Azure · v-atulyadav · May 16, 2024 · Apr 26, 2024 · Apr 26, 2024 · Apr 26, 2024
@@ -0,0 +1,49 @@
+{
+    "name": "Illumio_Auditable_Events_CL",
+    "Properties": [
+        {
+            "name": "TimeGenerated",
+            "type": "DateTime"
+        },
+        {
+            "name": "href",
+            "type": "String"
+        },
+        {
+            "name": "pce_fqdn",
+            "type": "String"
+        },
+        {
+            "name": "created_by",
+            "type": "dynamic"
+        },
+        {
+            "name": "event_type",
+            "type": "String"
+        },
+        {
+            "name": "status",
+            "type": "String"
+        },
+        {
+            "name": "severity",
+            "type": "String"
+        },
+        {
+            "name": "action",
+            "type": "dynamic"
+        },
+        {
+            "name": "resource_changes",
+            "type": "dynamic"
+        },
+        {
+            "name": "notifications",
+            "type": "dynamic"
+        },
+        {
+            "name": "version",
+            "type": "int"
+        }
+    ]
+}
@@ -0,0 +1,125 @@
+{
+    "name": "Illumio_Flow_Events_CL",
+    "Properties": [
+        {
+            "name": "TimeGenerated",
+            "type": "datetime"
+        },
+        {
+            "name": "dst_dbi",
+            "type": "int"
+        },
+        {
+            "name": "dst_dbo",
+            "type": "int"
+        },
+        {
+            "name": "dst_tbi",
+            "type": "int"
+        },
+        {
+            "name": "dst_tbo",
+            "type": "int"
+        },
+        {
+            "name": "ddms",
+            "type": "int"
+        },
+        {
+            "name": "tdms",
+            "type": "int"
+        },
+        {
+            "name": "pn",
+            "type": "string"
+        },
+        {
+            "name": "un",
+            "type": "string"
+        },
+        {
+            "name": "src_ip",
+            "type": "string"
+        },
+        {
+            "name": "dst_ip",
+            "type": "string"
+        },
+        {
+            "name": "class",
+            "type": "string"
+        },
+        {
+            "name": "proto",
+            "type": "int"
+        },
+        {
+            "name": "dst_port",
+            "type": "int"
+        },
+        {
+            "name": "flow_count",
+            "type": "int"
+        },
+        {
+            "name": "dir",
+            "type": "string"
+        },
+        {
+            "name": "org_id",
+            "type": "int"
+        },
+        {
+            "name": "state",
+            "type": "string"
+        },
+        {
+            "name": "pd_qualifier",
+            "type": "int"
+        },
+        {
+            "name": "pd",
+            "type": "int"
+        },
+        {
+            "name": "src_hostname",
+            "type": "string"
+        },
+        {
+            "name": "src_href",
+            "type": "string"
+        },
+        {
+            "name": "dst_hostname",
+            "type": "string"
+        },
+        {
+            "name": "dst_href",
+            "type": "string"
+        },
+        {
+            "name": "network",
+            "type": "string"
+        },
+        {
+            "name": "src_labels",
+            "type": "dynamic"
+        },
+        {
+            "name": "dst_labels",
+            "type": "dynamic"
+        },
+        {
+            "name": "interval_sec",
+            "type": "int"
+        },
+        {
+            "name": "pce_fqdn",
+            "type": "string"
+        },
+        {
+            "name": "version",
+            "type": "int"
+        }
+    ]
+}
@@ -0,0 +1,3 @@
+"TimeGenerated [Local Time]",href,"pce_fqdn","created_by","event_type",status,severity,action,"resource_changes",notifications,version,TenantId,Type,"_ResourceId"
+"4/24/2024, 1:43:34.653 PM","/orgs/1/events/0b2049f3-3bb7-4488-9669-3b9dec49cb40","2x2testvc308.ilabs.io","{""system"":{}}","request.authentication_failed",failure,err,,"[]","[{""uuid"":""96c0b3e6-12c1-4655-ab11-eeb85c3d5fac"",""notification_type"":""request.authentication_failed"",""info"":{""api_endpoint"":""/api/v26/orgs/1/agents/2/put_from_agent"",""api_method"":""PUT"",""src_ip"":""10.2.21.28""}}]",2,"d7ed0f2d-2b8e-4537-8e59-525d4d6fdd19","Illumio_Auditable_Events_CL",
+"4/24/2024, 1:46:19.772 PM","/orgs/1/events/0f4029ae-3810-4d5a-b432-6291f25193dd","2x2testvc308.ilabs.io","{""system"":{}}","request.authentication_failed",failure,err,,"[]","[{""uuid"":""a64fc1a3-b1f6-4d96-af10-87d7340316ed"",""notification_type"":""request.authentication_failed"",""info"":{""api_endpoint"":""/api/v26/orgs/1/agents/1/put_from_agent"",""api_method"":""PUT"",""src_ip"":""10.2.21.29""}}]",2,"d7ed0f2d-2b8e-4537-8e59-525d4d6fdd19","Illumio_Auditable_Events_CL"
@@ -0,0 +1,46 @@
+[
+    {
+        "href": "<href>",
+        "timestamp": "2024-04-24T00:22:18.398Z",
+        "pce_fqdn": "<fqdn>",
+        "created_by": {
+            "agent": {
+                "href": "/orgs/22/agents/2223921",
+                "hostname": "kubernetes-driver"
+            },
+            "ven": {
+                "href": "<href>",
+                "hostname": "kubernetes-driver"
+            }
+        },
+        "event_type": "workload_interfaces.update",
+        "status": "failure",
+        "severity": "err",
+        "action": {
+            "uuid": "b6234ed7-d255-4c7d-ae57-7bbcaff5cfc7",
+            "errors": [
+                {
+                    "token": "agent_clone_detected",
+                    "message": "PCE detected a cloned VEN. Resolve the clone issue, or wait for the clone state to be cleared"
+                }
+            ],
+            "api_endpoint": "FILTERED",
+            "api_method": "PUT",
+            "http_status_code": 406,
+            "src_ip": "<ip>"
+        },
+        "resource_changes": [],
+        "notifications": [
+            {
+                "uuid": "0b9d93c9-8fd6-435f-9a13-2ff380fc524e",
+                "notification_type": "request.invalid",
+                "info": {
+                    "api_endpoint": "/api/v25/orgs/22/agents/2223921/interface_statuses/update",
+                    "api_method": "PUT",
+                    "src_ip": "54.218.211.227"
+                }
+            }
+        ],
+        "version": 2
+    }
+]
@@ -0,0 +1 @@
+"TimeGenerated [Local Time]",href,"pce_fqdn","created_by","event_type",status,severity,action,"resource_changes",notifications,version,TenantId,Type,"_ResourceId"
@@ -0,0 +1,2 @@
+"TimeGenerated [Local Time]","dst_dbi","dst_dbo","dst_tbi","dst_tbo",ddms,tdms,pn,un,"src_ip","dst_ip",class,proto,"dst_port","flow_count",dir,"org_id",state,"pd_qualifier",pd,"src_hostname","src_href","dst_hostname","dst_href",network,"src_labels","dst_labels","interval_sec","pce_fqdn",version,TenantId,Type,"_ResourceId"
+"5/4/2024, 7:24:37.000 PM",1,1,1,1,1,1,,,"10.2.20.242","10.14.0.201",U,17,53,1,O,1,S,0,3,"self-serve-mnc-1-vm02","/orgs/1/workloads/6c425617-a7af-4ec8-9222-5f80bf71874a",,,Corporate,"{""app"":""App18393"",""env"":""Env33081"",""loc"":""Loc1663""}",,0,"2x2testvc308.ilabs.io",4,"d7ed0f2d-2b8e-4537-8e59-525d4d6fdd19","Illumio_Flow_Events_CL",
@@ -0,0 +1,75 @@
+[
+    {
+        "tdms": 322895,
+        "ddms": 102596,
+        "pn": "avahi-daemon",
+        "un": "avahi",
+        "src_ip": "10.2.1.45",
+        "dst_ip": "224.0.0.251",
+        "class": "M",
+        "proto": 17,
+        "dst_port": 5353,
+        "count": 1,
+        "dir": "I",
+        "org_id": 1,
+        "timestamp": "2024-05-02T01: 39: 34Z",
+        "state": "T",
+        "pd_qualifier": 0,
+        "pd": 1,
+        "dst_hostname": "self-serve-mnc-1-vm03",
+        "dst_href": "/orgs/1/workloads/34297509-9d73-48c8-8ab6-d79d12a99899",
+        "network": "Corporate",
+        "interval_sec": 118,
+        "pce_fqdn": "2x2testvc308.ilabs.io",
+        "version": 4
+    },
+    {
+        "tdms": 30000,
+        "ddms": 1808,
+        "src_ip": "10.6.8.77",
+        "dst_ip": "255.255.255.255",
+        "class": "B",
+        "proto": 17,
+        "dst_port": 67,
+        "count": 1,
+        "dir": "I",
+        "org_id": 1,
+        "timestamp": "2024-05-01T16:45:14Z",
+        "state": "T",
+        "pd_qualifier": 0,
+        "pd": 1,
+        "dst_hostname": "self-serve-mnc-1-vm03",
+        "dst_href": "/orgs/1/workloads/a36e6766-a363-4297-9557-b6166405ecb4",
+        "network": "Corporate",
+        "dst_labels": {
+            "loc": "Loc33444",
+            "role": "Role18393",
+            "app": "App64635"
+        },
+        "interval_sec": 600,
+        "pce_fqdn": "2x2testvc308.ilabs.io",
+        "version": 4
+    },
+    {
+        "tdms": 114219,
+        "ddms": 95477,
+        "src_ip": "10.6.9.204",
+        "dst_ip": "255.255.255.255",
+        "class": "B",
+        "proto": 17,
+        "dst_port": 67,
+        "count": 1,
+        "dir": "I",
+        "org_id": 1,
+        "timestamp": "2024-05-02T01: 39: 27Z",
+        "state": "T",
+        "pd_qualifier": 0,
+        "pd": 1,
+        "dst_hostname": "self-serve-mnc-1-vm03",
+        "dst_href": "/orgs/1/workloads/34297509-9d73-48c8-8ab6-d79d12a99899",
+        "network": "Corporate",
+        "interval_sec": 118,
+        "pce_fqdn": "2x2testvc308.ilabs.io",
+        "version": 4
+    }
+]
@@ -0,0 +1 @@
+"TimeGenerated [Local Time]","dst_dbi","dst_dbo","dst_tbi","dst_tbo",ddms,tdms,pn,un,"src_ip","dst_ip",class,proto,"dst_port","flow_count",dir,"org_id",state,"pd_qualifier",pd,"src_hostname","src_href","dst_hostname","dst_href",network,"src_labels","dst_labels","interval_sec","pce_fqdn",version,TenantId,Type,"_ResourceId"