Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Search another article?

Playbooks – Retrieve logs (alternative mode)

You are here:
< Back

Use Playbooks to retrieve logs (alternative mode)

Sometimes the application insert some junk information that are not useful in the logs.
Here a description on how to collect the important information:

Playbooks - Retrieve logs (alternative mode)

In our example there are some values like: current_link, next_link and last_log_item_generation that are excluded

Last start key: means the array where our values are stored, here an example of the scructure:

"security_events":[{event1}, {event2}, ... {eventN}]

Timestamp key: means the key that indicate the timestamp. in our example we put message.detection_time because detection_time is a key nested in message

Timestamp format: means the format of our timestamp.