added enrichment

2026-02-10 21:50:15 +00:00 · 2026-01-16 02:37:31 +01:00
parent 9372eba596
commit 20deb0193e
2 changed files with 50 additions and 8 deletions
--- a/bitwarden_license/bit-common/src/dirt/organization-integrations/models/integration-configuration-config/configuration-template/hec-template.ts
+++ b/bitwarden_license/bit-common/src/dirt/organization-integrations/models/integration-configuration-config/configuration-template/hec-template.ts
@@ -2,8 +2,6 @@ import { OrgIntegrationTemplate } from "../../integration-builder";
 import { OrganizationIntegrationServiceName } from "../../organization-integration-service-type";

 export class HecTemplate implements OrgIntegrationTemplate {
-  event = "#EventMessage#";
-  source = "Bitwarden";
  index: string;
  bw_serviceName: OrganizationIntegrationServiceName;

@@ -12,12 +10,54 @@ export class HecTemplate implements OrgIntegrationTemplate {
    this.bw_serviceName = service;
  }

-  toString(): string {
-    return JSON.stringify({
-      Event: this.event,
-      Source: this.source,
-      Index: this.index,
+  private toJSON() {
+    const template: Record<string, any> = {
      bw_serviceName: this.bw_serviceName,
-    });
+      source: "bitwarden",
+      service: "event-logs",
+      event: {
+        object: "event",
+        type: "#Type#",
+        itemId: "#CipherId#",
+        collectionId: "#CollectionId#",
+        groupId: "#GroupId#",
+        policyId: "#PolicyId#",
+        memberId: "#UserId#",
+        actingUserId: "#ActingUserId#",
+        installationId: "#InstallationId#",
+        date: "#DateIso8601#",
+        device: "#DeviceType#",
+        ipAddress: "#IpAddress#",
+        secretId: "#SecretId#",
+        projectId: "#ProjectId#",
+        serviceAccountId: "#ServiceAccountId#",
+      },
+      enrichment_details: {
+        actingUser: {
+          name: "#ActingUserName#",
+          email: "#ActingUserEmail#",
+          type: "#ActingUserType#",
+        },
+        member: {
+          name: "#UserName#",
+          email: "#UserEmail#",
+          type: "#UserType#",
+        },
+        group: {
+          name: "#GroupName#",
+        },
+      },
+    };
+
+    // Only include index if it's provided
+    if (this.index && this.index.trim() !== "") {
+      template.index = this.index;
+    }
+
+    return template;
+  }
+
+  toString(): string {
+    return JSON.stringify(this.toJSON());
  }
 }
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -55,6 +55,7 @@ export enum FeatureFlag {

  /* DIRT */
  EventManagementForDataDogAndCrowdStrike = "event-management-for-datadog-and-crowdstrike",
+  EventManagementForHuntress = "event-management-for-huntress",
  PhishingDetection = "phishing-detection",

  /* Vault */
@@ -116,6 +117,7 @@ export const DefaultFeatureFlagValue = {

  /* DIRT */
  [FeatureFlag.EventManagementForDataDogAndCrowdStrike]: FALSE,
+  [FeatureFlag.EventManagementForHuntress]: FALSE,
  [FeatureFlag.PhishingDetection]: FALSE,

  /* Vault */