When integrating Peakhour event logs, it's crucial to understand the JSON format that Peakhour sends. In this blog post, we'll provide a detailed explanation of the JSON format, which is used to store events as Python dictionaries. This knowledge will help you work more effectively with the data, enabling better analysis and security event management.
The JSON format sent by Peakhour to consists of various fields, each containing specific information about the event. Below is a list of the fields included in the JSON format:
{
"time": "UTC timestamp of the event",
"location": "Location of the server handling the request",
"host": "Hostname of the server",
"blocklists": "List of blocklists the client's IP is part of",
"geoip": {
"country_code": "Country code of the client's IP",
"as_organization": "AS of the client's IP",
"as_number": "ASN of the client's IP",
},
"client": "Client's IP address",
"bytesin": "Number of bytes received from the client",
"bytesout": "Number of bytes sent to the client",
"unique_id": "Unique identifier for the request",
"httpver": "HTTP version used for the request",
"method": "HTTP method of the request",
"path": "Path of the requested resource",
"query": "Query string of the request",
"referer": "Referer URL of the request",
"request_headers": {
"name": "Name of the request header",
"value": "Value of the request header"
},
"user_agent": "User agent string of the client",
"user_agent_type": "Type of the user agent (e.g., browser, bot)",
"block.by": "Type of block that occurred (e.g., WAF, IP threat list, custom rule, rate limit, bot)"
}
This JSON format represents the structure of the data sent by Peakhour. When ingested the data is stored and you can use externally query and analyze the data.
Understanding the Peakhour JSON format is crucial when integrating with with a third party system, as it allows you to work more effectively with the data and perform comprehensive security event analysis. With this knowledge, you can create custom rules, alerts, and visualizations, enabling better threat detection and response.