functions":"=,!=,>,<,>=,<=" + }, + { + "type":"string", + "functions":"=,!=,in,not in,like,not like,notEmpty,empty" + }, + { + "type":"date", + "functions":"=,!=,>,<,>=,<=" + }, + { + "type":"timestamp", + "functions":"=,!=,>,<,>=,<=" + }, + { + "type":"array", + "functions":"has" + } + + ] + + } + + }, + "default_columns": + [ + "log_id", + "attack_type", + "source_ip_list", + "destination_ip", + "severity", + "start_time", + "end_time", + "packet_rate", + "bit_rate", + "session_rate" + ], + "internal_columns": + [ + "start_time", + "log_id", + "end_time" + ] + + }, + "fields": + [ + { + "name":"start_time", + "label":"Start Time", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"end_time", + "label":"End Time", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"log_id", + "label":"Log ID", + "doc": + { + "format": + { + "functions":"snowflake_id" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"attack_type", + "label":"Attack Type", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"TCP SYN Flood", + "value":"TCP SYN Flood" + }, + { + "code":"UDP Flood", + "value":"UDP Flood" + }, + { + "code":"ICMP Flood", + "value":"ICMP Flood" + }, + { + "code":"DNS Flood", + "value":"DNS Flood" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"severity", + "label":"Severity", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"Critical", + "value":"Critical" + }, + { + "code":"Severe", + "value":"Severe" + }, + { + "code":"Major", + "value":"Major" + }, + { + "code":"Warning", + "value":"Warning" + }, + { + "code":"Minor", + "value":"Minor" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"conditions", + "label":"Conditions", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"destination_ip", + "label":"Destination IP", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"destination_country", + "label":"Destination Country", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"source_ip_list", + "label":"Source IPs", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"source_country_list", + "label":"Source Countries", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"session_rate", + "label":"Sessions/s", + "doc": + { + "constraints": + { + "type":"sessions/sec" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"packet_rate", + "label":"Packets/s", + "doc": + { + "constraints": + { + "type":"packets/sec" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"bit_rate", + "label":"Bits/s", + "doc": + { + "constraints": + { + "type":"bits/sec" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + } + + ] + +}
\ No newline at end of file |