in Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py [0:0]
def _transform_schema(audit_events: list) -> list:
dcr_events = [
{
'CyberArkTenantId': audit['tenantId'],
'accountName': audit.get('accountName') or '',
'action': audit.get('action') or '',
'actionType': audit.get('actionType') or '',
'applicationCode': audit.get('applicationCode') or '',
'auditCode': audit.get('auditCode') or '',
'auditType': audit.get('auditType') or '',
'correlationId': audit.get('correlationId') or '',
'cloudAssets': audit.get('cloudAssets') or '',
'cloudIdentities': audit.get('cloudIdentities') or '',
'cloudProvider': audit.get('cloudProvider') or '',
'command': audit.get('command') or '',
'component': audit.get('component') or '',
'identityType': audit.get('identityType') or '',
'message': audit.get('message') or '',
'target': audit.get('target') or '',
'timestamp': int(audit.get('timestamp', 0)),
'targetPlatform': audit.get('targetPlatform') or '',
'targetAccount': audit.get('targetAccount') or '',
'safe': audit.get('safe') or '',
'sessionId': audit.get('sessionId') or '',
'serviceName': audit.get('serviceName') or '',
'source': audit.get('source') or '',
'userId': audit.get('userId') or '',
'username': audit.get('username') or ''
}
for audit in audit_events]
return dcr_events