Builder for OCSF Authentication events (class 3002).
Corresponds to the OCSF Authentication class under the Identity & Access Management category (UID 3).
Each function maps to an OCSF activity:
| Function | Activity ID | OCSF name |
|---|---|---|
logon/1 | 1 | Logon |
logoff/1 | 2 | Logoff |
preauth/1 | 6 | Preauth |
authentication_ticket/1 | 3 | Authentication Ticket |
account_switch/1 | 7 | Account Switch |
OCSF compliance note:
useris a required field for the Authentication class. Builders return{:error, _}if omitted.
Summary
Functions
Build an Account Switch event (activity_id 7).
Build an Authentication Ticket event (activity_id 3).
Build a Logoff authentication event (activity_id 2).
Build a Logon authentication event (activity_id 1).
Build a Preauth authentication event (activity_id 6).
Functions
@spec account_switch(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()}
Build an Account Switch event (activity_id 7).
@spec authentication_ticket(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()}
Build an Authentication Ticket event (activity_id 3).
@spec logoff(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()}
Build a Logoff authentication event (activity_id 2).
@spec logon(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()}
Build a Logon authentication event (activity_id 1).
Options
See OCSF.Event for all accepted top-level keys. Required:
:user— map with at least:uid. Cast to%OCSF.User{}.
Examples
{:ok, event} =
OCSF.Events.Authentication.logon(
user: %{uid: "u1", org: %{uid: "acme"}},
status: :Success,
severity: :Informational
)@spec preauth(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()}
Build a Preauth authentication event (activity_id 6).