Skip to content

Commit

Permalink
Adds get_actor_user method to Okta data model (#422)
Browse files Browse the repository at this point in the history 
* adds get_actor_user method to okta data model

* Update okta_data_model.yml

* Update okta_data_model.py

* Update okta_data_model.py
  • Loading branch information
@cpascale43
cpascale43 authored May 2, 2022
1 parent 4f6a6ac commit eb4af5c
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
8 changes: 8 additions & 0 deletions data_models/okta_data_model.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import panther_event_type_helpers as event_type
from panther_base_helpers import deep_get


def get_event_type(event):
Expand All @@ -25,3 +26,10 @@ def get_event_type(event):
if event.get("eventType") == "system.mfa.factor.deactivate":
return event_type.ADMIN_MFA_DISABLED
return None


def get_actor_user(event):
actor = deep_get(event, "actor", "displayName", default="unknown")
if actor == "unknown":
actor = deep_get(event, "actor", "alternateId", default="Unknown User")
return actor
2 changes: 1 addition & 1 deletion data_models/okta_data_model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Filename: okta_data_model.py
Enabled: true
Mappings:
- Name: actor_user
Path: $.actor.displayName
Method: get_actor_user
- Name: event_type
Method: get_event_type
- Name: source_ip
Expand Down

0 comments on commit eb4af5c

Please sign in to comment.