cyberarkpas: Fix handling of non-array CAProperty

packages/cyberarkpas/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.3.2"
+  changes:
+    - description: Fix error ingesting events with a single entry in the CAProperties field
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2965
 - version: "2.3.1"
   changes:
     - description: Add documentation for multi-fields

packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json

@@ -30,7 +30,6 @@
             "event": {
                 "action": "add file category",
                 "code": "105",
-                "ingested": "2022-02-03T12:42:08.641873855Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-08T18:24:49Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 08 10:24:49\",\"IsoTimestamp\":\"2021-03-08T18:24:49Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"105\",\"Desc\":\"Add File Category\",\"Severity\":\"Info\",\"Issuer\":\"Administrator\",\"Action\":\"Add File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"Test\",\"File\":\"Root\\\\Operating System-WinDesktopLocal-Address-adriansr\",\"Station\":\"127.0.0.1\",\"Location\":\"\",\"Category\":\"Address\",\"RequestId\":\"\",\"Reason\":\"Value=[Address]\",\"ExtraDetails\":\"\",\"Message\":\"Add File Category\",\"GatewayStation\":\"10.0.1.20\"}}}",
                 "severity": 2
@@ -93,7 +92,6 @@
             "event": {
                 "action": "add file category",
                 "code": "105",
-                "ingested": "2022-02-03T12:42:08.641881194Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-10T09:11:54Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 10 01:11:54\",\"IsoTimestamp\":\"2021-03-10T09:11:54Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"105\",\"Desc\":\"Add File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMPApp_localhost.localdomain\",\"Action\":\"Add File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMPLiveSessions\",\"File\":\"Root\\\\PSMPApp_localhost.localdomain.LiveSessions\",\"Station\":\"67.43.156.13\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Add File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -161,7 +159,6 @@
             "event": {
                 "action": "add file category",
                 "code": "105",
-                "ingested": "2022-02-03T12:42:08.641882228Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-10T18:46:48Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 10 10:46:48\",\"IsoTimestamp\":\"2021-03-10T18:46:48Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"105\",\"Desc\":\"Add File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMApp_VAGRANT\",\"Action\":\"Add File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMLiveSessions\",\"File\":\"Root\\\\PSMServer.LiveSessions\",\"Station\":\"67.43.156.13\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Add File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -230,7 +227,6 @@
             "event": {
                 "action": "add file category",
                 "code": "105",
-                "ingested": "2022-02-03T12:42:08.641883015Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-10T22:17:26Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 10 14:17:26\",\"IsoTimestamp\":\"2021-03-10T22:17:26Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"105\",\"Desc\":\"Add File Category\",\"Severity\":\"Info\",\"Issuer\":\"Administrator\",\"Action\":\"Add File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSM\",\"File\":\"Root\\\\PSM-ASR-CYBERARK-WI\",\"Station\":\"67.43.156.14\",\"Location\":\"\",\"Category\":\"LogonDomain\",\"RequestId\":\"\",\"Reason\":\"Value=[ASR-CYBERARK-WI]\",\"ExtraDetails\":\"\",\"Message\":\"Add File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -298,7 +294,6 @@
             "event": {
                 "action": "add file category",
                 "code": "105",
-                "ingested": "2022-02-03T12:42:08.641883798Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-10T22:20:12Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 10 14:20:12\",\"IsoTimestamp\":\"2021-03-10T22:20:12Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"105\",\"Desc\":\"Add File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMApp_ASR-WIN\",\"Action\":\"Add File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMLiveSessions\",\"File\":\"Root\\\\PSM-ASR-CYBERARK-WI.LiveSessions\",\"Station\":\"67.43.156.14\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Add File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -367,7 +362,6 @@
             "event": {
                 "action": "add file category",
                 "code": "105",
-                "ingested": "2022-02-03T12:42:08.641884548Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-11T16:59:58Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"raw\":\"\u003csyslog\u003e\\n\\n  \u003caudit_record\u003e\\n    \u003cRfc5424\u003eyes\u003c/Rfc5424\u003e\\n    \u003cTimestamp\u003eMar 11 08:59:58\u003c/Timestamp\u003e\\n    \u003cIsoTimestamp\u003e2021-03-11T16:59:58Z\u003c/IsoTimestamp\u003e\\n    \u003cHostname\u003eVAULT\u003c/Hostname\u003e\\n    \u003cVendor\u003eCyber-Ark\u003c/Vendor\u003e\\n    \u003cProduct\u003eVault\u003c/Product\u003e\\n    \u003cVersion\u003e11.7.0000\u003c/Version\u003e\\n    \u003cMessageID\u003e105\u003c/MessageID\u003e\\n    \u003cDesc\u003eAdd File Category\u003c/Desc\u003e\\n    \u003cSeverity\u003eInfo\u003c/Severity\u003e\\n    \u003cIssuer\u003ePSMPApp_VAGRANT\u003c/Issuer\u003e\\n    \u003cAction\u003eAdd File Category\u003c/Action\u003e\\n    \u003cSourceUser\u003e\u003c/SourceUser\u003e\\n    \u003cTargetUser\u003e\u003c/TargetUser\u003e\\n    \u003cSafe\u003ePSMPLiveSessions\u003c/Safe\u003e\\n    \u003cFile\u003eRoot\\\\PSMPApp_VAGRANT.LiveSessions\u003c/File\u003e\\n    \u003cStation\u003e67.43.156.13\u003c/Station\u003e\\n    \u003cLocation\u003e\u003c/Location\u003e\\n    \u003cCategory\u003e_PSMLiveSessions_1\u003c/Category\u003e\\n    \u003cRequestId\u003e\u003c/RequestId\u003e\\n    \u003cReason\u003e\u003c/Reason\u003e\\n    \u003cExtraDetails\u003e\u003c/ExtraDetails\u003e\\n    \u003cMessage\u003eAdd File Category\u003c/Message\u003e\\n    \u003cGatewayStation\u003e\u003c/GatewayStation\u003e\\n  \u003c/audit_record\u003e\\n\\n\u003c/syslog\u003e\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 11 08:59:58\",\"IsoTimestamp\":\"2021-03-11T16:59:58Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"105\",\"Desc\":\"Add File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMPApp_VAGRANT\",\"Action\":\"Add File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMPLiveSessions\",\"File\":\"Root\\\\PSMPApp_VAGRANT.LiveSessions\",\"Station\":\"67.43.156.13\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Add File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2

packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json

@@ -30,7 +30,6 @@
             "event": {
                 "action": "update file category",
                 "code": "106",
-                "ingested": "2022-02-03T12:42:10.047885354Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-08T18:25:52Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 08 10:25:52\",\"IsoTimestamp\":\"2021-03-08T18:25:52Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"106\",\"Desc\":\"Update File Category\",\"Severity\":\"Info\",\"Issuer\":\"Administrator\",\"Action\":\"Update File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"Test\",\"File\":\"Root\\\\Operating System-WinDesktopLocal-Address-adriansr\",\"Station\":\"127.0.0.1\",\"Location\":\"\",\"Category\":\"Address\",\"RequestId\":\"\",\"Reason\":\"Value=[components] Old Value=[Address]\",\"ExtraDetails\":\"\",\"Message\":\"Update File Category\",\"GatewayStation\":\"10.0.1.20\"}}}",
                 "severity": 2
@@ -93,7 +92,6 @@
             "event": {
                 "action": "update file category",
                 "code": "106",
-                "ingested": "2022-02-03T12:42:10.047887687Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-10T18:46:48Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 10 10:46:48\",\"IsoTimestamp\":\"2021-03-10T18:46:48Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"106\",\"Desc\":\"Update File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMApp_VAGRANT\",\"Action\":\"Update File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMLiveSessions\",\"File\":\"Root\\\\PSMServer.LiveSessions\",\"Station\":\"67.43.156.13\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Update File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -161,7 +159,6 @@
             "event": {
                 "action": "update file category",
                 "code": "106",
-                "ingested": "2022-02-03T12:42:10.047888557Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-10T22:20:12Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 10 14:20:12\",\"IsoTimestamp\":\"2021-03-10T22:20:12Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"106\",\"Desc\":\"Update File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMApp_ASR-WIN\",\"Action\":\"Update File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMLiveSessions\",\"File\":\"Root\\\\PSM-ASR-CYBERARK-WI.LiveSessions\",\"Station\":\"67.43.156.14\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Update File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -230,7 +227,6 @@
             "event": {
                 "action": "update file category",
                 "code": "106",
-                "ingested": "2022-02-03T12:42:10.047889326Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-11T17:38:26Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"raw\":\"\u003csyslog\u003e\\n\\n  \u003caudit_record\u003e\\n    \u003cRfc5424\u003eyes\u003c/Rfc5424\u003e\\n    \u003cTimestamp\u003eMar 11 09:38:26\u003c/Timestamp\u003e\\n    \u003cIsoTimestamp\u003e2021-03-11T17:38:26Z\u003c/IsoTimestamp\u003e\\n    \u003cHostname\u003eVAULT\u003c/Hostname\u003e\\n    \u003cVendor\u003eCyber-Ark\u003c/Vendor\u003e\\n    \u003cProduct\u003eVault\u003c/Product\u003e\\n    \u003cVersion\u003e11.7.0000\u003c/Version\u003e\\n    \u003cMessageID\u003e106\u003c/MessageID\u003e\\n    \u003cDesc\u003eUpdate File Category\u003c/Desc\u003e\\n    \u003cSeverity\u003eInfo\u003c/Severity\u003e\\n    \u003cIssuer\u003ePSMPApp_VAGRANT\u003c/Issuer\u003e\\n    \u003cAction\u003eUpdate File Category\u003c/Action\u003e\\n    \u003cSourceUser\u003e\u003c/SourceUser\u003e\\n    \u003cTargetUser\u003e\u003c/TargetUser\u003e\\n    \u003cSafe\u003ePSMRecordings\u003c/Safe\u003e\\n    \u003cFile\u003eroot\\\\87012dcc-8290-11eb-949e-080027efd402.session\u003c/File\u003e\\n    \u003cStation\u003e67.43.156.13\u003c/Station\u003e\\n    \u003cLocation\u003e\u003c/Location\u003e\\n    \u003cCategory\u003ePSMStatus\u003c/Category\u003e\\n    \u003cRequestId\u003e\u003c/RequestId\u003e\\n    \u003cReason\u003e\u003c/Reason\u003e\\n    \u003cExtraDetails\u003e\u003c/ExtraDetails\u003e\\n    \u003cMessage\u003eUpdate File Category\u003c/Message\u003e\\n    \u003cGatewayStation\u003e\u003c/GatewayStation\u003e\\n  \u003c/audit_record\u003e\\n\\n\u003c/syslog\u003e\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 11 09:38:26\",\"IsoTimestamp\":\"2021-03-11T17:38:26Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"106\",\"Desc\":\"Update File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMPApp_VAGRANT\",\"Action\":\"Update File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMRecordings\",\"File\":\"root\\\\87012dcc-8290-11eb-949e-080027efd402.session\",\"Station\":\"67.43.156.13\",\"Location\":\"\",\"Category\":\"PSMStatus\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Update File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -299,7 +295,6 @@
             "event": {
                 "action": "update file category",
                 "code": "106",
-                "ingested": "2022-02-03T12:42:10.047890093Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-11T20:10:33Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"raw\":\"\u003csyslog\u003e\\n\\n  \u003caudit_record\u003e\\n    \u003cRfc5424\u003eyes\u003c/Rfc5424\u003e\\n    \u003cTimestamp\u003eMar 11 12:10:33\u003c/Timestamp\u003e\\n    \u003cIsoTimestamp\u003e2021-03-11T20:10:33Z\u003c/IsoTimestamp\u003e\\n    \u003cHostname\u003eVAULT\u003c/Hostname\u003e\\n    \u003cVendor\u003eCyber-Ark\u003c/Vendor\u003e\\n    \u003cProduct\u003eVault\u003c/Product\u003e\\n    \u003cVersion\u003e11.7.0000\u003c/Version\u003e\\n    \u003cMessageID\u003e106\u003c/MessageID\u003e\\n    \u003cDesc\u003eUpdate File Category\u003c/Desc\u003e\\n    \u003cSeverity\u003eInfo\u003c/Severity\u003e\\n    \u003cIssuer\u003ePSMApp_ASR-WIN\u003c/Issuer\u003e\\n    \u003cAction\u003eUpdate File Category\u003c/Action\u003e\\n    \u003cSourceUser\u003e\u003c/SourceUser\u003e\\n    \u003cTargetUser\u003e\u003c/TargetUser\u003e\\n    \u003cSafe\u003ePSMLiveSessions\u003c/Safe\u003e\\n    \u003cFile\u003eRoot\\\\PSM-ASR-CYBERARK-WI.LiveSessions\u003c/File\u003e\\n    \u003cStation\u003e67.43.156.15\u003c/Station\u003e\\n    \u003cLocation\u003e\u003c/Location\u003e\\n    \u003cCategory\u003e_PSMLiveSessions_1\u003c/Category\u003e\\n    \u003cRequestId\u003e\u003c/RequestId\u003e\\n    \u003cReason\u003e\u003c/Reason\u003e\\n    \u003cExtraDetails\u003e\u003c/ExtraDetails\u003e\\n    \u003cMessage\u003eUpdate File Category\u003c/Message\u003e\\n    \u003cGatewayStation\u003e\u003c/GatewayStation\u003e\\n  \u003c/audit_record\u003e\\n\\n\u003c/syslog\u003e\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 11 12:10:33\",\"IsoTimestamp\":\"2021-03-11T20:10:33Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"106\",\"Desc\":\"Update File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMApp_ASR-WIN\",\"Action\":\"Update File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMLiveSessions\",\"File\":\"Root\\\\PSM-ASR-CYBERARK-WI.LiveSessions\",\"Station\":\"67.43.156.15\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Update File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2
@@ -368,7 +363,6 @@
             "event": {
                 "action": "update file category",
                 "code": "106",
-                "ingested": "2022-02-03T12:42:10.047890857Z",
                 "kind": "event",
                 "original": "\u003c5\u003e1 2021-03-14T13:49:38Z VAULT {\"format\":\"elastic\",\"version\":\"1.0\",\"raw\":\"\u003csyslog\u003e\\n\\n  \u003caudit_record\u003e\\n    \u003cRfc5424\u003eyes\u003c/Rfc5424\u003e\\n    \u003cTimestamp\u003eMar 14 06:49:38\u003c/Timestamp\u003e\\n    \u003cIsoTimestamp\u003e2021-03-14T13:49:38Z\u003c/IsoTimestamp\u003e\\n    \u003cHostname\u003eVAULT\u003c/Hostname\u003e\\n    \u003cVendor\u003eCyber-Ark\u003c/Vendor\u003e\\n    \u003cProduct\u003eVault\u003c/Product\u003e\\n    \u003cVersion\u003e11.7.0000\u003c/Version\u003e\\n    \u003cMessageID\u003e106\u003c/MessageID\u003e\\n    \u003cDesc\u003eUpdate File Category\u003c/Desc\u003e\\n    \u003cSeverity\u003eInfo\u003c/Severity\u003e\\n    \u003cIssuer\u003ePSMPApp_SSH\u003c/Issuer\u003e\\n    \u003cAction\u003eUpdate File Category\u003c/Action\u003e\\n    \u003cSourceUser\u003e\u003c/SourceUser\u003e\\n    \u003cTargetUser\u003e\u003c/TargetUser\u003e\\n    \u003cSafe\u003ePSMPLiveSessions\u003c/Safe\u003e\\n    \u003cFile\u003eRoot\\\\PSMPApp_SSH.LiveSessions\u003c/File\u003e\\n    \u003cStation\u003e67.43.156.15\u003c/Station\u003e\\n    \u003cLocation\u003e\u003c/Location\u003e\\n    \u003cCategory\u003e_PSMLiveSessions_1\u003c/Category\u003e\\n    \u003cRequestId\u003e\u003c/RequestId\u003e\\n    \u003cReason\u003e\u003c/Reason\u003e\\n    \u003cExtraDetails\u003e\u003c/ExtraDetails\u003e\\n    \u003cMessage\u003eUpdate File Category\u003c/Message\u003e\\n    \u003cGatewayStation\u003e\u003c/GatewayStation\u003e\\n  \u003c/audit_record\u003e\\n\\n\u003c/syslog\u003e\",\"syslog\":{\"audit_record\":{\"Rfc5424\":\"yes\",\"Timestamp\":\"Mar 14 06:49:38\",\"IsoTimestamp\":\"2021-03-14T13:49:38Z\",\"Hostname\":\"VAULT\",\"Vendor\":\"Cyber-Ark\",\"Product\":\"Vault\",\"Version\":\"11.7.0000\",\"MessageID\":\"106\",\"Desc\":\"Update File Category\",\"Severity\":\"Info\",\"Issuer\":\"PSMPApp_SSH\",\"Action\":\"Update File Category\",\"SourceUser\":\"\",\"TargetUser\":\"\",\"Safe\":\"PSMPLiveSessions\",\"File\":\"Root\\\\PSMPApp_SSH.LiveSessions\",\"Station\":\"67.43.156.15\",\"Location\":\"\",\"Category\":\"_PSMLiveSessions_1\",\"RequestId\":\"\",\"Reason\":\"\",\"ExtraDetails\":\"\",\"Message\":\"Update File Category\",\"GatewayStation\":\"\"}}}",
                 "severity": 2