Skip to content

Commit

Permalink
updated mv queries
Browse files Browse the repository at this point in the history 
Signed-off-by: Amardeepsingh Siglani <[email protected]>
  • Loading branch information
@amsiglan
amsiglan committed Jun 12, 2024
1 parent 8672013 commit d0075e5
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 37 deletions.
54 changes: 27 additions & 27 deletions ...data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail_security_lake_2_0-1.0.0.sql
View file
Original file line number Diff line number Diff line change
@@ -1,44 +1,44 @@
CREATE MATERIALIZED VIEW {table_name}__mview AS
SELECT
CAST(IFNULL(`actor.user.type`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.type`,
CAST(IFNULL(`actor.user.uid_alt`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.principalId`,
CAST(IFNULL(`actor.user.uid`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.arn`,
CAST(IFNULL(`actor.user.account.uid`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.accountId`,
CAST(IFNULL(`actor.invoked_by`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.invokedBy`,
CAST(IFNULL(`actor.user.credential_uid`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.accessKeyId`,
CAST(IFNULL(`actor.user.name`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.userName`,
CAST(IFNULL(`actor.session.is_mfa`, False) AS BOOLEAN) AS `aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated`,
CAST(IFNULL(actor.user.type, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.type`,
CAST(IFNULL(actor.user.uid_alt, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.principalId`,
CAST(IFNULL(actor.user.uid, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.arn`,
CAST(IFNULL(actor.user.account.uid, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.accountId`,
CAST(IFNULL(actor.invoked_by, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.invokedBy`,
CAST(IFNULL(actor.user.credential_uid, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.accessKeyId`,
CAST(IFNULL(actor.user.name, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.userName`,
CAST(IFNULL(actor.session.is_mfa, false) AS BOOLEAN) AS `aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated`,
CAST( actor.session.created_time_dt AS TIMESTAMP) AS `aws.cloudtrail.userIdentity.sessionContext.attributes.creationDate`,
CAST(IFNULL(unmapped['userIdentity.sessionContext.sessionIssuer.type'], 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type`,
CAST(IFNULL(unmapped['userIdentity.sessionContext.sessionIssuer.principalId'], 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId`,
CAST(IFNULL(`actor.session.issuer`, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn`,
CAST(IFNULL(actor.session.issuer, 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn`,
CAST(IFNULL(unmapped['userIdentity.sessionContext.sessionIssuer.accountId'], 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId`,
CAST(IFNULL(unmapped['userIdentity.sessionContext.sessionIssuer.userName'], 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName`,
CAST(IFNULL(unmapped['userIdentity.sessionContext.ec2RoleDelivery'], 'Unknown') AS STRING) AS `aws.cloudtrail.userIdentity.sessionContext.ec2RoleDelivery`,

CAST(IFNULL(`metadata.product.version`, 'Unknown') AS STRING) AS `aws.cloudtrail.eventVersion`,
CAST(IFNULL(metadata.product.version, 'Unknown') AS STRING) AS `aws.cloudtrail.eventVersion`,
CAST( time AS TIMESTAMP) AS `@timestamp`,
CAST(IFNULL(`api.service.name`, 'Unknown') AS STRING) AS `aws.cloudtrail.eventSource`,
CAST(IFNULL(`api.operation`, 'Unknown') AS STRING) AS `aws.cloudtrail.eventName`,
CAST(IFNULL(`metadata.product.feature.name`, 'Unknown') AS STRING) AS `aws.cloudtrail.eventCategory`,
CAST(IFNULL(`metadata.event_code`, 'Unknown') AS STRING) AS `aws.cloudtrail.eventType`,
CAST(IFNULL(`metadata.uid`, 'Unknown') AS STRING) AS `aws.cloudtrail.eventId`,
CAST(IFNULL(api.service.name, 'Unknown') AS STRING) AS `aws.cloudtrail.eventSource`,
CAST(IFNULL(api.operation, 'Unknown') AS STRING) AS `aws.cloudtrail.eventName`,
CAST(IFNULL(metadata.product.feature.name, 'Unknown') AS STRING) AS `aws.cloudtrail.eventCategory`,
CAST(IFNULL(metadata.event_code, 'Unknown') AS STRING) AS `aws.cloudtrail.eventType`,
CAST(IFNULL(metadata.uid, 'Unknown') AS STRING) AS `aws.cloudtrail.eventId`,

CAST(IFNULL(`cloud.region`, 'Unknown') AS STRING) AS `aws.cloudtrail.awsRegion`,
CAST(IFNULL(`src_endpoint.ip`, '0.0.0.0') AS STRING) AS `aws.cloudtrail.sourceIPAddress`,
CAST(IFNULL(`http_request.user_agent`, 'Unknown') AS STRING) AS `aws.cloudtrail.userAgent`,
CAST(IFNULL(`api.response.error`, 'Unknown') AS STRING) AS `errorCode`,
CAST(IFNULL(`api.response.message`, 'Unknown') AS STRING) AS `errorMessage`,
CAST(IFNULL(`api.request.data`, 'Unknown') AS STRING) AS `aws.cloudtrail.requestParameter`,
CAST(IFNULL(`api.response.data`, 'Unknown') AS STRING) AS `aws.cloudtrail.responseElements`,
CAST(IFNULL(`dst_endpoint.svc_name`, 'Unknown') AS STRING) AS `aws.cloudtrail.additionalEventData`,
CAST(IFNULL(`api.request.uid`, 'Unknown') AS STRING) AS `aws.cloudtrail.requestId`,
CAST(IFNULL(cloud.region, 'Unknown') AS STRING) AS `aws.cloudtrail.awsRegion`,
CAST(IFNULL(src_endpoint.ip, '0.0.0.0') AS STRING) AS `aws.cloudtrail.sourceIPAddress`,
CAST(IFNULL(http_request.user_agent, 'Unknown') AS STRING) AS `aws.cloudtrail.userAgent`,
CAST(IFNULL(api.response.error, 'Unknown') AS STRING) AS `errorCode`,
CAST(IFNULL(api.response.message, 'Unknown') AS STRING) AS `errorMessage`,
CAST(IFNULL(api.request.data, 'Unknown') AS STRING) AS `aws.cloudtrail.requestParameter`,
CAST(IFNULL(api.response.data, 'Unknown') AS STRING) AS `aws.cloudtrail.responseElements`,
CAST(IFNULL(dst_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.cloudtrail.additionalEventData`,
CAST(IFNULL(api.request.uid, 'Unknown') AS STRING) AS `aws.cloudtrail.requestId`,
resources AS `aws.cloudtrail.resources`,
CAST(IFNULL(`api.version`, 'Unknown') AS STRING) AS `aws.cloudtrail.apiVersion`,
CAST(IFNULL(unmapped['readOnly'], False) AS BOOLEAN) AS `aws.cloudtrail.readOnly`,
CAST(IFNULL(api.version, 'Unknown') AS STRING) AS `aws.cloudtrail.apiVersion`,
CAST(IFNULL(unmapped['readOnly'], 'Unknown') AS STRING) AS `aws.cloudtrail.readOnly`,
CAST(IFNULL(unmapped['recipientAccountId'], 0) AS LONG) AS `aws.cloudtrail.recipientAccountId`,
CAST(IFNULL(unmapped['sharedEventId'], 'Unknown') AS STRING) AS `aws.cloudtrail.sharedEventId`,
CAST(IFNULL(`src_endpoint.uid`, 'Unknown') AS STRING) AS `aws.cloudtrail.vpcEndpointId`,
CAST(IFNULL(src_endpoint.uid, 'Unknown') AS STRING) AS `aws.cloudtrail.vpcEndpointId`,
CAST(IFNULL(unmapped['tlsDetails.tlsVersion'], 'Unknown') AS STRING) AS `aws.cloudtrail.tlsDetails.tls_version`,
CAST(IFNULL(unmapped['tlsDetails.cipherSuite'], 'Unknown') AS STRING) AS `aws.cloudtrail.tlsDetailscipher_suite`,
CAST(IFNULL(unmapped['tlsDetails.clientProvidedHostHeader'], 'Unknown') AS STRING) AS `aws.cloudtrail.tlsDetailsclient_provided_host_header`
Expand Down
20 changes: 10 additions & 10 deletions ...ors/integrations/__data__/repository/aws_waf/assets/create_mv_security_lake_2_0-1.0.0.sql
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
CREATE MATERIALIZED VIEW {table_name}__mview AS
SELECT
CAST(FROM_UNIXTIME(`time`/ 1000) AS TIMESTAMP) AS `@timestamp`,
CAST(IFNULL(`metadata.product.version`, 'Unknown') AS STRING) AS `aws.waf.formatVersion`,
CAST(IFNULL(`metadata.product.feature.uid`, 'Unknown') AS STRING) AS `aws.waf.webaclId`,
CAST(IFNULL(`firewall_rule.uid`, 'Unknown') AS STRING) AS `aws.waf.terminatingRuleId`,
CAST(IFNULL(`firewall_rule.type`, 'Unknown') AS STRING) AS `aws.waf.terminatingRuleType`,
CAST(IFNULL(metadata.product.version, 'Unknown') AS STRING) AS `aws.waf.formatVersion`,
CAST(IFNULL(metadata.product.feature.uid, 'Unknown') AS STRING) AS `aws.waf.webaclId`,
CAST(IFNULL(firewall_rule.uid, 'Unknown') AS STRING) AS `aws.waf.terminatingRuleId`,
CAST(IFNULL(firewall_rule.type, 'Unknown') AS STRING) AS `aws.waf.terminatingRuleType`,
CAST(IFNULL(action, 'Unknown') AS STRING) AS `aws.waf.action`,
CAST(IFNULL(`src_endpoint.svc_name`, 'Unknown') AS STRING) AS `aws.waf.httpSourceName`,
CAST(IFNULL(`src_endpoint.uid`, 'Unknown') AS STRING) AS `aws.waf.httpSourceId`,
ruleGroupList AS `aws.waf.ruleGroupList`,
CAST(IFNULL(src_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.waf.httpSourceName`,
CAST(IFNULL(src_endpoint.uid, 'Unknown') AS STRING) AS `aws.waf.httpSourceId`,
unmapped['ruleGroupList'] AS `aws.waf.ruleGroupList`,
unmapped['rateBasedRuleList'] AS `aws.waf.rateBasedRuleList`,
nonTerminatingMatchingRules AS `aws.waf.nonTerminatingMatchingRules`,
CAST(IFNULL(`http_status`, 0) AS LONG) AS `aws.waf.responseCodeSent`,
httpRequest AS `aws.waf.httpRequest`,
unmapped['nonTerminatingMatchingRules'] AS `aws.waf.nonTerminatingMatchingRules`,
CAST(IFNULL(http_status, 0) AS LONG) AS `aws.waf.responseCodeSent`,
unmapped['httpRequest'] AS `aws.waf.httpRequest`,
metadata.labels AS `aws.waf.labels`,
unmapped['captchaResponse'] AS `aws.waf.captchaResponse`
FROM
Expand Down

0 comments on commit d0075e5

Please sign in to comment.