digital guardian - update connector and parser

2021-07-06 13:33:23 +03:00 · 2021-07-06 13:33:23 +03:00 · f1c6c30dbb
--- a/Connectors/Connector_DigitalGuardian_Syslog.json
+++ b/Connectors/Connector_DigitalGuardian_Syslog.json
@ -7,7 +7,7 @@
    "graphQueries": [
        {
            "metricName": "Total data received",
-            "legend": "Syslog (DigitalGuardianDLPEvent)",
+            "legend": "DigitalGuardianDLPEvent",
            "baseQuery": "DigitalGuardianDLPEvent"
        }
    ],
--- a/Solutions/DigitalGuardianDLP/Parsers/DigitalGuardianDLPEvent.txt
+++ b/Solutions/DigitalGuardianDLP/Parsers/DigitalGuardianDLPEvent.txt
@ -7,7 +7,7 @@ Syslog
 | where SyslogMessage contains 'managed_device_id' and SyslogMessage contains 'number_of_incidents'
 | mv-apply ExtractedFields = extract_all(@'\s(?P<key>[a-zA-Z0-9-_]+)=\"?(?P<value>[a-zA-Z0-9-_:/@.,#{}>< ]+)\"?', dynamic(["key","value"]), SyslogMessage) on (
    project packed = pack(tostring(ExtractedFields[0]), tostring(ExtractedFields[1]))
-    | summarize bag = make_bag(p)
+    | summarize bag = make_bag(packed)
 )
 | evaluate bag_unpack(bag)
 | extend EventEndTime=todatetime(timestamp)