LOGFORCE™ Docs
Welcome to the LOGFORCE docs — This is a draft of the core concepts available in LOGFORCE™ platform.
Samples categorization
Initial samples folder structure
YAML
root:
type: directory
children:
industries:
type: directory
children:
cybersecurity:
type: directory
children:
linux-sysmon:
type: directory
children:
malware:
type: directory
children:
acidrain:
type: directory
children:
references.md:
type: file
sourcetype.md:
type: file
linux_sysmon.log:
type: file
window-sysmon:
type: directory
children:
suspicious_behaviour:
type: directory
children:
first_time_windows_service:
type: directory
children:
references.md:
type: file
windows-sysmon.log:
type: file
sourcetype.md:
type: file
README.md:
type: file
energy:
type: directory
children:
README.md:
type: file
financial_services:
type: directory
children:
README.md:
type: file
industrial_&_manufacturing:
type: directory
children:
README.md:
type: file
healthcare:
type: directory
children:
README.md:
type: file
real_estates:
type: directory
children:
README.md:
type: file
government_&_public_sector:
type: directory
children:
README.md:
type: file
telecom:
type: directory
children:
README.md:
type: file
consumer_goods:
type: directory
children:
README.md:
type: file
JSON
{
"root": {
"type": "directory",
"children": {
"industries": {
"type": "directory",
"children": {
"cybersecurity": {
"type": "directory",
"children": {
"linux-sysmon": {
"type": "directory",
"children": {
"malware": {
"type": "directory",
"children": {
"acidrain": {
"type": "directory",
"children": {
"references.md": {
"type": "file"
},
"sourcetype.md": {
"type": "file"
},
"linux_sysmon.log": {
"type": "file"
}
}
}
}
}
}
},
"window-sysmon": {
"type": "directory",
"children": {
"suspicious_behaviour": {
"type": "directory",
"children": {
"first_time_windows_service": {
"type": "directory",
"children": {
"references.md": {
"type": "file"
},
"windows-sysmon.log": {
"type": "file"
},
"sourcetype.md": {
"type": "file"
}
}
}
}
}
}
},
"README.md": {
"type": "file"
}
}
},
"energy": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"financial_services": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"industrial_&_manufacturing": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"healthcare": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"real_estates": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"government_&_public_sector": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"telecom": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
},
"consumer_goods": {
"type": "directory",
"children": {
"README.md": {
"type": "file"
}
}
}
}
}
}
}
}
Document store
Initial architecture
Embedded transactional database in the form of a key-value store
Data model and Schema
YAML
- id: 'Unix time stamp + UID { "type": "integer" }'
logType: 'Log type { "type": "string" }'
pokeAi: 'Poke AI .jpg private URL { "type": "string" }'
fuzzyHash: 'SSDEEP { "type": "string" }'
author: 'Author { "type": "string" }'
synthetic: 'Is generative { "type": "boolean" }'
adversarial: 'Is adversary { "type": "boolean" }'
anonymized: 'Is anonymized { "type": "boolean" }'
lines: 'Number of log lines { "type": "integer" }'
lineSeparator: 'Line separator { "type": "string" }'
characters: 'Log character count { "type": "integer" }'
cat: 'Categories { "type": "string" }'
tag: 'Tags { "type": "string" }'
observer:
observables:
sourceType: 'Log source type according to sourcetype.md { "type": "string" }'
mapping:
frameworks:
framework:
frameworkName: 'Framework { "type": "string" }'
mappingId: 'Framework item(s) ID(s) { "type": "string" }'
references:
reference: 'KB URL { "type": "string" }'
correlations:
query: 'Query { "type": "string" }'
dimension: 'poke AI dimension URL { "type": "string" }'
log:
lines: 'Log lines { "type": "string" }'
origin:
originalLocation: 'Original log location { "type": "string" }'
originalFormat: 'Original log format { "type": "string" }'
destination:
converted: 'Converted before ingestion { "type": "boolean" }'
convertedFormat: 'After ingestion log format { "type": "string" }'
output: 'Output destination { "type": "string" }'
FDML:
tileSize: >-
Value for the calculation of the maximum number of elements { "type":
"integer" }
density: >-
Number of context layers ordered by magnitude on a logarithmic scale {
"type": "integer" }
dimensionMapping:
question: 'Fork { "type": "string" }'
relevantSemantic: 'Relevant semantic for the fork { "type": "string" }'
tensionValue: 'Tension value { "type": "integer" }'
zOrder: >-
Vector orientation in the multidimensional space (binary represented as
an integer){ "type": "integer" }
twoScomplementPosition: >-
Two's complement representation values position (binary represented as
an integer){ "type": "integer" }
JSON
[
{
"id": "Unix time stamp + UID { \"type\": \"integer\" }",
"logType": "Log type { \"type\": \"string\" }",
"pokeAi": "Poke AI .jpg private URL { \"type\": \"string\" }",
"fuzzyHash": "SSDEEP { \"type\": \"string\" }",
"author": "Author { \"type\": \"string\" }",
"synthetic": "Is generative { \"type\": \"boolean\" }",
"adversarial": "Is adversary { \"type\": \"boolean\" }",
"anonymized": "Is anonymized { \"type\": \"boolean\" }",
"lines": "Number of log lines { \"type\": \"integer\" }",
"lineSeparator": "Line separator { \"type\": \"string\" }",
"characters": "Log character count { \"type\": \"integer\" }",
"cat": "Categories { \"type\": \"string\" }",
"tag": "Tags { \"type\": \"string\" }",
"observer": {
"observables": {
"sourceType": "Log source type according to sourcetype.md { \"type\": \"string\" }",
"mapping": {
"frameworks": {
"framework": {
"frameworkName": "Framework { \"type\": \"string\" }",
"mappingId": "Framework item(s) ID(s) { \"type\": \"string\" }"
}
}
},
"references": {
"reference": "KB URL { \"type\": \"string\" }"
},
"correlations": {
"query": "Query { \"type\": \"string\" }",
"dimension": "poke AI dimension URL { \"type\": \"string\" }"
}
}
},
"log": {
"lines": "Log lines { \"type\": \"string\" }"
},
"origin": {
"originalLocation": "Original log location { \"type\": \"string\" }",
"originalFormat": "Original log format { \"type\": \"string\" }"
},
"destination": {
"converted": "Converted before ingestion { \"type\": \"boolean\" }",
"convertedFormat": "After ingestion log format { \"type\": \"string\" }",
"output": "Output destination { \"type\": \"string\" }"
},
"FDML": {
"tileSize": "Value for the calculation of the maximum number of elements { \"type\": \"integer\" }",
"density": "Number of context layers ordered by magnitude on a logarithmic scale { \"type\": \"integer\" }",
"dimensionMapping": {
"question": "Fork { \"type\": \"string\" }",
"relevantSemantic": "Relevant semantic for the fork { \"type\": \"string\" }",
"tensionValue": "Tension value { \"type\": \"integer\" }",
"zOrder": "Vector orientation in the multidimensional space (binary represented as an integer){ \"type\": \"integer\" }",
"twoScomplementPosition": "Two's complement representation values position (binary represented as an integer){ \"type\": \"integer\" }"
}
}
}
]