Updated the parser file

Azure · Feb 13, 2025 · a05959e · a05959e
1 parent 0caee44
commit a05959e
Showing 1 changed file with 108 additions and 106 deletions.
diff --git a/Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml b/Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml
@@ -9,121 +9,123 @@ FunctionAlias: GCPCloudDNS
 FunctionQuery: |
     let GCPCloudDNS_view  = view () {
     let DNSQuery_GcpDns_empty = datatable(
-           Query:string,
-           QueryTypeName:string,
-           ResponseName:string,
-           EventResultDetails:string,
-           NetworkProtocol:string,
-           SrcIpAddr:string,
-           EventOriginalUid:string,
-           EventSeverity:string,
-           EventCount:int,
-           EventProduct:string,
-           EventVendor:string,
-           EventSchemaVersion:string,
-           Dvc:string,
-           EventType:string,
-           EventResult:string,
-           EventSubType:string,
-           EventEndTime:datetime,
-           ResponseCodeName:string,
-           Domain:string,
-           IpAddr:string,
-           EventStartTime:datetime
+           Query_e:string,
+           QueryTypeName_e:string,
+           ResponseName_e:string,
+           EventResultDetails_e:string,
+           NetworkProtocol_e:string,
+           SrcIpAddr_e:string,
+           EventOriginalUid_e:string,
+           EventSeverity_e:string,
+           EventCount_e:int,
+           EventProduct_e:string,
+           EventVendor_e:string,
+           EventSchemaVersion_e:string,
+           Dvc_e:string,
+           EventType_e:string,
+           EventResult_e:string,
+           EventSubType_e:string,
+           EventEndTime_e:datetime,
+           ResponseCodeName_e:string,
+           Domain_e:string,
+           IpAddr_e:string,
+           EventStartTime_e:datetime
     )[];
     let DNSQuery_GcpDns = union isfuzzy=true GCP_DNS_CL, DNSQuery_GcpDns_empty
        | extend 
-           Query=column_ifexists('payload_queryName_s', ''),
-           QueryTypeName=column_ifexists('payload_queryType_s', ''),
-           ResponseName=column_ifexists('payload_rdata_s', ''),
-           EventResultDetails=column_ifexists('payload_responseCode_s', ''),
-           NetworkProtocol=column_ifexists('payload_protocol_s', ''),
-           SrcIpAddr=column_ifexists('payload_sourceIP_s', ''),
-           EventOriginalUid=column_ifexists('insert_id_s', ''),
-           EventSeverity=column_ifexists('severity_s', ''),
-           EventCount=(1),
-           EventProduct="Cloud DNS",
-           EventVendor="GCP",
-           EventSchemaVersion="0.1.0",
-           Dvc="GCPDNS",
-           EventType = iif (column_ifexists('resource_type_s', '') == "dns_query", "lookup", column_ifexists('resource_type_s', '')),
-           EventResult=iff(EventResultDetails =~ 'NOERROR', 'Success', 'Failure'),
-           EventSubType='response',
-           EventEndTime=todatetime(column_ifexists('timestamp_t', ''))
+           Query_e=column_ifexists('payload_queryName_s', ''),
+           QueryTypeName_e=column_ifexists('payload_queryType_s', ''),
+           ResponseName_e=column_ifexists('payload_rdata_s', ''),
+           EventResultDetails_e=column_ifexists('payload_responseCode_s', ''),
+           NetworkProtocol_e=column_ifexists('payload_protocol_s', ''),
+           SrcIpAddr_e=column_ifexists('payload_sourceIP_s', ''),
+           EventOriginalUid_e=column_ifexists('insert_id_s', ''),
+           EventSeverity_e=column_ifexists('severity_s', ''),
+           EventCount_e=(1),
+           EventProduct_e="Cloud DNS",
+           EventVendor_e="GCP",
+           EventSchemaVersion_e="0.1.0",
+           Dvc_e="GCPDNS",
+           EventType_e=iif (column_ifexists('resource_type_s', '') == "dns_query", "lookup", column_ifexists('resource_type_s', '')),
+           EventResult_e=iff(EventResultDetails_e =~ 'NOERROR', 'Success', 'Failure'),
+           EventSubType_e='response',
+           EventEndTime_e=todatetime(column_ifexists('timestamp_t', ''))
+        // ---Aliases   
        | extend
-           ResponseCodeName=EventResultDetails, 
-           Domain=Query,
-           IpAddr=SrcIpAddr,
-           EventStartTime = EventEndTime
+           ResponseCodeName_e=EventResultDetails_e, 
+           Domain_e=Query_e,
+           IpAddr_e=SrcIpAddr_e,
+           EventStartTime_e=EventEndTime_e
        | project-rename
-           Query=Query,
-           QueryTypeName=QueryTypeName,
-           ResponseName=ResponseName,
-           EventResultDetails=EventResultDetails,
-           NetworkProtocol=NetworkProtocol,
-           SrcIpAddr=SrcIpAddr,
-           EventOriginalUid=EventOriginalUid,
-           EventSeverity=EventSeverity,
-           EventCount=EventCount,
-           EventProduct=EventProduct,
-           EventVendor=EventVendor,
-           EventSchemaVersion=EventSchemaVersion,
-           Dvc=Dvc,
-           EventType=EventType,
-           EventResult=EventResult,
-           EventSubType=EventSubType,
-           EventEndTime=EventEndTime,
-           ResponseCodeName=ResponseCodeName,
-           Domain=Domain,
-           IpAddr=IpAddr,
-           EventStartTime=EventStartTime;
+           Query=Query_e,
+           QueryTypeName=QueryTypeName_e,
+           ResponseName=ResponseName_e,
+           EventResultDetails=EventResultDetails_e,
+           NetworkProtocol=NetworkProtocol_e,
+           SrcIpAddr=SrcIpAddr_e,
+           EventOriginalUid=EventOriginalUid_e,
+           EventSeverity=EventSeverity_e,
+           EventCount=EventCount_e,
+           EventProduct=EventProduct_e,
+           EventVendor=EventVendor_e,
+           EventSchemaVersion=EventSchemaVersion_e,
+           Dvc=Dvc_e,
+           EventType=EventType_e,
+           EventResult=EventResult_e,
+           EventSubType=EventSubType_e,
+           EventEndTime=EventEndTime_e,
+           ResponseCodeName=ResponseCodeName_e,
+           Domain=Domain_e,
+           IpAddr=IpAddr_e,
+           EventStartTime=EventStartTime_e;
     let DNSQuery_GcpDnsV2 = union isfuzzy=true GCP_DNSV2_CL, DNSQuery_GcpDns_empty
        | extend 
-           Query=column_ifexists('payload_queryName', ''),
-           QueryTypeName=column_ifexists('payload_queryType', ''),
-           ResponseName=column_ifexists('payload_rdata', ''),
-           EventResultDetails=column_ifexists('payload_responseCode', ''),
-           NetworkProtocol=column_ifexists('payload_protocol', ''),
-           SrcIpAddr=column_ifexists('payload_sourceIP', ''),
-           EventOriginalUid=column_ifexists('insert_id', ''),
-           EventSeverity=column_ifexists('severity', ''),
-           EventCount=(1),
-           EventProduct="Cloud DNS",
-           EventVendor="GCP",
-           EventSchemaVersion="0.1.0",
-           Dvc="GCPDNS",
-           EventType = iif (column_ifexists('resource_type', '') == "dns_query", "lookup", column_ifexists('resource_type', '')),
-           EventResult=iff(EventResultDetails =~ 'NOERROR', 'Success', 'Failure'),
-           EventSubType='response',
-           EventEndTime=todatetime(column_ifexists('timestamp', ''))
+           Query_e=column_ifexists('payload_queryName', ''),
+           QueryTypeName_e=column_ifexists('payload_queryType', ''),
+           ResponseName_e=column_ifexists('payload_rdata', ''),
+           EventResultDetails_e=column_ifexists('payload_responseCode', ''),
+           NetworkProtocol_e=column_ifexists('payload_protocol', ''),
+           SrcIpAddr_e=column_ifexists('payload_sourceIP', ''),
+           EventOriginalUid_e=column_ifexists('insert_id', ''),
+           EventSeverity_e=column_ifexists('severity', ''),
+           EventCount_e=(1),
+           EventProduct_e="Cloud DNS",
+           EventVendor_e="GCP",
+           EventSchemaVersion_e="0.1.0",
+           Dvc_e="GCPDNS",
+           EventType_e=iif (column_ifexists('resource_type', '') == "dns_query", "lookup", column_ifexists('resource_type', '')),
+           EventResult_e=iff(EventResultDetails_e =~ 'NOERROR', 'Success', 'Failure'),
+           EventSubType_e='response',
+           EventEndTime_e=todatetime(column_ifexists('timestamp', ''))
+        // ---Aliases
        | extend
-           ResponseCodeName=EventResultDetails, 
-           Domain=Query,
-           IpAddr=SrcIpAddr,
-           EventStartTime = EventEndTime
+           ResponseCodeName_e=EventResultDetails_e, 
+           Domain_e=Query_e,
+           IpAddr_e=SrcIpAddr_e,
+           EventStartTime_e=EventEndTime_e
        | project-rename
-           Query=Query,
-           QueryTypeName=QueryTypeName,
-           ResponseName=ResponseName,
-           EventResultDetails=EventResultDetails,
-           NetworkProtocol=NetworkProtocol,
-           SrcIpAddr=SrcIpAddr,
-           EventOriginalUid=EventOriginalUid,
-           EventSeverity=EventSeverity,
-           EventCount=EventCount,
-           EventProduct=EventProduct,
-           EventVendor=EventVendor,
-           EventSchemaVersion=EventSchemaVersion,
-           Dvc=Dvc,
-           EventType=EventType,
-           EventResult=EventResult,
-           EventSubType=EventSubType,
-           EventEndTime=EventEndTime,
-           ResponseCodeName=ResponseCodeName,
-           Domain=Domain,
-           IpAddr=IpAddr,
-           EventStartTime=EventStartTime;
+           Query=Query_e,
+           QueryTypeName=QueryTypeName_e,
+           ResponseName=ResponseName_e,
+           EventResultDetails=EventResultDetails_e,
+           NetworkProtocol=NetworkProtocol_e,
+           SrcIpAddr=SrcIpAddr_e,
+           EventOriginalUid=EventOriginalUid_e,
+           EventSeverity=EventSeverity_e,
+           EventCount=EventCount_e,
+           EventProduct=EventProduct_e,
+           EventVendor=EventVendor_e,
+           EventSchemaVersion=EventSchemaVersion_e,
+           Dvc=Dvc_e,
+           EventType=EventType_e,
+           EventResult=EventResult_e,
+           EventSubType=EventSubType_e,
+           EventEndTime=EventEndTime_e,
+           ResponseCodeName=ResponseCodeName_e,
+           Domain=Domain_e,
+           IpAddr=IpAddr_e,
+           EventStartTime=EventStartTime_e;
            union isfuzzy=true DNSQuery_GcpDns, DNSQuery_GcpDnsV2
-           | project-reorder EventEndTime, IpAddr, Query, QueryTypeName, ResponseName, EventResult, EventSeverity, EventProduct, EventVendor, EventSchemaVersion, Dvc, EventType, EventSubType, ResponseCodeName, Domain, EventStartTime;
+           | project-reorder Query, QueryTypeName, ResponseName, EventResultDetails, NetworkProtocol, SrcIpAddr, EventOriginalUid, EventSeverity, EventCount, EventProduct, EventVendor, EventSchemaVersion, Dvc, EventType, EventResult, EventSubType, EventEndTime, ResponseCodeName, Domain, IpAddr, EventStartTime;
     };
     GCPCloudDNS_view