Pastein: event_src.vendor unix_like event_src.title unix_like event_src.subsys auditd event_src.rule pt_siem_api_accept event_src.category Operating system origin_app_name MaxPatrol 10 origin_app

Загрузка данных
event_src.vendor
unix_like
event_src.title
unix_like
event_src.subsys
auditd
event_src.rule
pt_siem_api_accept
event_src.category
Operating system
origin_app_name
MaxPatrol 10
origin_app_alias
MP_smnpp-7
origin_app_id
1aea1c5e-34c0-0001-0000-000000000004
primary_siem_app_alias
MP_smnpp-7
primary_siem_app_id
1aea1c5e-34c0-0001-0000-000000000004
storage_app_name
MaxPatrol 10
storage_app_alias
MP_smnpp-7
storage_app_id
1aea1c5e-34c0-0001-0000-000000000004
Точка сбора
recv_asset
uc-cons-a-04052.snpp.ru (192.168.76.5)
recv_ipv4
192.168.76.5
recv_time
17.04.2026, 14:33:48
Служебные данные
id
PT_UNIX_like_auditd_syslog_structured_syscall_sockets
uuid
4d263b5a-3a51-11f1-9ba2-1866dab1ac7f
agent_id
06cd157c-8abd-4e6c-aac8-3abf2d0c37f5
input_id
cd005391-afde-43f3-91e1-330921234b56
task_id
1b0df851-3fc0-0001-0000-00000000059b
normalized
true
tag
syslog
mime
application/json
taxonomy_version
27.0.859-release-27.0
generator.type
logcollector
historical
false
original_time
17.04.2026, 14:33:45
incorrect_time
false
scope_id
00000000-0000-0000-0000-000000000005
tenant_id
002ebd2c-f8b1-408d-be7e-de55372add12
_checkpoint
659053455528
_presentation
3fa85f64-5717-4562-b3fc-2c963f66afa6
job_id
af9a3b6f-5987-469a-962a-2f5bc06ae6f2
labels
enr_unix_obj_acc_provider|enr_unix_subj_acc_provider
remote
false
siem_id
2ffbb683-c877-419d-839d-4edbbecee0c6
site_alias
unknown site_id=null
site_name
unknown site_id=null
site_address
unknown site_id=null
primary_siem_app_name
MaxPatrol 10
siem_alias
MP-SIEM-SRV-SM.snpp.ru
Исходное событие
{
	"node": "uc-cons-a-04052.snpp.ru",
	"timestamp": "1776425625",
	"timestampfractional": "407",
	"eventid": "13367",
	"items": {
		"PROCTITLE": [
			"proctitle=2F7573722F6C69622F786F72672F586F7267002D6272002D6E6F7674737769746368002D7175696574002D6B656570747479003A3000767437002D6C6F6766696C65002F7661722F6C6F672F666C792D646D2F586F72672E25732E6C6F67002D73656174007365617430002D61757468002F7661722F72756E2F78617574682F"
		],
		"SYSCALL": [
			"arch=c000003e syscall=43 success=yes exit=86 a0=5 a1=7ffc80d362b0 a2=7ffc80d362ac a3=3c04d010 items=0 ppid=2188 pid=2339 auid=4294967295 uid=106 gid=117 euid=106 suid=106 fsuid=106 egid=117 sgid=117 fsgid=117 tty=tty7 ses=4294967295 comm=\"Xorg\" exe=\"/usr/lib/xorg/Xorg\" subj=0:0:0:0 key=\"pt_siem_api_accept\" ARCH=x86_64 SYSCALL=accept AUID=\"unset\" UID=\"fly-dm\" GID=\"fly-dm\" EUID=\"fly-dm\" SUID=\"fly-dm\" FSUID=\"fly-dm\" EGID=\"fly-dm\" SGID=\"fly-dm\" FSGID=\"fly-dm\""
		],
		"SOCKADDR": [
			"saddr=0100 SADDR={ fam=local path=0 }"
		]
	}
}
event_src.vendor
unix_like
event_src.title
unix_like
event_src.subsys
auditd
event_src.rule
pt_siem_proc
event_src.category
Operating system
origin_app_name
MaxPatrol 10
origin_app_alias
MP_smnpp-7
origin_app_id
1aea1c5e-34c0-0001-0000-000000000004
primary_siem_app_alias
MP_smnpp-7
primary_siem_app_id
1aea1c5e-34c0-0001-0000-000000000004
storage_app_name
MaxPatrol 10
storage_app_alias
MP_smnpp-7
storage_app_id
1aea1c5e-34c0-0001-0000-000000000004
Точка сбора
recv_asset
uc-cons-a-04052.snpp.ru (192.168.76.5)
recv_ipv4
192.168.76.5
recv_time
17.04.2026, 14:33:42
Служебные данные
id
PT_UNIX_like_auditd_syslog_structured_syscall_file_operations
uuid
4989fdec-3a51-11f1-9ba2-1866dab1ac7f
agent_id
06cd157c-8abd-4e6c-aac8-3abf2d0c37f5
input_id
cd005391-afde-43f3-91e1-330921234b56
task_id
1b0df851-3fc0-0001-0000-00000000059b
normalized
true
tag
syslog
mime
application/json
taxonomy_version
27.0.859-release-27.0
generator.type
logcollector
historical
false
original_time
17.04.2026, 14:33:39
incorrect_time
false
scope_id
00000000-0000-0000-0000-000000000005
tenant_id
002ebd2c-f8b1-408d-be7e-de55372add12
_checkpoint
659053371039
_presentation
3fa85f64-5717-4562-b3fc-2c963f66afa6
job_id
af9a3b6f-5987-469a-962a-2f5bc06ae6f2
labels
enr_unix_obj_acc_domain|enr_unix_obj_acc_provider|enr_unix_subj_acc_domain|enr_unix_subj_acc_provider
remote
false
siem_id
2ffbb683-c877-419d-839d-4edbbecee0c6
site_alias
unknown site_id=null
site_name
unknown site_id=null
site_address
unknown site_id=null
primary_siem_app_name
MaxPatrol 10
siem_alias
MP-SIEM-SRV-SM.snpp.ru
Исходное событие
{
	"node": "uc-cons-a-04052.snpp.ru",
	"timestamp": "1776425619",
	"timestampfractional": "075",
	"eventid": "13178",
	"items": {
		"PROCTITLE": [
			"proctitle=\"/usr/bin/chromium-gost-stable\""
		],
		"PATH": [
			"item=0 name=\"/proc/5784/stat\" inode=29971 dev=00:15 mode=0100444 ouid=1945433271 ogid=1945400513 rdev=00:00 obj=0:0:0:0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID=\"kileikinav\" OGID=D0BFD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD0B820D0B4D0BED0BCD0B5D0BDD0B0"
		],
		"SYSCALL": [
			"arch=c000003e syscall=257 success=yes exit=149 a0=ffffff9c a1=7ffd10d2ab90 a2=80000 a3=0 items=1 ppid=4132 pid=5353 auid=1945433271 uid=1945433271 gid=1945400513 euid=1945433271 suid=1945433271 fsuid=1945433271 egid=1945400513 sgid=1945400513 fsgid=1945400513 tty=(none) ses=3 comm=\"chrome\" exe=\"/opt/chromium-gost/chrome\" subj=0:0:0:0 key=\"pt_siem_proc\" ARCH=x86_64 SYSCALL=openat AUID=\"kileikinav\" UID=\"kileikinav\" GID=D0BFD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD0B820D0B4D0BED0BCD0B5D0BDD0B0 EUID=\"kileikinav\" SUID=\"kileikinav\" FSUID=\"kileikinav\" EGID=D0BFD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD0B820D0B4D0BED0BCD0B5D0BDD0B0 SGID=D0BFD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD0B820D0B4D0BED0BCD0B5D0BDD0B0 FSGID=D0BFD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD0B820D0B4D0BED0BCD0B5D0BDD0B0"
		],
		"CWD": [
			"cwd=\"/home/snpp.ru/kileikinav\""
		]
	}
}
Больше возможностей при регистрации:
