Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 696: Add NTP Event Class #705

Merged
merged 8 commits into from
Aug 17, 2023
Merged

Issue 696: Add NTP Event Class #705

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
cd51f76
Add ntp activities
Aniak5 Jul 24, 2023
e02b98c
Issue-696: Add ntp attributes
Aniak5 Aug 1, 2023
50b4947
Issue-696: Add ntp network class
Aniak5 Aug 1, 2023
0fb2767
Issue-696: Move ntp attribute definitions to dictionary
Aniak5 Aug 2, 2023
ad4f33d
Issue-696: Add group information
Aniak5 Aug 2, 2023
1466611
Issue-696: add Other enum to stratum and ntp activity ids
Aniak5 Aug 2, 2023
4bd7fd1
Issue-696: Add level to description
Aniak5 Aug 2, 2023
7f9bd03
Issue-696: Update precision to be generic in dictionary and specific …
Aniak5 Aug 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 52 additions & 1 deletion dictionary.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1052,6 +1052,11 @@
"description": "Decision/outcome of the authorization mechanism (e.g. Approved, Denied)",
"type": "string_t"
},
"delay": {
rroupski marked this conversation as resolved.
Show resolved Hide resolved
"caption": "Root Delay",
"description": "The total round-trip delay to the reference clock in milliseconds.",
"type": "integer_t"
},
"deleted_time": {
"caption": "Deleted Time",
"description": "The timestamp when the user was deleted. In Active Directory (AD), when a user is deleted they are moved to a temporary container and then removed after 30 days. So, this field can be populated even after a user is deleted for the next 30 days.",
Expand Down Expand Up @@ -1156,6 +1161,11 @@
"sibling": "direction",
"type": "integer_t"
},
"dispersion": {
"caption": "Root Dispersion",
"description": "The dispersion in the NTP protocol is the estimated time error or uncertainty relative to the reference clock in milliseconds.",
"type": "integer_t"
},
"disposition": {
"caption": "Disposition",
"description": "The event disposition name, normalized to the caption of the disposition_id value. In the case of 'Other', it is defined by the event source.",
Expand Down Expand Up @@ -2355,6 +2365,11 @@
"description": "The postal code of the location.",
"type": "string_t"
},
"precision": {
"caption": "Precision",
"description": "The numeric precision. See specific usage.",
"type": "integer_t"
},
"priority": {
"caption": "Priority",
"description": "The priority, normalized to the caption of the priority_id value. In the case of 'Other', it is defined by the event source. See specific usage.",
Expand Down Expand Up @@ -3014,6 +3029,42 @@
"sibling": "status",
"type": "integer_t"
},
"stratum": {
"caption": "Stratum",
"description": "The stratum level of the NTP server's time source, normalized to the caption of the stratum_id value.",
"type": "string_t"
},
"stratum_id": {
"caption": "Stratum ID",
"description": "The normalized identifier of the stratum level, as defined in <a target='_blank' href='https://www.rfc-editor.org/rfc/rfc5905.html'>RFC-5905</a>.",
"enum": {
"0": {
"caption": "Unknown",
"description": "Unspecified or invalid."
},
"1": {
"caption": "Primary Server",
"description": "The highest precision primary server (e.g atomic clock or GPS)."
},
"2": {
"caption": "Secondary Server",
"description": "A secondary level server (possible values: 2-15)."
},
"16": {
"caption": "Unsynchronized"
},
"17": {
"caption": "Reserved",
"description": "Reserved stratum (possible values: 17-255)."
},
"99": {
"caption": "Other",
"description": "The stratum level is not mapped. See the <code>stratum</code> attribute, which may contain a data source specific value."
}
},
"sibling": "stratum",
"type": "integer_t"
},
"subdomain": {
"caption": "Subdomain",
"description": "The subdomain portion of the URL. For example: <code>sub</code> in <code>https://sub.example.com</code> or <code>sub2.sub1</code> in <code>https://sub2.sub1.example.com</code>.",
Expand Down Expand Up @@ -3270,7 +3321,7 @@
"web_resources_result": {
"caption": "Web Resources Result",
"description": "The results of the activity on web resources. It should contain the new values of the changed attributes of the web resources.",
"is_array": true,
"is_array": true,
"type": "web_resource"
},
"x_forwarded_for": {
Expand Down
75 changes: 75 additions & 0 deletions events/network/ntp.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"caption": "NTP Activity",
"description": "The Network Time Protocol (NTP) Activity events report instances of remote clients synchronizing their clocks with an NTP server, as observed on the network.",
"extends": "network_activity",
"name": "ntp_activity",
"uid": 13,
"attributes": {
"activity_id": {
"enum": {
"0": {
rroupski marked this conversation as resolved.
Show resolved Hide resolved
"caption": "Unknown",
"description": "Not used in standard NTP implementations."
},
"1": {
"caption": "Symmetric Active Exchange",
"description": "Bidirectional time exchange between devices."
},
"2": {
"caption": "Symmetric Passive Response",
"description": "Device responds as a server to peers in symmetric active mode."
},
"3": {
"caption": "Client Synchronization",
"description": "NTP client, syncs with servers."
},
"4": {
"caption": "Server Response",
"description": "Dedicated NTP time server, responds to clients."
},
"5": {
"caption": "Broadcast",
"description": "Broadcast time info to network devices."
},
"6": {
"caption": "Control",
"description": "Monitoring and control messaging."
},
"7": {
"caption": "Private Use Case",
"description": "Reserved - Not defined in standard NTP specifications."
},
"99": {
"caption": "Other",
"description": "The event activity is not mapped."
}
}
},
"delay": {
"group": "primary",
"requirement": "optional"
},
"dispersion": {
"group": "primary",
"requirement": "optional"
},
"precision": {
"description": "The NTP precision quantifies a clock's accuracy and stability in log2 seconds, as defined in RFC-5905.",
"group": "primary",
"requirement": "recommended"
},
"stratum": {
"group": "primary",
"requirement": "optional"
},
"stratum_id": {
"group": "primary",
"requirement": "recommended"
},
"version": {
"description": "The version number of the NTP protocol.",
"group": "context",
"requirement": "required"
}
}
}
Loading