def _transform_schema()

in Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py [0:0]


def _transform_schema(audit_events: list) -> list:
    dcr_events = [
        {
            'CyberArkTenantId': audit['tenantId'],
            'accountName': audit.get('accountName') or '',
            'action': audit.get('action') or '',
            'actionType': audit.get('actionType') or '',
            'applicationCode': audit.get('applicationCode') or '',
            'auditCode': audit.get('auditCode') or '',
            'auditType': audit.get('auditType') or '',
            'correlationId': audit.get('correlationId') or '',
            'cloudAssets': audit.get('cloudAssets') or '',
            'cloudIdentities': audit.get('cloudIdentities') or '',
            'cloudProvider': audit.get('cloudProvider') or '',
            'command': audit.get('command') or '',
            'component': audit.get('component') or '',
            'identityType': audit.get('identityType') or '',
            'message': audit.get('message') or '',
            'target': audit.get('target') or '',
            'timestamp': int(audit.get('timestamp', 0)),
            'targetPlatform': audit.get('targetPlatform') or '',
            'targetAccount': audit.get('targetAccount') or '',
            'safe': audit.get('safe') or '',
            'sessionId': audit.get('sessionId') or '',
            'serviceName': audit.get('serviceName') or '',
            'source': audit.get('source') or '',
            'userId': audit.get('userId') or '',
            'username': audit.get('username') or ''
        }
        for audit in audit_events]
    return dcr_events