splunk · siddharth-khatsuriya · Dec 11, 2024 · Dec 6, 2024
@@ -70,6 +70,11 @@
           "validity": "if(isnum(response_time) and response_time>0 AND response_time<3600,response_time,null())",
           "comment": "The amount of time it took to receive a response in the authentication event, in seconds."
         },
+        {
+          "name": "session_id",
+          "type": "optional",
+          "comment": "The unique identifier assigned to the login session."
+        },
         {
           "name": "signature",
           "type": "optional",

@@ -74,7 +74,7 @@
         {
           "name": "signature",
           "type": "required",
-          "comment": "The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre. This is a string value. Use a signature_id field (not included in this data model) for numeric indicators."
+          "comment": "The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre."
         },
         {
           "name": "signature_id",

@@ -187,7 +187,7 @@
           "type": "conditional",
           "condition": "protocol=ip",
           "expected_values": ["ipv4", "ipv6"],
-          "comment": "Version of the OSI layer 3 protocol."
+          "comment": "Version of the OSI layer 3 protocol, in lower case."
         },
         {
           "name": "response_time",

@@ -78,7 +78,7 @@
                         {
                             "name": "power",
                             "type": "optional",
-                            "comment": "Amount of power consumed by the facilities resource, in Kw\/h."
+                            "comment": "Amount of power consumed by the facilities resource, in kW."
                         },
                         {
                             "name": "fan_speed",