diff --git a/.env copy b/.env copy new file mode 100644 index 0000000..81fb767 --- /dev/null +++ b/.env copy @@ -0,0 +1,33 @@ +# Runtime +HOST=0.0.0.0 +PORT=8000 +LOG_LEVEL=info + +# Auth (disable for local dev) +DISABLE_AUTH=true +SECRET_KEY=change-me-in-development + +# API keys (only used if DISABLE_AUTH=false) +API_KEYS_ADMIN= +API_KEYS_READ_ONLY= +API_KEYS_WRITE= + +# Integrations +S1_SDL_API_TOKEN= + +# Frontend -> Backend API key (not needed when DISABLE_AUTH=true) +BACKEND_API_KEY= + +# HEC batching (used by Frontend -> hec_sender.py) +S1_HEC_BATCH=true +S1_HEC_BATCH_MAX_BYTES=1048576 +S1_HEC_BATCH_FLUSH_MS=500 +# Optional debug for HEC sender +S1_HEC_DEBUG=0 +# Optional TLS/auth tweaks +# S1_HEC_VERIFY=true +# S1_HEC_AUTH_SCHEME=Splunk + +# Keyring (frontend) - encrypted file backend +KEYRING_CRYPTFILE_PASSWORD=change-this-strong-password +KEYRING_CRYPTFILE_PATH=/app/Frontend/.keyring.cfg diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..99eb9e5 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,35 @@ +# Ensure shell scripts always use LF line endings +*.sh text eol=lf +entrypoint.sh text eol=lf + +# Python files should use LF +*.py text eol=lf + +# Docker files should use LF +Dockerfile text eol=lf +docker-compose.yml text eol=lf +docker-compose.yaml text eol=lf + +# Config files should use LF +*.conf text eol=lf +*.cfg text eol=lf +*.ini text eol=lf +*.json text eol=lf +*.yaml text eol=lf +*.yml text eol=lf + +# Documentation files +*.md text eol=lf +*.txt text eol=lf + +# Windows batch files should use CRLF +*.bat text eol=crlf +*.cmd text eol=crlf + +# Binary files +*.png binary +*.jpg binary +*.jpeg binary +*.gif binary +*.ico binary +*.pdf binary \ No newline at end of file diff --git a/.gitignore b/.gitignore index c251628..5800c10 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ # ============================= # IMPORTANT: Keep all documentation local only !README.md +!AGENTS.md *.md !README.md.example *.markdown @@ -66,6 +67,10 @@ attack_scenario_*.json scenario_*.json !scenario_example.json +# Generated Scenario Configs (timestamped outputs) +Backend/scenarios/configs/*.json +!Backend/scenarios/configs/*_example.json + # Generated Event Files # ==================== events_*.json @@ -233,6 +238,15 @@ tmp/ *.sqlite3 *.db-journal +# API Data Directory +# ================== +# Ignore uploaded files and database files in data directory +Backend/api/data/ +api/data/ +data/uploads/ +data/*.db +data/*.sqlite + # Archive Files # ============= *.zip @@ -249,6 +263,8 @@ tmp/ !sample.csv large_datasets/ bulk_events/ +uploads/ +uploaded_files/ # API Documentation Files # ======================= @@ -336,10 +352,11 @@ coral_* # Keep important example files !README.md +!AGENTS.md !requirements.txt !detections.conf # Ignore specific vendor test files that might contain sensitive data *_test_output.json *_validation_results.json -vendor_config_*.json \ No newline at end of file +vendor_config_*.json diff --git a/Backend/.gitignore b/Backend/.gitignore new file mode 100644 index 0000000..c0fc603 --- /dev/null +++ b/Backend/.gitignore @@ -0,0 +1,347 @@ +# Markdown Documentation Files +# ============================= +# IMPORTANT: Keep all documentation local only +!README.md +!AGENTS.md +*.md +!README.md.example +*.markdown +*.mdown +*.mkd + +# Testing Directories and Files +# ============================= +# Keep ALL testing local only - don't push to remote +testing/ +tests/ +test/ +*test*.py +*test*.json +*validation*.py +*validation*.json +verify_*.py +debug_*.py +remove_*.py +sdl_*.py +simulated_*.py +quick_*.py +focused_*.py +phase*_*.py +api_validation_report.py +comprehensive_*.py +comprehensive_*.json +*.log +api/*.log +api/*.html +testing/results/ + +# Security and Sensitive Data +# ========================== +*.key +*.pem +*.p12 +*.pfx +*.cert +*.crt +*.csr +.env +.env.* +!.env.example +config.json +secrets.json +credentials.json +*.token +*.secret + +# HEC and API Tokens +hec_token.txt +api_keys.txt +auth_tokens.txt + +# Generated Attack Scenarios +# ========================== +# Keep example scenarios but ignore generated ones +attack_scenario_op_*.json +attack_scenario_*.json +!attack_scenario_example.json +scenario_*.json +!scenario_example.json + +# Generated Event Files +# ==================== +events_*.json +logs_*.json +generated_events/ +output_events/ +temp_events/ + +# Detection and Testing Reports +# ============================ +detection_test_report_*.json +test_report_*.json +coverage_report_*.json +performance_report_*.json +parser_validation_*.md +parser_comprehensive_test_*.md +parser_test_*.json + +# Python Environment and Dependencies +# =================================== +# Virtual environments +.venv/ +venv/ +env/ +ENV/ +.virtualenv/ + +# Python cache and compiled files +__pycache__/ +*.py[cod] +*$py.class +*.so +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +*.manifest +*.spec + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.pytest_cache/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# IDE and Editor Files +# =================== +# VSCode +.vscode/ +*.code-workspace + +# PyCharm +.idea/ +*.iml +*.iws +*.ipr +__pycache__/ + +# Sublime Text +*.sublime-* + +# Vim +*.swp +*.swo +*~ +.netrwhist + +# Emacs +*~ +\#*\# +/.emacs.desktop +/.emacs.desktop.lock +*.elc +auto-save-list +tramp +.\#* + +# System Files +# ============ +# macOS +.DS_Store +.AppleDouble +.LSOverride +Icon? +._* +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# Windows +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db +*.stackdump +[Dd]esktop.ini +$RECYCLE.BIN/ +*.cab +*.msi +*.msix +*.msm +*.msp +*.lnk + +# Linux +*~ +.fuse_hidden* +.directory +.Trash-* +.nfs* + +# Logs and Temporary Files +# ======================== +*.log +*.out +*.err +logs/ +log/ +temp/ +tmp/ +.tmp/ + +# Database Files +# ============== +*.db +*.sqlite +*.sqlite3 +*.db-journal + +# Archive Files +# ============= +*.zip +*.tar.gz +*.tar.bz2 +*.rar +*.7z + +# Large Data Files +# ================ +# Ignore large generated datasets +*.csv +!example.csv +!sample.csv +large_datasets/ +bulk_events/ + +# API Documentation Files +# ======================= +# Ignore large swagger/OpenAPI files +swagger*.json +openapi*.json +api_spec*.json +*_swagger.json +*_openapi.json + +# Docker +# ====== +.dockerignore +Dockerfile.* +docker-compose.override.yml + +# Node.js (if any JS tools are added) +# =================================== +node_modules/ +npm-debug.log* +yarn-debug.log* +yarn-error.log* +.npm +.yarn-integrity + +# Documentation Build +# =================== +docs/_build/ +site/ + +# Backup Files +# ============ +*.bak +*.backup +*.old +*_backup +*_old +backups/ +backup/ + +# Custom Ignore Patterns +# ====================== +# Add project-specific patterns here + +# Claude Code Settings and AI-related files +# ========================================== +# IMPORTANT: Keep all AI-related data local only +.claude/ +.claude* +*.claude +*claude.json +claude_* +.claudecode/ +.claudecode* +CLAUDE.md +.claude.md +claude.md +*_claude.md +*claude*.md +ai_instructions.md +ai_context.md +.ai/ +.anthropic/ +anthropic_* +.openai/ +openai_* +.gemini/ +gemini_* +.llm/ +llm_* +ai_* +assistant_* +copilot_* + +# Agent Force - Keep local only +agent_force/ +*agent_force* +.agent_force/ + +# Coral Collective - Keep local only +.coral/ +.coral* +*coral* +coral_* + +# Keep important example files +!README.md +!AGENTS.md +!requirements.txt +!detections.conf + +# Ignore specific vendor test files that might contain sensitive data +*_test_output.json +*_validation_results.json +vendor_config_*.json diff --git a/Backend/AGENTS.md b/Backend/AGENTS.md new file mode 100644 index 0000000..9106780 --- /dev/null +++ b/Backend/AGENTS.md @@ -0,0 +1,50 @@ +# Repository Guidelines + +## Project Structure & Module Organization +- `api/`: FastAPI service (`app/` with `routers/`, `models/`, `services/`, `utils/`). +- `event_generators/`: Scripts that emit sample/security events. +- `parsers/`: Parser definitions and metadata. +- `scenarios/`: Scenario configs used in validation and demos. +- `testing/`: Validation utilities and comprehensive generator tests. +- `docs/`: Project docs and guides. + +## Build, Test, and Development +- Setup (recommended): + - `python3 -m venv .venv && source .venv/bin/activate` + - `pip install -r api/requirements.txt` +- Run API locally: + - `python api/start_api.py` (http://localhost:8000) + - Or: `cd api && uvicorn app.main:app --reload` +- Docker: + - `docker-compose up --build` (uses `api/Dockerfile`) + - Manual: `docker build -t jarvis-api -f api/Dockerfile . && docker run -p 8000:8000 jarvis-api` + +## Coding Style & Naming Conventions +- Python 3.10+; 4‑space indentation; prefer type hints. +- Use tools pinned in `api/requirements.txt`: + - Format: `black api` + - Lint: `flake8 api` + - Types: `mypy api/app` +- Naming: `snake_case` for files/functions, `PascalCase` for classes, module/package names in lowercase. + +## Testing Guidelines +- Framework: `pytest` (+ `pytest-asyncio`, `pytest-cov`). +- Location: `api/tests/` and root‑level `api/test_*.py`. +- Naming: files `test_*.py`, tests `test_*` functions. +- Run: `cd api && pytest tests/` +- Coverage: `pytest tests/ --cov=app --cov-report=html` (HTML at `api/htmlcov/`). + +## Commit & Pull Request Guidelines +- Commit style: follow Conventional Commits when possible (`feat:`, `fix:`, `docs:`, `chore:`). Keep messages imperative and scoped. +- Branches: short, hyphenated names (e.g., `feat/parser-download-retries`). +- PRs must include: + - Clear description and rationale; link issues (e.g., `Closes #123`). + - Scope of changes (files/areas touched) and testing notes. + - For API changes, include curl examples and screenshots of `/api/v1/docs` if relevant. + +## Security & Configuration +- Never commit secrets. Use `api/.env` (copy from `api/.env.example` via `cp api/.env.example api/.env`). +- Key vars: `DISABLE_AUTH`, `API_KEYS_*`, `SECRET_KEY`, `DATABASE_URL`. +- In Docker, data persists under `api/data/` (mounted to `/app/data`). +- Production: keep `DISABLE_AUTH=false`, use strong keys, configure CORS appropriately. + diff --git a/Backend/README.md b/Backend/README.md new file mode 100644 index 0000000..61367a3 --- /dev/null +++ b/Backend/README.md @@ -0,0 +1,383 @@ +# Security Event Generation and Parser Validation + +Synthetic security event generators, parser metadata, and an API for sending events to SentinelOne AI SIEM via HEC. This repo helps you quickly validate field extraction and formatting across many vendor sources. + +## Project Layout +- `api/`: FastAPI service (`app/` modules, `tests/`, `start_api.py`). +- `event_generators/`: Vendor generators and shared HEC sender. +- `parsers/`: Community/marketplace parser folders (`*-latest`). +- `scenarios/`: Example scenario configs for demos. +- `testing/`: Validation utilities and scripts. +- `docs/`: Extended docs (validation, guides). + +## Quick Start + +### Docker (Recommended) +1. **Create environment file** (first time only): +```bash +# From the repository root +cp ".env copy" .env +``` + +2. **Start services**: +```bash +docker-compose up --build +``` +- API: http://localhost:8000 +- API Docs: http://localhost:8000/docs +- Frontend UI: http://localhost:9001 + +**Note**: The default `.env` has `DISABLE_AUTH=true` for easy local development. No API keys needed! + +### Local Python Development +```bash +python3 -m venv .venv && source .venv/bin/activate +pip install -r api/requirements.txt + +# Run API +python api/start_api.py # http://localhost:8000 + +# Send events to HEC (set env first) +export S1_HEC_TOKEN=... # and optionally S1_HEC_URL +python event_generators/shared/hec_sender.py --product crowdstrike_falcon -n 3 +``` + +## Configuration + +### Environment Setup (.env) +The project uses a `.env` file for configuration. Copy the template to get started: +```bash +cp ".env copy" .env +``` + +### Authentication +By default, authentication is **disabled** for local development: +- `DISABLE_AUTH=true` - No API keys required (great for getting started!) +- `BACKEND_API_KEY` - Not needed when auth is disabled + +For production environments, enable authentication: +```bash +DISABLE_AUTH=false +API_KEYS_ADMIN=your-secure-api-key-here +BACKEND_API_KEY=your-secure-api-key-here # Used by frontend +``` + +Generate secure API keys using: +```bash +python -c "import secrets; print(secrets.token_urlsafe(32))" +``` + +After changing `.env`, restart services: +```bash +docker-compose down && docker-compose up -d +``` + +## Validation +- End‑to‑end validation workflow and troubleshooting are documented in `docs/VALIDATION.md`. +- The HEC sender now prefers dynamic sourcetype mappings by scanning `parsers/*/*-latest`, with explicit overrides where needed. + +## Contributing +- See `AGENTS.md` for contributor guidelines (style, tests, PRs). +- `aws_cloudtrail`: AWS CloudTrail events +- `aws_elb`: AWS Elastic Load Balancer logs +- `aws_guardduty`: AWS GuardDuty findings +- `aws_elasticloadbalancer`: AWS Elastic Load Balancer logs +- `aws_route53`: AWS Route 53 DNS query logs +- `aws_vpc_dns`: AWS VPC DNS query logs +- `aws_vpcflow`: AWS VPC Flow Logs +- `aws_vpcflowlogs`: AWS VPC Flow Logs +- `aws_waf`: AWS Web Application Firewall logs +- `google_cloud_dns`: Google Cloud DNS query and audit events +- `google_workspace`: Google Workspace admin and user activity events + +### Network Security & Infrastructure +- `akamai_cdn`: Akamai CDN access and performance logs +- `akamai_dns`: Akamai DNS resolution and security logs +- `akamai_general`: Akamai general security and performance events +- `akamai_sitedefender`: Akamai SiteDefender WAF security events +- `cisco_asa`: Cisco ASA firewall logs +- `cisco_duo`: Cisco Duo multi-factor authentication events +- `cisco_fmc`: Cisco Firepower Management Center security events +- `cisco_ios`: Cisco IOS network device syslog events +- `cisco_ironport`: Cisco IronPort Email Security Appliance logs +- `cisco_isa3000`: Cisco ISA3000 industrial security appliance events +- `cisco_ise`: Cisco Identity Services Engine authentication events +- `cisco_firewall_threat_defense`: Cisco Firewall Threat Defense logs +- `cisco_meraki`: Cisco Meraki logs +- `cisco_meraki_flow`: Cisco Meraki Flow logs +- `cisco_networks`: Cisco network infrastructure events +- `cisco_umbrella`: Cisco Umbrella DNS logs +- `cloudflare_general`: Cloudflare security and performance events +- `corelight_conn`: Corelight network connection logs +- `corelight_http`: Corelight HTTP traffic logs +- `corelight_ssl`: Corelight SSL/TLS logs +- `corelight_tunnel`: Corelight tunnel traffic logs +- `extreme_networks`: Extreme Networks switch and access point events +- `f5_networks`: F5 BIG-IP load balancer and security events +- `f5_vpn`: F5 VPN access and session logs +- `fortinet_fortigate`: FortiGate firewall logs (multiple types) +- `isc_bind`: ISC BIND DNS server query and security logs +- `isc_dhcp`: ISC DHCP server lease and network logs +- `juniper_networks`: Juniper Networks device events +- `paloalto_prismasase`: Palo Alto Prisma SASE security and network events +- `ubiquiti_unifi`: Ubiquiti UniFi network equipment events +- `zscaler`: Zscaler proxy logs +- `zscaler_dns_firewall`: Zscaler DNS firewall security events +- `zscaler_firewall`: Zscaler firewall and security events + +### Endpoint & Identity Security +- `abnormal_security`: Abnormal Security email security events +- `armis`: Armis IoT device discovery and security events +- `crowdstrike_falcon`: CrowdStrike Falcon endpoint events +- `hypr_auth`: HYPR passwordless authentication events +- `iis_w3c`: Microsoft IIS W3C web server logs +- `jamf_protect`: Jamf Protect macOS endpoint security events +- `linux_auth`: Linux authentication logs (/var/log/auth.log) +- `microsoft_365_collaboration`: Microsoft 365 SharePoint/OneDrive collaboration events +- `microsoft_365_defender`: Microsoft 365 Defender endpoint security events +- `microsoft_azure_ad_signin`: Microsoft Azure AD signin events +- `microsoft_azuread`: Azure AD audit logs +- `microsoft_defender_email`: Microsoft Defender for Office 365 events +- `microsoft_windows_eventlog`: Microsoft Windows Event Log events +- `okta_authentication`: Okta authentication events +- `pingfederate`: PingFederate SSO authentication and provisioning events +- `pingone_mfa`: PingOne multi-factor authentication events +- `pingprotect`: PingProtect fraud detection and authentication events +- `rsa_adaptive`: RSA Adaptive Authentication risk-based security events +- `sentinelone_endpoint`: SentinelOne XDR endpoint events (servers, workstations, Kubernetes) +- `sentinelone_identity`: SentinelOne Ranger AD identity/authentication events + +### Email Security +- `mimecast`: Mimecast email security events +- `proofpoint`: Proofpoint email security events + +### Web Application Security +- `imperva_sonar`: Imperva Sonar database security and compliance logs +- `imperva_waf`: Imperva Web Application Firewall security events +- `incapsula`: Imperva Incapsula WAF security events + +### Privileged Access & Identity Management +- `beyondtrust_passwordsafe`: BeyondTrust Password Safe audit events +- `beyondtrust_privilegemgmtwindows`: BeyondTrust Privilege Management Windows logs +- `cyberark_conjur`: CyberArk Conjur secrets management audit events +- `cyberark_pas`: CyberArk Privileged Access Security events +- `hashicorp_vault`: HashiCorp Vault secrets management events +- `securelink`: SecureLink privileged remote access events + +### SIEM & Analytics +- `darktrace`: Darktrace AI-powered threat detection events +- `darktrace_darktrace`: Darktrace AI-powered threat detection events +- `extrahop`: ExtraHop network detection and response events +- `manch_siem`: Manchester SIEM security events and alerts +- `vectra_ai`: Vectra AI network detection and response events + +### IT Management & Data Protection +- `axway_sftp`: Axway SFTP file transfer and audit logs +- `cohesity_backup`: Cohesity data management and backup logs +- `github_audit`: GitHub repository and organization audit logs +- `manageengine_adauditplus`: ManageEngine AD Audit Plus events +- `manageengine_general`: ManageEngine IT management and security events +- `microsoft_365_mgmt_api`: Microsoft 365 Management API events +- `microsoft_azure_ad`: Microsoft Azure AD events +- `microsoft_eventhub_azure_signin`: Microsoft EventHub Azure Signin events +- `microsoft_eventhub_defender_email`: Microsoft EventHub Defender Email events +- `microsoft_eventhub_defender_emailforcloud`: Microsoft EventHub Defender Email for Cloud events +- `sap`: SAP ERP, HANA, and security audit events +- `veeam_backup`: Veeam backup and recovery operations logs +- `wiz_cloud`: Wiz cloud security posture and compliance events + +### DevOps & CI/CD +- `buildkite`: Buildkite CI/CD audit and pipeline events +- `harness_ci`: Harness CI/CD pipeline and deployment logs +- `teleport`: Teleport access proxy events (SSH, database, Kubernetes) + +### Network Access & VPN +- `apache_http`: Apache HTTP server access logs +- `netskope`: Netskope cloud security events +- `tailscale`: Tailscale zero-trust network access events + +## Attack Scenario Generation + +### Quick Scenarios +Generate focused attack scenarios for testing: +```bash +python event_python_writer/quick_scenario.py +``` +Available scenarios: `phishing_attack`, `insider_threat`, `malware_outbreak`, `credential_stuffing`, `data_breach` + +### Full APT Campaign Simulation +Generate comprehensive 14-day attack campaigns: +```bash +# Generate a complete attack campaign +python event_python_writer/attack_scenario_orchestrator.py + +# Send generated scenario to HEC with timing control +python event_python_writer/scenario_hec_sender.py +``` + +### Scenario Features +- **Multi-platform correlation**: Events span email, identity, endpoint, network, cloud, and privileged access platforms +- **Realistic attack progression**: 5-phase attack chain (reconnaissance → initial access → persistence → escalation → exfiltration) +- **Temporal correlation**: Events follow realistic timing patterns +- **Threat intelligence**: Incorporates real attack techniques and IOCs + +## Parser Testing & Validation + +### End-to-End Testing Framework +The comprehensive testing framework validates parser effectiveness in production by: +1. **Generating test events** with unique tracking IDs +2. **Sending to HEC endpoint** via proven hec_sender.py +3. **Waiting for indexing** and parsing (configurable delay) +4. **Querying SDL API** to retrieve parsed events +5. **Analyzing field extraction** effectiveness vs expectations +6. **Generating detailed reports** with actionable insights + +### Key Testing Tools + +#### Complete Pipeline Testing +```bash +# Test all parsers with full HEC → SDL API validation +python event_python_writer/end_to_end_pipeline_tester.py + +# Test specific parser subset +python event_python_writer/end_to_end_pipeline_tester.py --parsers aws_waf,cisco_duo +``` + +#### Comprehensive Analysis (Without API Dependency) +```bash +# Analyze all parsers for effectiveness without API calls +python event_python_writer/comprehensive_parser_effectiveness_tester.py +``` + +#### Field Mapping Analysis +```bash +# Analyze field matching between generators and parsers +python event_python_writer/comprehensive_field_matcher.py +``` + +### Testing Results Summary (Latest: September 2025) +- **Total Generators**: 100+ generators across all security categories +- **Working Generators**: 98+ generators functional (98% success rate) +- **Parser Coverage**: 100+ community and marketplace parsers available +- **Field Extraction**: Top performers extracting 240-294 fields +- **OCSF Compliance**: 100% compliance achieved by excellent parsers +- **AWS Compatibility**: Enhanced marketplace parser integration +- **Corporate Test Data**: Professional test data across all generators + +## Architecture + +### Event Generators +- Each generator is self-contained (<200 lines) +- Uses only Python standard library (except `hec_sender.py` which requires `requests`) +- Returns structured JSON events +- Includes AI-SIEM specific attributes for parser compatibility + +### Parser Structure +Each parser directory contains: +- JSON configuration with parsing rules +- `metadata.yaml` with parser metadata +- Parser naming convention: `__-latest/` + +### Key Patterns +1. Generators follow naming convention: `_.py` +2. Each generator exports a `_log()` function returning a dictionary +3. `hec_sender.py` maps products to their respective generators +4. Parsers use JSON schema definitions for field mapping +5. Testing framework validates end-to-end pipeline effectiveness + +## Environment Variables + +### For Event Generation & HEC Sending +```bash +export S1_HEC_TOKEN="your-hec-token-here" +``` + +### For SDL API Querying (Parser Testing) +```bash +export S1_SDL_API_TOKEN="your-read-api-token-here" +``` + +## File Structure + +``` +├── README.md # Project overview and setup guide +├── RELEASE_NOTES.md # Comprehensive release notes +├── CHANGELOG.md # Version history and changes +├── CLAUDE.md # Development guidance for Claude Code +├── detections.conf # SentinelOne detection rules +├── event_generators/ # Organized security event generators +│ ├── cloud_infrastructure/ # AWS, Google Cloud, Azure (9 generators) +│ ├── network_security/ # Firewalls, NDR, network devices (34 generators) +│ ├── endpoint_security/ # EDR, endpoint protection (6 generators) +│ ├── identity_access/ # IAM, authentication, PAM (20 generators) +│ ├── email_security/ # Email security platforms (4 generators) +│ ├── web_security/ # WAF, web proxies, CDN (13 generators) +│ ├── infrastructure/ # IT management, backup, DevOps (20 generators) +│ └── shared/ # Common utilities and HEC sender +├── parsers/community/ # 100+ JSON-based parser configurations +├── scenarios/ # Attack simulation scenarios +├── testing/ # Comprehensive validation tools +│ ├── validation/ # Parser effectiveness testing +│ ├── bulk_testing/ # Bulk event sending and testing +│ └── utilities/ # Testing utilities and fixes +├── utilities/ # Supporting tools and scripts +│ ├── continuous_senders/ # Continuous data streaming utilities +│ └── parsers/ # Parser management tools +├── api/ # REST API implementation +├── docs/ # Comprehensive documentation +└── archive/ # Historical data and deprecated files +``` + +## Recent Major Improvements + +### Repository Cleanup & Security (v2.2.0) +- **Security Enhancements**: Removed sensitive .coral files from version control +- **AWS Generator Fixes**: Updated CloudTrail, VPC Flow Logs, Route 53, GuardDuty, and WAF for better parser compatibility +- **Corporate Test Data**: Professional business-appropriate test data across all generators +- **Directory Organization**: Clean, organized structure with archived historical data +- **Continuous Data Senders**: New utilities for ongoing event streaming + +### Parser Infrastructure (v2.0.0+) +- **100+ Generators**: Comprehensive coverage across all major security vendors +- **OCSF 1.1.0 Compliance**: All parsers follow Open Cybersecurity Schema Framework standards +- **Marketplace Integration**: 90+ SentinelOne marketplace parsers with enhanced field extraction +- **JSON-Based Configuration**: Modern parser format replacing legacy configurations +- **Enhanced Field Mapping**: Comprehensive OCSF schema mapping with observables extraction + +### API Production Release (v2.1.0) +- **Complete REST API**: Production-ready API with 100+ generator endpoints +- **Authentication System**: Role-based access control with API key management +- **Interactive Documentation**: Swagger UI and comprehensive developer guides +- **Performance Optimization**: Sub-100ms response times with concurrent request handling +- **Monitoring & Metrics**: API usage tracking and performance monitoring + +### Testing & Validation Framework +- **End-to-End Testing**: Real HEC ingestion and SDL API validation +- **Comprehensive Analysis**: Field extraction effectiveness measurement +- **Production Validation**: Actual parser performance in SentinelOne environment +- **Automated Testing**: Continuous validation across all generators and parsers +- **Performance Metrics**: Detailed reporting on extraction rates and compatibility + +## Adding New Generators + +1. **Create Generator File**: Follow naming convention `_.py` in appropriate category directory +2. **Implement Function**: Create `_log()` function returning event dictionary +3. **Use Corporate Test Data**: Include professional business-appropriate test data +4. **Update HEC Sender**: Add to `PROD_MAP` and `SOURCETYPE_MAP` in `hec_sender.py` +5. **Test Compatibility**: Validate with corresponding parser using testing framework +6. **Update Documentation**: Add to README.md and create generator-specific docs +7. **Validate OCSF**: Ensure parser compatibility and field extraction + +## Contributing + +1. **Follow Patterns**: Use existing generator architecture and corporate test data standards +2. **Realistic Events**: Include appropriate field values matching actual vendor log formats +3. **Parser Compatibility**: Ensure events work with corresponding SentinelOne parsers +4. **Comprehensive Testing**: Use validation framework to test generators and parsers +5. **Documentation**: Update guides, README, and create usage examples +6. **Security Compliance**: Follow OCSF standards and security best practices +7. **Professional Data**: Use corporate business examples, not themed test data + +## License + +This project is designed for defensive security testing and research purposes. Use responsibly and in accordance with your organization's security policies. diff --git a/api/.env.example b/Backend/api/.env.example similarity index 100% rename from api/.env.example rename to Backend/api/.env.example diff --git a/Backend/api/Dockerfile b/Backend/api/Dockerfile new file mode 100644 index 0000000..18970cd --- /dev/null +++ b/Backend/api/Dockerfile @@ -0,0 +1,71 @@ +# Multi-stage build for Jarvis Coding API +FROM python:3.11-slim as builder + +# Set working directory +WORKDIR /app + +# Install build dependencies +RUN apt-get update && apt-get install -y \ + gcc \ + && rm -rf /var/lib/apt/lists/* + +# Copy requirements +COPY Backend/api/requirements.txt . + +# Install Python dependencies into system site-packages +RUN pip install --no-cache-dir -r requirements.txt + +# Production stage +FROM python:3.11-slim + +# Install gosu for user switching in entrypoint +RUN apt-get update && apt-get install -y gosu && rm -rf /var/lib/apt/lists/* + +# Set working directory +WORKDIR /app + +# Copy Python dependencies from builder +COPY --from=builder /usr/local /usr/local + +# Copy application code +COPY Backend/api/app/ ./app/ +COPY Backend/api/start_api.py . +COPY Backend/api/entrypoint.sh . + +# Copy event generators and parsers from parent directory +COPY Backend/event_generators ./event_generators +COPY Backend/parsers ./parsers +COPY Backend/scenarios ./scenarios + +# Ensure PATH is set (python, pip already in /usr/local/bin) +ENV PATH=/usr/local/bin:$PATH + +# Provide absolute path compatibility for code expecting top-level dirs +RUN ln -s /app/event_generators /event_generators \ + && ln -s /app/parsers /parsers \ + && ln -s /app/scenarios /scenarios + +# Create data directory for ephemeral database +RUN mkdir -p /app/data + +# Fix Windows line endings for shell script +RUN apt-get update && apt-get install -y dos2unix && \ + dos2unix /app/entrypoint.sh && \ + apt-get remove -y dos2unix && \ + apt-get autoremove -y && \ + rm -rf /var/lib/apt/lists/* + +# Create non-root user +RUN useradd -m -u 1000 jarvis && \ + chown -R jarvis:jarvis /app && \ + chmod +x /app/entrypoint.sh + +# Expose port +EXPOSE 8000 + +# Health check +HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ + CMD python -c "import requests; requests.get('http://localhost:8000/api/v1/health')" || exit 1 + +# Use entrypoint script to handle directory permissions +ENTRYPOINT ["/app/entrypoint.sh"] \ No newline at end of file diff --git a/api/README.md b/Backend/api/README.md similarity index 100% rename from api/README.md rename to Backend/api/README.md diff --git a/api/app/core/config.py b/Backend/api/app/core/config.py similarity index 100% rename from api/app/core/config.py rename to Backend/api/app/core/config.py diff --git a/api/app/core/simple_auth.py b/Backend/api/app/core/simple_auth.py similarity index 100% rename from api/app/core/simple_auth.py rename to Backend/api/app/core/simple_auth.py diff --git a/api/app/main.py b/Backend/api/app/main.py similarity index 92% rename from api/app/main.py rename to Backend/api/app/main.py index 8659334..b84470e 100644 --- a/api/app/main.py +++ b/Backend/api/app/main.py @@ -16,9 +16,10 @@ sys.path.insert(0, str(Path(__file__).parent.parent.parent)) from app.core.config import settings -from app.routers import generators, parsers, validation, health, scenarios, export, metrics, search, categories +from app.routers import generators, parsers, health, scenarios, export, metrics, search, categories, destinations, uploads from app.utils.logging import setup_logging from app.core.simple_auth import validate_api_keys_config +from app.services.destination_service import init_db # Setup logging setup_logging() @@ -33,6 +34,9 @@ async def lifespan(app: FastAPI): logger.info(f"Generators path: {settings.GENERATORS_PATH}") logger.info(f"Parsers path: {settings.PARSERS_PATH}") + # Initialize database + await init_db() + # Initialize and validate authentication auth_config = validate_api_keys_config() @@ -178,12 +182,6 @@ async def root(): tags=["parsers"] ) -app.include_router( - validation.router, - prefix=f"{settings.API_V1_STR}/validation", - tags=["validation"] -) - app.include_router( scenarios.router, prefix=f"{settings.API_V1_STR}/scenarios", @@ -214,6 +212,18 @@ async def root(): tags=["categories"] ) +app.include_router( + destinations.router, + prefix=f"{settings.API_V1_STR}/destinations", + tags=["destinations"] +) + +app.include_router( + uploads.router, + prefix=f"{settings.API_V1_STR}/uploads", + tags=["uploads"] +) + if __name__ == "__main__": import uvicorn uvicorn.run( diff --git a/Backend/api/app/models/destination.py b/Backend/api/app/models/destination.py new file mode 100644 index 0000000..70c93fe --- /dev/null +++ b/Backend/api/app/models/destination.py @@ -0,0 +1,60 @@ +"""Database models for destinations""" +from sqlalchemy import Column, String, Integer, DateTime, Text +from sqlalchemy.ext.declarative import declarative_base +from datetime import datetime + +Base = declarative_base() + + +class Destination(Base): + """Destination model for HEC and Syslog targets""" + __tablename__ = "destinations" + + id = Column(String, primary_key=True) + name = Column(String, nullable=False, unique=True) + type = Column(String, nullable=False) # 'hec' or 'syslog' + + # HEC fields + url = Column(String, nullable=True) + token_encrypted = Column(Text, nullable=True) # Encrypted HEC token + + # Syslog fields + ip = Column(String, nullable=True) + port = Column(Integer, nullable=True) + protocol = Column(String, nullable=True) # 'UDP' or 'TCP' + + # Metadata + created_at = Column(DateTime, default=datetime.utcnow) + updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow) + + def to_dict(self, include_token=False, encryption_service=None): + """Convert to dictionary, optionally excluding sensitive data""" + result = { + 'id': self.id, + 'name': self.name, + 'type': self.type, + 'created_at': self.created_at.isoformat() if self.created_at else None, + 'updated_at': self.updated_at.isoformat() if self.updated_at else None, + } + + if self.type == 'hec': + result['url'] = self.url + if include_token: + result['token_encrypted'] = self.token_encrypted + + # Check if destination has a real database token (not LOCAL_STORAGE placeholder) + if self.token_encrypted and encryption_service: + try: + decrypted = encryption_service.decrypt(self.token_encrypted) + result['has_database_token'] = (decrypted != 'LOCAL_STORAGE') + except: + result['has_database_token'] = False + else: + result['has_database_token'] = bool(self.token_encrypted) + elif self.type == 'syslog': + result['ip'] = self.ip + result['port'] = self.port + result['protocol'] = self.protocol + result['has_database_token'] = None # Not applicable for syslog + + return result diff --git a/api/app/models/requests.py b/Backend/api/app/models/requests.py similarity index 85% rename from api/app/models/requests.py rename to Backend/api/app/models/requests.py index 253dddc..2d379a7 100644 --- a/api/app/models/requests.py +++ b/Backend/api/app/models/requests.py @@ -8,11 +8,21 @@ class GeneratorExecuteRequest(BaseModel): """Generator execution request with strict validation""" - count: int = Field(..., ge=1, le=1000, description="Number of events to generate") + count: Optional[int] = Field(None, ge=1, le=10000, description="Number of events to generate (ignored if continuous=True)") format: str = Field(..., pattern="^(json|csv|syslog|key_value)$", description="Output format") star_trek_theme: bool = Field(default=True, description="Use Star Trek themed data") + continuous: bool = Field(default=False, description="Run indefinitely (ignores count)") + eps: Optional[float] = Field(None, ge=0.1, le=10000, description="Events per second rate") + speed_mode: bool = Field(False, description="Pre-generate 1K events and loop for max throughput (auto-enabled for EPS > 1000)") options: Dict[str, Any] = Field(default_factory=dict, description="Generator-specific options") + @validator('count') + def validate_count(cls, v, values): + continuous = values.get('continuous', False) + if not continuous and v is None: + raise ValueError('count is required when continuous=False') + return v + class Config: validate_assignment = True extra = "forbid" # Reject extra fields diff --git a/api/app/models/responses.py b/Backend/api/app/models/responses.py similarity index 100% rename from api/app/models/responses.py rename to Backend/api/app/models/responses.py diff --git a/api/app/routers/categories.py b/Backend/api/app/routers/categories.py similarity index 100% rename from api/app/routers/categories.py rename to Backend/api/app/routers/categories.py diff --git a/Backend/api/app/routers/destinations.py b/Backend/api/app/routers/destinations.py new file mode 100644 index 0000000..6ab2a3b --- /dev/null +++ b/Backend/api/app/routers/destinations.py @@ -0,0 +1,296 @@ +"""API endpoints for destination management""" +from fastapi import APIRouter, Depends, HTTPException, status +from pydantic import BaseModel, Field +from typing import Optional, List +from sqlalchemy.ext.asyncio import AsyncSession +import logging + +from app.services.destination_service import DestinationService, get_session, init_db +from app.core.simple_auth import get_api_key + +logger = logging.getLogger(__name__) + +router = APIRouter() + + +# Pydantic models for request/response +class DestinationCreate(BaseModel): + """Request model for creating a destination""" + name: str = Field(..., description="Destination name (must be unique)") + type: str = Field(..., description="Destination type: 'hec' or 'syslog'") + + # HEC fields + url: Optional[str] = Field(None, description="HEC URL (required for HEC destinations)") + token: Optional[str] = Field(None, description="HEC token (required for HEC destinations)") + + # Syslog fields + ip: Optional[str] = Field(None, description="Syslog IP (required for syslog destinations)") + port: Optional[int] = Field(None, description="Syslog port (required for syslog destinations)") + protocol: Optional[str] = Field(None, description="Syslog protocol: 'UDP' or 'TCP'") + + +class DestinationUpdate(BaseModel): + """Request model for updating a destination""" + name: Optional[str] = None + url: Optional[str] = None + token: Optional[str] = None + ip: Optional[str] = None + port: Optional[int] = None + protocol: Optional[str] = None + + +class DestinationResponse(BaseModel): + """Response model for a destination (without sensitive data)""" + id: str + name: str + type: str + url: Optional[str] = None + ip: Optional[str] = None + port: Optional[int] = None + protocol: Optional[str] = None + created_at: Optional[str] = None + updated_at: Optional[str] = None + has_database_token: Optional[bool] = None # True if token is in DB, False if LOCAL_STORAGE + + +class DestinationWithToken(DestinationResponse): + """Response model including decrypted token (for internal use)""" + token: Optional[str] = None + + +@router.on_event("startup") +async def startup(): + """Initialize database on startup""" + await init_db() + + +@router.post("", response_model=DestinationResponse, status_code=status.HTTP_201_CREATED) +async def create_destination( + destination: DestinationCreate, + session: AsyncSession = Depends(get_session), + auth_info: tuple = Depends(get_api_key) +): + """ + Create a new destination + + - **name**: Unique destination name + - **type**: 'hec' or 'syslog' + - For HEC: provide **url** and **token** + - For Syslog: provide **ip**, **port**, and **protocol** (UDP/TCP) + """ + service = DestinationService(session) + + # Validate required fields based on type + if destination.type == 'hec': + if not destination.url or not destination.token: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="HEC destinations require 'url' and 'token'" + ) + # Normalize URL + base_url = destination.url.rstrip('/') + if not (base_url.endswith('/event') or base_url.endswith('/raw') or '/services/collector' in base_url): + base_url = base_url + '/services/collector' + destination.url = base_url + elif destination.type == 'syslog': + if not destination.ip or not destination.port or not destination.protocol: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Syslog destinations require 'ip', 'port', and 'protocol'" + ) + if destination.protocol.upper() not in ('UDP', 'TCP'): + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Protocol must be 'UDP' or 'TCP'" + ) + destination.protocol = destination.protocol.upper() + else: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Type must be 'hec' or 'syslog'" + ) + + # Check for duplicate name + existing = await service.get_destination_by_name(destination.name) + if existing: + raise HTTPException( + status_code=status.HTTP_409_CONFLICT, + detail=f"Destination with name '{destination.name}' already exists" + ) + + try: + logger.info(f"Creating destination: name={destination.name}, type={destination.type}") + dest = await service.create_destination( + name=destination.name, + dest_type=destination.type, + url=destination.url, + token=destination.token, + ip=destination.ip, + port=destination.port, + protocol=destination.protocol + ) + logger.info(f"Successfully created destination: {dest.id}") + return dest.to_dict() + except Exception as e: + logger.error(f"Failed to create destination: {e}", exc_info=True) + raise HTTPException( + status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, + detail=f"Failed to create destination: {str(e)}" + ) + + +@router.get("", response_model=List[DestinationResponse]) +async def list_destinations( + session: AsyncSession = Depends(get_session), + auth_info: tuple = Depends(get_api_key) +): + """ + List all destinations (without sensitive token data) + """ + service = DestinationService(session) + destinations = await service.list_destinations() + logger.debug(f"Listing {len(destinations)} destinations") + return [dest.to_dict(encryption_service=service.encryption) for dest in destinations] + + +@router.get("/{dest_id}", response_model=DestinationResponse) +async def get_destination( + dest_id: str, + session: AsyncSession = Depends(get_session), + auth_info: tuple = Depends(get_api_key) +): + """ + Get a specific destination by ID + """ + service = DestinationService(session) + destination = await service.get_destination(dest_id) + if not destination: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail=f"Destination '{dest_id}' not found" + ) + return destination.to_dict(encryption_service=service.encryption) + + +@router.get("/{dest_id}/token") +async def get_destination_token( + dest_id: str, + session: AsyncSession = Depends(get_session), + auth_info: tuple = Depends(get_api_key) +): + """ + Get decrypted token for a destination (internal use only) + + Returns the decrypted HEC token for use by scenarios and generators + """ + service = DestinationService(session) + destination = await service.get_destination(dest_id) + if not destination: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail=f"Destination '{dest_id}' not found" + ) + + if destination.type != 'hec': + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Only HEC destinations have tokens" + ) + + if not destination.token_encrypted: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail="No token found for this destination" + ) + + try: + token = service.decrypt_token(destination.token_encrypted) + + # Check if this is a local-storage-only destination + if token == 'LOCAL_STORAGE': + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="This destination uses local browser storage. Please provide the token from your browser." + ) + + logger.info(f"Successfully decrypted token for destination: {dest_id}") + return {"token": token} + except HTTPException: + raise # Re-raise HTTP exceptions + except Exception as e: + logger.error(f"Failed to decrypt token: {e}") + raise HTTPException( + status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, + detail="Failed to decrypt token" + ) + + +@router.put("/{dest_id}", response_model=DestinationResponse) +async def update_destination( + dest_id: str, + update: DestinationUpdate, + session: AsyncSession = Depends(get_session), + auth_info: tuple = Depends(get_api_key) +): + """ + Update a destination + + Only provided fields will be updated + """ + service = DestinationService(session) + + # Validate protocol if provided + if update.protocol and update.protocol.upper() not in ('UDP', 'TCP'): + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Protocol must be 'UDP' or 'TCP'" + ) + + if update.protocol: + update.protocol = update.protocol.upper() + + try: + destination = await service.update_destination( + dest_id=dest_id, + name=update.name, + url=update.url, + token=update.token, + ip=update.ip, + port=update.port, + protocol=update.protocol + ) + + if not destination: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail=f"Destination '{dest_id}' not found" + ) + + return destination.to_dict() + except Exception as e: + logger.error(f"Failed to update destination: {e}", exc_info=True) + raise HTTPException( + status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, + detail=f"Failed to update destination: {str(e)}" + ) + + +@router.delete("/{dest_id}", status_code=status.HTTP_204_NO_CONTENT) +async def delete_destination( + dest_id: str, + session: AsyncSession = Depends(get_session), + auth_info: tuple = Depends(get_api_key) +): + """ + Delete a destination + """ + service = DestinationService(session) + deleted = await service.delete_destination(dest_id) + + if not deleted: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail=f"Destination '{dest_id}' not found" + ) + + return None diff --git a/api/app/routers/export.py b/Backend/api/app/routers/export.py similarity index 100% rename from api/app/routers/export.py rename to Backend/api/app/routers/export.py diff --git a/api/app/routers/generators.py b/Backend/api/app/routers/generators.py similarity index 100% rename from api/app/routers/generators.py rename to Backend/api/app/routers/generators.py diff --git a/api/app/routers/health.py b/Backend/api/app/routers/health.py similarity index 100% rename from api/app/routers/health.py rename to Backend/api/app/routers/health.py diff --git a/api/app/routers/metrics.py b/Backend/api/app/routers/metrics.py similarity index 100% rename from api/app/routers/metrics.py rename to Backend/api/app/routers/metrics.py diff --git a/api/app/routers/parsers.py b/Backend/api/app/routers/parsers.py similarity index 100% rename from api/app/routers/parsers.py rename to Backend/api/app/routers/parsers.py diff --git a/api/app/routers/scenarios.py b/Backend/api/app/routers/scenarios.py similarity index 100% rename from api/app/routers/scenarios.py rename to Backend/api/app/routers/scenarios.py diff --git a/api/app/routers/search.py b/Backend/api/app/routers/search.py similarity index 100% rename from api/app/routers/search.py rename to Backend/api/app/routers/search.py diff --git a/Backend/api/app/routers/uploads.py b/Backend/api/app/routers/uploads.py new file mode 100644 index 0000000..8abba6b --- /dev/null +++ b/Backend/api/app/routers/uploads.py @@ -0,0 +1,245 @@ +"""API endpoints for file upload and processing""" +from fastapi import APIRouter, Depends, HTTPException, UploadFile, File, status, BackgroundTasks +from pydantic import BaseModel, Field +from typing import Optional, List +import logging +import os +import json +import csv +import shutil +import uuid +import gzip +from pathlib import Path +from datetime import datetime + +from app.core.simple_auth import get_api_key + +logger = logging.getLogger(__name__) + +router = APIRouter() + +# Configure upload directory +UPLOAD_DIR = Path("/app/data/uploads") if os.path.exists("/app/data") else Path("./data/uploads") +UPLOAD_DIR.mkdir(parents=True, exist_ok=True) + +# File size limit: 1GB +MAX_FILE_SIZE = 1 * 1024 * 1024 * 1024 # 1GB in bytes + +# Store upload metadata in memory (could be moved to database) +_UPLOADS = {} + + +class FileUploadResponse(BaseModel): + """Response model for file upload""" + id: str + filename: str + file_type: str + size: int + line_count: Optional[int] = None + uploaded_at: str + status: str = "uploaded" + + +class FileProcessRequest(BaseModel): + """Request model for processing uploaded file""" + upload_id: str = Field(..., description="ID of uploaded file") + destination_id: str = Field(..., description="HEC destination ID") + batch_size: int = Field(100, ge=1, le=1000, description="Number of events per batch") + sourcetype: str = Field(..., description="Sourcetype for HEC parsing") + endpoint: str = Field("event", description="HEC endpoint: 'event' or 'raw'") + + +@router.post("/upload", response_model=FileUploadResponse, status_code=status.HTTP_201_CREATED) +async def upload_file( + file: UploadFile = File(...), + auth_info: tuple = Depends(get_api_key) +): + """ + Upload a file for processing + + - **file**: CSV, JSON, TXT, LOG, or GZ file (max 1GB) + - Accepted formats: .csv, .json, .txt, .log, .gz + - GZ files will be automatically decompressed + """ + # Validate file extension + if not file.filename: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="No filename provided" + ) + + file_ext = Path(file.filename).suffix.lower() + allowed_extensions = ['.csv', '.json', '.txt', '.log', '.gz'] + if file_ext not in allowed_extensions: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail=f"Invalid file type '{file_ext}'. Allowed: {', '.join(allowed_extensions)}" + ) + + # Generate unique ID for this upload + upload_id = str(uuid.uuid4()) + + # Create safe filename + safe_filename = f"{upload_id}_{file.filename}" + file_path = UPLOAD_DIR / safe_filename + + try: + # Stream file to disk with size checking + total_size = 0 + with open(file_path, "wb") as buffer: + while chunk := await file.read(1024 * 1024): # Read 1MB at a time + total_size += len(chunk) + if total_size > MAX_FILE_SIZE: + buffer.close() + file_path.unlink() # Delete partial file + raise HTTPException( + status_code=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE, + detail=f"File size exceeds maximum allowed size of 1GB" + ) + buffer.write(chunk) + + logger.info(f"File uploaded: {safe_filename} ({total_size} bytes)") + + # Handle gzip decompression + actual_file_type = file_ext.lstrip('.') + decompressed_path = file_path + + if file_ext == '.gz': + logger.info(f"Decompressing gzip file: {safe_filename}") + try: + # Decompress to a new file + decompressed_filename = safe_filename.rsplit('.gz', 1)[0] + decompressed_path = UPLOAD_DIR / decompressed_filename + + with gzip.open(file_path, 'rb') as f_in: + with open(decompressed_path, 'wb') as f_out: + shutil.copyfileobj(f_in, f_out) + + # Remove original gz file + file_path.unlink() + file_path = decompressed_path + safe_filename = decompressed_filename + + # Detect actual file type from decompressed filename + inner_ext = Path(decompressed_filename).suffix.lower() + if inner_ext in ['.csv', '.json', '.txt', '.log']: + actual_file_type = inner_ext.lstrip('.') + else: + actual_file_type = 'txt' # Default to txt for unknown extensions + + logger.info(f"Decompressed to: {decompressed_filename}, detected type: {actual_file_type}") + except Exception as e: + logger.error(f"Failed to decompress gzip file: {e}") + if file_path.exists(): + file_path.unlink() + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail=f"Failed to decompress gzip file: {str(e)}" + ) + + # Count lines/records + line_count = None + try: + if actual_file_type == 'json': + with open(file_path, 'r') as f: + data = json.load(f) + if isinstance(data, list): + line_count = len(data) + else: + line_count = 1 + elif actual_file_type == 'csv': + with open(file_path, 'r') as f: + line_count = sum(1 for _ in csv.reader(f)) - 1 # Subtract header + elif actual_file_type in ['txt', 'log']: + with open(file_path, 'r') as f: + line_count = sum(1 for _ in f) + except Exception as e: + logger.warning(f"Could not count lines in {safe_filename}: {e}") + + # Store metadata + upload_metadata = { + 'id': upload_id, + 'filename': file.filename, + 'safe_filename': safe_filename, + 'file_type': actual_file_type, + 'size': total_size, + 'line_count': line_count, + 'uploaded_at': datetime.utcnow().isoformat(), + 'status': 'uploaded', + 'file_path': str(file_path) + } + _UPLOADS[upload_id] = upload_metadata + + return FileUploadResponse(**upload_metadata) + + except HTTPException: + raise + except Exception as e: + logger.error(f"Failed to upload file: {e}", exc_info=True) + if file_path.exists(): + file_path.unlink() + raise HTTPException( + status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, + detail=f"Failed to upload file: {str(e)}" + ) + + +@router.get("/uploads", response_model=List[FileUploadResponse]) +async def list_uploads( + auth_info: tuple = Depends(get_api_key) +): + """ + List all uploaded files + """ + return [ + FileUploadResponse(**upload) + for upload in _UPLOADS.values() + ] + + +@router.get("/uploads/{upload_id}", response_model=FileUploadResponse) +async def get_upload( + upload_id: str, + auth_info: tuple = Depends(get_api_key) +): + """ + Get details about a specific upload + """ + if upload_id not in _UPLOADS: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail=f"Upload '{upload_id}' not found" + ) + + return FileUploadResponse(**_UPLOADS[upload_id]) + + +@router.delete("/uploads/{upload_id}", status_code=status.HTTP_204_NO_CONTENT) +async def delete_upload( + upload_id: str, + auth_info: tuple = Depends(get_api_key) +): + """ + Delete an uploaded file + """ + if upload_id not in _UPLOADS: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail=f"Upload '{upload_id}' not found" + ) + + upload = _UPLOADS[upload_id] + file_path = Path(upload['file_path']) + + try: + if file_path.exists(): + file_path.unlink() + del _UPLOADS[upload_id] + logger.info(f"Deleted upload: {upload_id}") + return None + except Exception as e: + logger.error(f"Failed to delete upload: {e}", exc_info=True) + raise HTTPException( + status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, + detail=f"Failed to delete upload: {str(e)}" + ) diff --git a/Backend/api/app/services/destination_service.py b/Backend/api/app/services/destination_service.py new file mode 100644 index 0000000..bbf323d --- /dev/null +++ b/Backend/api/app/services/destination_service.py @@ -0,0 +1,184 @@ +"""Business logic for destination management""" +from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine +from sqlalchemy.orm import sessionmaker +from sqlalchemy import select, delete +from typing import List, Optional +import logging +from datetime import datetime + +from app.models.destination import Destination, Base +from app.utils.encryption import get_encryption_instance +from app.core.config import settings + +logger = logging.getLogger(__name__) + +# Create async engine and session +engine = create_async_engine( + settings.DATABASE_URL, + echo=False, + future=True +) + +async_session_maker = sessionmaker( + engine, class_=AsyncSession, expire_on_commit=False +) + + +async def init_db(): + """Initialize database tables""" + async with engine.begin() as conn: + await conn.run_sync(Base.metadata.create_all) + logger.info("Destinations database initialized") + + +async def get_session() -> AsyncSession: + """Get database session""" + async with async_session_maker() as session: + yield session + + +class DestinationService: + """Service for managing destinations""" + + def __init__(self, session: AsyncSession, encryption_key: Optional[str] = None): + self.session = session + self.encryption = get_encryption_instance(encryption_key or settings.SECRET_KEY) + + async def create_destination( + self, + name: str, + dest_type: str, + url: Optional[str] = None, + token: Optional[str] = None, + ip: Optional[str] = None, + port: Optional[int] = None, + protocol: Optional[str] = None + ) -> Destination: + """ + Create a new destination + + Args: + name: Destination name (must be unique) + dest_type: 'hec' or 'syslog' + url: HEC URL (for HEC destinations) + token: HEC token (for HEC destinations, will be encrypted) + ip: Syslog IP (for syslog destinations) + port: Syslog port (for syslog destinations) + protocol: 'UDP' or 'TCP' (for syslog destinations) + + Returns: + Created Destination object + """ + # Generate ID - find the next available number for this type + result = await self.session.execute( + select(Destination).where(Destination.type == dest_type) + ) + existing = result.scalars().all() + + # Extract numbers from existing IDs and find max + max_num = 0 + for dest in existing: + try: + num = int(dest.id.split(':')[1]) + if num > max_num: + max_num = num + except (IndexError, ValueError): + continue + + dest_id = f"{dest_type}:{max_num + 1}" + + # Create destination + destination = Destination( + id=dest_id, + name=name, + type=dest_type + ) + + if dest_type == 'hec': + destination.url = url + if token: + destination.token_encrypted = self.encryption.encrypt(token) + elif dest_type == 'syslog': + destination.ip = ip + destination.port = port + destination.protocol = protocol + + self.session.add(destination) + await self.session.commit() + await self.session.refresh(destination) + + logger.info(f"Created destination: {dest_id} ({name})") + return destination + + async def get_destination(self, dest_id: str) -> Optional[Destination]: + """Get a destination by ID""" + result = await self.session.execute( + select(Destination).where(Destination.id == dest_id) + ) + return result.scalar_one_or_none() + + async def get_destination_by_name(self, name: str) -> Optional[Destination]: + """Get a destination by name""" + result = await self.session.execute( + select(Destination).where(Destination.name == name) + ) + return result.scalar_one_or_none() + + async def list_destinations(self) -> List[Destination]: + """List all destinations""" + result = await self.session.execute(select(Destination)) + return result.scalars().all() + + async def update_destination( + self, + dest_id: str, + name: Optional[str] = None, + url: Optional[str] = None, + token: Optional[str] = None, + ip: Optional[str] = None, + port: Optional[int] = None, + protocol: Optional[str] = None + ) -> Optional[Destination]: + """Update a destination""" + destination = await self.get_destination(dest_id) + if not destination: + return None + + if name: + destination.name = name + + if destination.type == 'hec': + if url: + destination.url = url + if token: + destination.token_encrypted = self.encryption.encrypt(token) + elif destination.type == 'syslog': + if ip: + destination.ip = ip + if port: + destination.port = port + if protocol: + destination.protocol = protocol + + destination.updated_at = datetime.utcnow() + await self.session.commit() + await self.session.refresh(destination) + + logger.info(f"Updated destination: {dest_id}") + return destination + + async def delete_destination(self, dest_id: str) -> bool: + """Delete a destination""" + result = await self.session.execute( + delete(Destination).where(Destination.id == dest_id) + ) + await self.session.commit() + + deleted = result.rowcount > 0 + if deleted: + logger.info(f"Deleted destination: {dest_id}") + return deleted + + def decrypt_token(self, encrypted_token: str) -> str: + """Decrypt a token""" + return self.encryption.decrypt(encrypted_token) diff --git a/api/app/services/generator_service.py b/Backend/api/app/services/generator_service.py similarity index 100% rename from api/app/services/generator_service.py rename to Backend/api/app/services/generator_service.py diff --git a/api/app/services/metrics_service.py b/Backend/api/app/services/metrics_service.py similarity index 100% rename from api/app/services/metrics_service.py rename to Backend/api/app/services/metrics_service.py diff --git a/api/app/services/parser_service.py b/Backend/api/app/services/parser_service.py similarity index 100% rename from api/app/services/parser_service.py rename to Backend/api/app/services/parser_service.py diff --git a/api/app/services/scenario_service.py b/Backend/api/app/services/scenario_service.py similarity index 100% rename from api/app/services/scenario_service.py rename to Backend/api/app/services/scenario_service.py diff --git a/api/app/services/search_service.py b/Backend/api/app/services/search_service.py similarity index 100% rename from api/app/services/search_service.py rename to Backend/api/app/services/search_service.py diff --git a/api/app/utils/api_key_generator.py b/Backend/api/app/utils/api_key_generator.py similarity index 100% rename from api/app/utils/api_key_generator.py rename to Backend/api/app/utils/api_key_generator.py diff --git a/Backend/api/app/utils/encryption.py b/Backend/api/app/utils/encryption.py new file mode 100644 index 0000000..17d032c --- /dev/null +++ b/Backend/api/app/utils/encryption.py @@ -0,0 +1,76 @@ +"""Token encryption utilities using Fernet symmetric encryption""" +from cryptography.fernet import Fernet +import base64 +import hashlib +import os +from typing import Optional +import logging + +logger = logging.getLogger(__name__) + + +class TokenEncryption: + """Handle encryption and decryption of sensitive tokens""" + + def __init__(self, secret_key: str): + """ + Initialize encryption with a secret key + + Args: + secret_key: Secret key from environment (e.g., SECRET_KEY) + """ + # Derive a Fernet key from the secret key + # Fernet requires a 32-byte base64-encoded key + key_bytes = hashlib.sha256(secret_key.encode()).digest() + self.fernet_key = base64.urlsafe_b64encode(key_bytes) + self.cipher = Fernet(self.fernet_key) + + def encrypt(self, plaintext: str) -> str: + """ + Encrypt a plaintext string + + Args: + plaintext: The string to encrypt + + Returns: + Base64-encoded encrypted string + """ + try: + encrypted_bytes = self.cipher.encrypt(plaintext.encode()) + return encrypted_bytes.decode('utf-8') + except Exception as e: + logger.error(f"Encryption failed: {e}") + raise + + def decrypt(self, encrypted: str) -> str: + """ + Decrypt an encrypted string + + Args: + encrypted: Base64-encoded encrypted string + + Returns: + Decrypted plaintext string + """ + try: + decrypted_bytes = self.cipher.decrypt(encrypted.encode()) + return decrypted_bytes.decode('utf-8') + except Exception as e: + logger.error(f"Decryption failed: {e}") + raise + + +def get_encryption_instance(secret_key: Optional[str] = None) -> TokenEncryption: + """ + Get a TokenEncryption instance + + Args: + secret_key: Optional secret key; if not provided, uses SECRET_KEY from env + + Returns: + TokenEncryption instance + """ + if not secret_key: + secret_key = os.getenv('SECRET_KEY', 'your-secret-key-change-in-production') + + return TokenEncryption(secret_key) diff --git a/api/app/utils/logging.py b/Backend/api/app/utils/logging.py similarity index 100% rename from api/app/utils/logging.py rename to Backend/api/app/utils/logging.py diff --git a/Backend/api/entrypoint.sh b/Backend/api/entrypoint.sh new file mode 100644 index 0000000..603ef7c --- /dev/null +++ b/Backend/api/entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -e + +# Ensure data directory exists and has proper permissions +echo "Ensuring /app/data directory exists with proper permissions..." +mkdir -p /app/data + +# Fix ownership to jarvis user if running as root +if [ "$(id -u)" = "0" ]; then + chown -R jarvis:jarvis /app/data + echo "Fixed /app/data ownership for jarvis user" + # Switch to jarvis user and start the application + exec gosu jarvis python start_api.py +else + # Already running as jarvis, just start the app + exec python start_api.py +fi diff --git a/Backend/api/requirements.txt b/Backend/api/requirements.txt new file mode 100644 index 0000000..b4137e7 --- /dev/null +++ b/Backend/api/requirements.txt @@ -0,0 +1,42 @@ +# Core API dependencies +fastapi +uvicorn[standard] +python-multipart +pydantic +pydantic-settings + +# Authentication +python-jose[cryptography] +passlib[bcrypt] +python-dotenv +cryptography + +# Database +sqlalchemy +alembic +databases +asyncpg +aiosqlite + +# Utilities +httpx +aiofiles +python-json-logger +requests + +# CORS and security +python-multipart +email-validator + +# Testing +pytest +pytest-asyncio +pytest-cov + +# Development +black +flake8 +mypy + +# Monitoring +prometheus-client diff --git a/api/requirements_simple.txt b/Backend/api/requirements_simple.txt similarity index 67% rename from api/requirements_simple.txt rename to Backend/api/requirements_simple.txt index 50232fb..faaca94 100644 --- a/api/requirements_simple.txt +++ b/Backend/api/requirements_simple.txt @@ -5,9 +5,18 @@ python-multipart pydantic pydantic-settings +# Database +sqlalchemy +aiosqlite +greenlet + # Utilities httpx python-dotenv +cryptography + +# Frontend +flask # Testing pytest diff --git a/api/start_api.py b/Backend/api/start_api.py similarity index 100% rename from api/start_api.py rename to Backend/api/start_api.py diff --git a/archive/analysis_results/field_extraction_analysis.json b/Backend/archive/analysis_results/field_extraction_analysis.json similarity index 100% rename from archive/analysis_results/field_extraction_analysis.json rename to Backend/archive/analysis_results/field_extraction_analysis.json diff --git a/archive/analysis_results/field_extraction_comparison.py b/Backend/archive/analysis_results/field_extraction_comparison.py similarity index 100% rename from archive/analysis_results/field_extraction_comparison.py rename to Backend/archive/analysis_results/field_extraction_comparison.py diff --git a/archive/analysis_results/field_extraction_results.json b/Backend/archive/analysis_results/field_extraction_results.json similarity index 100% rename from archive/analysis_results/field_extraction_results.json rename to Backend/archive/analysis_results/field_extraction_results.json diff --git a/archive/analysis_results/generator_50_events_results.txt b/Backend/archive/analysis_results/generator_50_events_results.txt similarity index 100% rename from archive/analysis_results/generator_50_events_results.txt rename to Backend/archive/analysis_results/generator_50_events_results.txt diff --git a/archive/analysis_results/generator_field_counts.json b/Backend/archive/analysis_results/generator_field_counts.json similarity index 100% rename from archive/analysis_results/generator_field_counts.json rename to Backend/archive/analysis_results/generator_field_counts.json diff --git a/archive/audit_results/actual_success_rate_results.json b/Backend/archive/audit_results/actual_success_rate_results.json similarity index 100% rename from archive/audit_results/actual_success_rate_results.json rename to Backend/archive/audit_results/actual_success_rate_results.json diff --git a/archive/audit_results/generator_parser_mappings.json b/Backend/archive/audit_results/generator_parser_mappings.json similarity index 100% rename from archive/audit_results/generator_parser_mappings.json rename to Backend/archive/audit_results/generator_parser_mappings.json diff --git a/archive/framework/example_usage.py b/Backend/archive/framework/example_usage.py similarity index 100% rename from archive/framework/example_usage.py rename to Backend/archive/framework/example_usage.py diff --git a/archive/framework/sentinelone_query_framework.py b/Backend/archive/framework/sentinelone_query_framework.py similarity index 100% rename from archive/framework/sentinelone_query_framework.py rename to Backend/archive/framework/sentinelone_query_framework.py diff --git a/archive/sentinelone_query_framework/__init__.py b/Backend/archive/sentinelone_query_framework/__init__.py similarity index 100% rename from archive/sentinelone_query_framework/__init__.py rename to Backend/archive/sentinelone_query_framework/__init__.py diff --git a/archive/sentinelone_query_framework/config/__init__.py b/Backend/archive/sentinelone_query_framework/config/__init__.py similarity index 100% rename from archive/sentinelone_query_framework/config/__init__.py rename to Backend/archive/sentinelone_query_framework/config/__init__.py diff --git a/archive/sentinelone_query_framework/config/settings.py b/Backend/archive/sentinelone_query_framework/config/settings.py similarity index 100% rename from archive/sentinelone_query_framework/config/settings.py rename to Backend/archive/sentinelone_query_framework/config/settings.py diff --git a/archive/sentinelone_query_framework/core/__init__.py b/Backend/archive/sentinelone_query_framework/core/__init__.py similarity index 100% rename from archive/sentinelone_query_framework/core/__init__.py rename to Backend/archive/sentinelone_query_framework/core/__init__.py diff --git a/archive/sentinelone_query_framework/core/field_validator.py b/Backend/archive/sentinelone_query_framework/core/field_validator.py similarity index 100% rename from archive/sentinelone_query_framework/core/field_validator.py rename to Backend/archive/sentinelone_query_framework/core/field_validator.py diff --git a/archive/sentinelone_query_framework/core/powerquery_builder.py b/Backend/archive/sentinelone_query_framework/core/powerquery_builder.py similarity index 100% rename from archive/sentinelone_query_framework/core/powerquery_builder.py rename to Backend/archive/sentinelone_query_framework/core/powerquery_builder.py diff --git a/archive/sentinelone_query_framework/core/sdk_integration.py b/Backend/archive/sentinelone_query_framework/core/sdk_integration.py similarity index 100% rename from archive/sentinelone_query_framework/core/sdk_integration.py rename to Backend/archive/sentinelone_query_framework/core/sdk_integration.py diff --git a/archive/sentinelone_query_framework/reporting/__init__.py b/Backend/archive/sentinelone_query_framework/reporting/__init__.py similarity index 100% rename from archive/sentinelone_query_framework/reporting/__init__.py rename to Backend/archive/sentinelone_query_framework/reporting/__init__.py diff --git a/archive/sentinelone_query_framework/reporting/analysis_engine.py b/Backend/archive/sentinelone_query_framework/reporting/analysis_engine.py similarity index 100% rename from archive/sentinelone_query_framework/reporting/analysis_engine.py rename to Backend/archive/sentinelone_query_framework/reporting/analysis_engine.py diff --git a/archive/testing_scripts/send_50_events_batch.sh b/Backend/archive/testing_scripts/send_50_events_batch.sh similarity index 100% rename from archive/testing_scripts/send_50_events_batch.sh rename to Backend/archive/testing_scripts/send_50_events_batch.sh diff --git a/archive/testing_scripts/send_all_generators_20_events.py b/Backend/archive/testing_scripts/send_all_generators_20_events.py similarity index 100% rename from archive/testing_scripts/send_all_generators_20_events.py rename to Backend/archive/testing_scripts/send_all_generators_20_events.py diff --git a/archive/testing_scripts/send_all_generators_50_events.py b/Backend/archive/testing_scripts/send_all_generators_50_events.py similarity index 100% rename from archive/testing_scripts/send_all_generators_50_events.py rename to Backend/archive/testing_scripts/send_all_generators_50_events.py diff --git a/archive/testing_scripts/send_all_generators_batch.sh b/Backend/archive/testing_scripts/send_all_generators_batch.sh similarity index 100% rename from archive/testing_scripts/send_all_generators_batch.sh rename to Backend/archive/testing_scripts/send_all_generators_batch.sh diff --git a/archive/testing_scripts/send_all_to_sentinelone.py b/Backend/archive/testing_scripts/send_all_to_sentinelone.py similarity index 100% rename from archive/testing_scripts/send_all_to_sentinelone.py rename to Backend/archive/testing_scripts/send_all_to_sentinelone.py diff --git a/archive/validation_scripts/analyze_parser_field_extraction.py b/Backend/archive/validation_scripts/analyze_parser_field_extraction.py similarity index 100% rename from archive/validation_scripts/analyze_parser_field_extraction.py rename to Backend/archive/validation_scripts/analyze_parser_field_extraction.py diff --git a/archive/validation_scripts/count_generator_fields.py b/Backend/archive/validation_scripts/count_generator_fields.py similarity index 100% rename from archive/validation_scripts/count_generator_fields.py rename to Backend/archive/validation_scripts/count_generator_fields.py diff --git a/detections.conf b/Backend/detections.conf similarity index 100% rename from detections.conf rename to Backend/detections.conf diff --git a/Backend/docker-compose.yml b/Backend/docker-compose.yml new file mode 100644 index 0000000..a0fef3b --- /dev/null +++ b/Backend/docker-compose.yml @@ -0,0 +1,68 @@ +services: + api: + build: + context: . + dockerfile: api/Dockerfile + container_name: jarvis-api + ports: + - "8000:8000" + environment: + - HOST=0.0.0.0 + - PORT=8000 + - LOG_LEVEL=info + - SECRET_KEY=${SECRET_KEY:-change-me-in-production} + # Authentication settings + - DISABLE_AUTH=${DISABLE_AUTH:-false} + - API_KEYS_ADMIN=${API_KEYS_ADMIN} + - API_KEYS_READ_ONLY=${API_KEYS_READ_ONLY} + - API_KEYS_WRITE=${API_KEYS_WRITE} + # SentinelOne integration + - S1_HEC_TOKEN=${S1_HEC_TOKEN} + - S1_SDL_API_TOKEN=${S1_SDL_API_TOKEN} + # Database + - DATABASE_URL=sqlite+aiosqlite:///./data/jarvis_coding.db + volumes: + - ./event_generators:/app/event_generators:ro + - ./parsers:/app/parsers:ro + - ./scenarios:/app/scenarios:ro + - ./api/data:/app/data + restart: unless-stopped + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + networks: + - jarvis-network + + # Future: Add database service + # postgres: + # image: postgres:15-alpine + # container_name: jarvis-db + # environment: + # - POSTGRES_DB=jarvis_coding + # - POSTGRES_USER=jarvis + # - POSTGRES_PASSWORD=${DB_PASSWORD:-change-me} + # volumes: + # - postgres_data:/var/lib/postgresql/data + # networks: + # - jarvis-network + + # Future: Add Redis for caching + # redis: + # image: redis:7-alpine + # container_name: jarvis-cache + # command: redis-server --appendonly yes + # volumes: + # - redis_data:/data + # networks: + # - jarvis-network + +networks: + jarvis-network: + driver: bridge + +volumes: + postgres_data: + redis_data: \ No newline at end of file diff --git a/docs/README.md b/Backend/docs/README.md similarity index 100% rename from docs/README.md rename to Backend/docs/README.md diff --git a/docs/api/README.md b/Backend/docs/api/README.md similarity index 100% rename from docs/api/README.md rename to Backend/docs/api/README.md diff --git a/Backend/event_generators/alertgen.sh b/Backend/event_generators/alertgen.sh new file mode 100644 index 0000000..e7ec27e --- /dev/null +++ b/Backend/event_generators/alertgen.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# --- Setup and Activation --- +echo "1. Creating and activating Python virtual environment (.venv)..." +# Create the virtual environment +python3 -m venv .venv + +# Check if the environment was created successfully +if [ -d ".venv" ]; then + # Activate the virtual environment + source .venv/bin/activate + echo "Virtual environment activated successfully." +else + echo "Error: Failed to create the virtual environment. Exiting." + exit 1 +fi + +python -m venv .venv && source .venv/bin/activate + + +python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler_private_access.py >> /home/ubuntu/sample-logs/web_security/zscaler_private_access.log + +python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler_dns_firewall.py --count 100 >> /home/ubuntu/sample-logs/web_security/zscaler-dns-firewall.log +python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler_firewall.py --count 100 >> /home/ubuntu/sample-logs/web_security/zscaler-firewall.log +python /home/ubuntu/jarvis_coding/event_generators/identity_access/microsoft_azure_ad_signin.py >> /home/ubuntu/sample-logs/identity_access/azure_ad_signin.log +python /home/ubuntu/jarvis_coding/event_generators/identity_access/microsoft_azure_ad.py >> /home/ubuntu/sample-logs/identity_access/azure_ad.log + + +# trigger alerts for Zscaler Internet Access +# python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler-trigger-detections.py >> /home/ubuntu/sample-logs/web_security/zscaler-firewall.log +# --- Cleanup --- +# Deactivate the virtual environment (optional, but good practice) +deactivate +echo "Virtual environment deactivated." + +echo "Log generation complete. Check files in $LOG_DIR" \ No newline at end of file diff --git a/event_generators/cloud_infrastructure/aws_cloudtrail.py b/Backend/event_generators/cloud_infrastructure/aws_cloudtrail.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_cloudtrail.py rename to Backend/event_generators/cloud_infrastructure/aws_cloudtrail.py diff --git a/event_generators/cloud_infrastructure/aws_elasticloadbalancer.py b/Backend/event_generators/cloud_infrastructure/aws_elasticloadbalancer.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_elasticloadbalancer.py rename to Backend/event_generators/cloud_infrastructure/aws_elasticloadbalancer.py diff --git a/event_generators/cloud_infrastructure/aws_guardduty.py b/Backend/event_generators/cloud_infrastructure/aws_guardduty.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_guardduty.py rename to Backend/event_generators/cloud_infrastructure/aws_guardduty.py diff --git a/event_generators/cloud_infrastructure/aws_route53.py b/Backend/event_generators/cloud_infrastructure/aws_route53.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_route53.py rename to Backend/event_generators/cloud_infrastructure/aws_route53.py diff --git a/event_generators/cloud_infrastructure/aws_vpc_dns.py b/Backend/event_generators/cloud_infrastructure/aws_vpc_dns.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_vpc_dns.py rename to Backend/event_generators/cloud_infrastructure/aws_vpc_dns.py diff --git a/event_generators/cloud_infrastructure/aws_vpcflowlogs.py b/Backend/event_generators/cloud_infrastructure/aws_vpcflowlogs.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_vpcflowlogs.py rename to Backend/event_generators/cloud_infrastructure/aws_vpcflowlogs.py diff --git a/event_generators/cloud_infrastructure/aws_waf.py b/Backend/event_generators/cloud_infrastructure/aws_waf.py similarity index 100% rename from event_generators/cloud_infrastructure/aws_waf.py rename to Backend/event_generators/cloud_infrastructure/aws_waf.py diff --git a/event_generators/cloud_infrastructure/google_cloud_dns.py b/Backend/event_generators/cloud_infrastructure/google_cloud_dns.py similarity index 100% rename from event_generators/cloud_infrastructure/google_cloud_dns.py rename to Backend/event_generators/cloud_infrastructure/google_cloud_dns.py diff --git a/event_generators/cloud_infrastructure/google_workspace.py b/Backend/event_generators/cloud_infrastructure/google_workspace.py similarity index 100% rename from event_generators/cloud_infrastructure/google_workspace.py rename to Backend/event_generators/cloud_infrastructure/google_workspace.py diff --git a/Backend/event_generators/datagen.sh b/Backend/event_generators/datagen.sh new file mode 100644 index 0000000..6d7aa45 --- /dev/null +++ b/Backend/event_generators/datagen.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# --- Setup and Activation --- +echo "1. Creating and activating Python virtual environment (.venv)..." +# Create the virtual environment +python3 -m venv .venv + +# Check if the environment was created successfully +if [ -d ".venv" ]; then + # Activate the virtual environment + source .venv/bin/activate + echo "Virtual environment activated successfully." +else + echo "Error: Failed to create the virtual environment. Exiting." + exit 1 +fi + +python -m venv .venv && source .venv/bin/activate +#python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler_private_access.py --count 100 >> /home/ubuntu/sample-logs/zscaler-private-access.log +#python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler_dns_firewall.py --count 100 >> /home/ubuntu/sample-logs/zscaler-dns-firewall.log +#python /home/ubuntu/jarvis_coding/event_generators/web_security/zscaler_firewall.py --count 100 >> /home/ubuntu/sample-logs/zscaler-firewall.log +#python /home/ubuntu/jarvis_coding/event_generators/identity_access/microsoft_azure_ad_signin.py >> /home/ubuntu/sample-logs/azure_ad_signin.log +#python /home/ubuntu/jarvis_coding/event_generators/identity_access/microsoft_azure_ad.py >> /home/ubuntu/sample-logs/azure_ad.log +# --- Cleanup --- +# Deactivate the virtual environment (optional, but good practice) +deactivate +echo "Virtual environment deactivated." + +echo "Log generation complete. Check files in $LOG_DIR" \ No newline at end of file diff --git a/event_generators/email_security/abnormal_security.py b/Backend/event_generators/email_security/abnormal_security.py similarity index 100% rename from event_generators/email_security/abnormal_security.py rename to Backend/event_generators/email_security/abnormal_security.py diff --git a/event_generators/email_security/microsoft_defender_email.py b/Backend/event_generators/email_security/microsoft_defender_email.py similarity index 100% rename from event_generators/email_security/microsoft_defender_email.py rename to Backend/event_generators/email_security/microsoft_defender_email.py diff --git a/event_generators/email_security/mimecast.py b/Backend/event_generators/email_security/mimecast.py similarity index 100% rename from event_generators/email_security/mimecast.py rename to Backend/event_generators/email_security/mimecast.py diff --git a/event_generators/email_security/proofpoint.py b/Backend/event_generators/email_security/proofpoint.py similarity index 100% rename from event_generators/email_security/proofpoint.py rename to Backend/event_generators/email_security/proofpoint.py diff --git a/event_generators/endpoint_security/crowdstrike_falcon.py b/Backend/event_generators/endpoint_security/crowdstrike_falcon.py similarity index 100% rename from event_generators/endpoint_security/crowdstrike_falcon.py rename to Backend/event_generators/endpoint_security/crowdstrike_falcon.py diff --git a/event_generators/endpoint_security/jamf_protect.py b/Backend/event_generators/endpoint_security/jamf_protect.py similarity index 100% rename from event_generators/endpoint_security/jamf_protect.py rename to Backend/event_generators/endpoint_security/jamf_protect.py diff --git a/event_generators/endpoint_security/linux_auth.py b/Backend/event_generators/endpoint_security/linux_auth.py similarity index 100% rename from event_generators/endpoint_security/linux_auth.py rename to Backend/event_generators/endpoint_security/linux_auth.py diff --git a/event_generators/endpoint_security/microsoft_windows_eventlog.py b/Backend/event_generators/endpoint_security/microsoft_windows_eventlog.py similarity index 100% rename from event_generators/endpoint_security/microsoft_windows_eventlog.py rename to Backend/event_generators/endpoint_security/microsoft_windows_eventlog.py diff --git a/event_generators/endpoint_security/sentinelone_endpoint.py b/Backend/event_generators/endpoint_security/sentinelone_endpoint.py similarity index 100% rename from event_generators/endpoint_security/sentinelone_endpoint.py rename to Backend/event_generators/endpoint_security/sentinelone_endpoint.py diff --git a/event_generators/endpoint_security/sentinelone_identity.py b/Backend/event_generators/endpoint_security/sentinelone_identity.py similarity index 100% rename from event_generators/endpoint_security/sentinelone_identity.py rename to Backend/event_generators/endpoint_security/sentinelone_identity.py diff --git a/event_generators/identity_access/beyondtrust_passwordsafe.py b/Backend/event_generators/identity_access/beyondtrust_passwordsafe.py similarity index 100% rename from event_generators/identity_access/beyondtrust_passwordsafe.py rename to Backend/event_generators/identity_access/beyondtrust_passwordsafe.py diff --git a/event_generators/identity_access/beyondtrust_privilegemgmt_windows.py b/Backend/event_generators/identity_access/beyondtrust_privilegemgmt_windows.py similarity index 100% rename from event_generators/identity_access/beyondtrust_privilegemgmt_windows.py rename to Backend/event_generators/identity_access/beyondtrust_privilegemgmt_windows.py diff --git a/event_generators/identity_access/cyberark_conjur.py b/Backend/event_generators/identity_access/cyberark_conjur.py similarity index 100% rename from event_generators/identity_access/cyberark_conjur.py rename to Backend/event_generators/identity_access/cyberark_conjur.py diff --git a/event_generators/identity_access/cyberark_pas.py b/Backend/event_generators/identity_access/cyberark_pas.py similarity index 100% rename from event_generators/identity_access/cyberark_pas.py rename to Backend/event_generators/identity_access/cyberark_pas.py diff --git a/event_generators/identity_access/hashicorp_vault.py b/Backend/event_generators/identity_access/hashicorp_vault.py similarity index 100% rename from event_generators/identity_access/hashicorp_vault.py rename to Backend/event_generators/identity_access/hashicorp_vault.py diff --git a/event_generators/identity_access/hypr_auth.py b/Backend/event_generators/identity_access/hypr_auth.py similarity index 100% rename from event_generators/identity_access/hypr_auth.py rename to Backend/event_generators/identity_access/hypr_auth.py diff --git a/event_generators/identity_access/microsoft_365_collaboration.py b/Backend/event_generators/identity_access/microsoft_365_collaboration.py similarity index 100% rename from event_generators/identity_access/microsoft_365_collaboration.py rename to Backend/event_generators/identity_access/microsoft_365_collaboration.py diff --git a/event_generators/identity_access/microsoft_365_defender.py b/Backend/event_generators/identity_access/microsoft_365_defender.py similarity index 100% rename from event_generators/identity_access/microsoft_365_defender.py rename to Backend/event_generators/identity_access/microsoft_365_defender.py diff --git a/event_generators/identity_access/microsoft_365_mgmt_api.py b/Backend/event_generators/identity_access/microsoft_365_mgmt_api.py similarity index 100% rename from event_generators/identity_access/microsoft_365_mgmt_api.py rename to Backend/event_generators/identity_access/microsoft_365_mgmt_api.py diff --git a/event_generators/identity_access/microsoft_azure_ad.py b/Backend/event_generators/identity_access/microsoft_azure_ad.py similarity index 94% rename from event_generators/identity_access/microsoft_azure_ad.py rename to Backend/event_generators/identity_access/microsoft_azure_ad.py index b6d31cd..b185a88 100755 --- a/event_generators/identity_access/microsoft_azure_ad.py +++ b/Backend/event_generators/identity_access/microsoft_azure_ad.py @@ -55,5 +55,7 @@ def microsoft_azure_ad_log(): if __name__ == "__main__": # Generate and print sample event - event = microsoft_azure_ad_log() - print(json.dumps(event, indent=2)) + for i in range(100): + event = json.dumps(microsoft_azure_ad_log()) + print(event) + \ No newline at end of file diff --git a/event_generators/identity_access/microsoft_azure_ad_signin.py b/Backend/event_generators/identity_access/microsoft_azure_ad_signin.py similarity index 97% rename from event_generators/identity_access/microsoft_azure_ad_signin.py rename to Backend/event_generators/identity_access/microsoft_azure_ad_signin.py index 6f0e216..bf657dc 100644 --- a/event_generators/identity_access/microsoft_azure_ad_signin.py +++ b/Backend/event_generators/identity_access/microsoft_azure_ad_signin.py @@ -356,8 +356,10 @@ def microsoft_azure_ad_signin_log(overrides: dict | None = None) -> Dict: if __name__ == "__main__": # Generate sample logs - print("Sample Microsoft Azure AD Sign-in events:") - for result in [0, 50126, 50074]: # Success, invalid password, MFA required - print(f"\nResult Type {result}:") - print(microsoft_azure_ad_signin_log({"resultType": str(result)})) - print() \ No newline at end of file + #print("Sample Microsoft Azure AD Sign-in events:") + for i in range(50): + for result in [0, 50126, 50074]: # Success, invalid password, MFA required + #print(f"\nResult Type {result}:") + event = json.dumps(microsoft_azure_ad_signin_log({"resultType": str(result)})) + print(event) + #print() \ No newline at end of file diff --git a/event_generators/identity_access/microsoft_azuread.py b/Backend/event_generators/identity_access/microsoft_azuread.py similarity index 100% rename from event_generators/identity_access/microsoft_azuread.py rename to Backend/event_generators/identity_access/microsoft_azuread.py diff --git a/event_generators/identity_access/microsoft_eventhub_azure_signin.py b/Backend/event_generators/identity_access/microsoft_eventhub_azure_signin.py similarity index 100% rename from event_generators/identity_access/microsoft_eventhub_azure_signin.py rename to Backend/event_generators/identity_access/microsoft_eventhub_azure_signin.py diff --git a/event_generators/identity_access/microsoft_eventhub_defender_email.py b/Backend/event_generators/identity_access/microsoft_eventhub_defender_email.py similarity index 100% rename from event_generators/identity_access/microsoft_eventhub_defender_email.py rename to Backend/event_generators/identity_access/microsoft_eventhub_defender_email.py diff --git a/event_generators/identity_access/microsoft_eventhub_defender_emailforcloud.py b/Backend/event_generators/identity_access/microsoft_eventhub_defender_emailforcloud.py similarity index 100% rename from event_generators/identity_access/microsoft_eventhub_defender_emailforcloud.py rename to Backend/event_generators/identity_access/microsoft_eventhub_defender_emailforcloud.py diff --git a/event_generators/identity_access/okta_authentication.py b/Backend/event_generators/identity_access/okta_authentication.py similarity index 100% rename from event_generators/identity_access/okta_authentication.py rename to Backend/event_generators/identity_access/okta_authentication.py diff --git a/event_generators/identity_access/pingfederate.py b/Backend/event_generators/identity_access/pingfederate.py similarity index 100% rename from event_generators/identity_access/pingfederate.py rename to Backend/event_generators/identity_access/pingfederate.py diff --git a/event_generators/identity_access/pingone_mfa.py b/Backend/event_generators/identity_access/pingone_mfa.py similarity index 100% rename from event_generators/identity_access/pingone_mfa.py rename to Backend/event_generators/identity_access/pingone_mfa.py diff --git a/event_generators/identity_access/pingprotect.py b/Backend/event_generators/identity_access/pingprotect.py similarity index 100% rename from event_generators/identity_access/pingprotect.py rename to Backend/event_generators/identity_access/pingprotect.py diff --git a/event_generators/identity_access/rsa_adaptive.py b/Backend/event_generators/identity_access/rsa_adaptive.py similarity index 100% rename from event_generators/identity_access/rsa_adaptive.py rename to Backend/event_generators/identity_access/rsa_adaptive.py diff --git a/event_generators/infrastructure/axway_sftp.py b/Backend/event_generators/infrastructure/axway_sftp.py similarity index 100% rename from event_generators/infrastructure/axway_sftp.py rename to Backend/event_generators/infrastructure/axway_sftp.py diff --git a/event_generators/infrastructure/buildkite.py b/Backend/event_generators/infrastructure/buildkite.py similarity index 100% rename from event_generators/infrastructure/buildkite.py rename to Backend/event_generators/infrastructure/buildkite.py diff --git a/event_generators/infrastructure/cohesity_backup.py b/Backend/event_generators/infrastructure/cohesity_backup.py similarity index 100% rename from event_generators/infrastructure/cohesity_backup.py rename to Backend/event_generators/infrastructure/cohesity_backup.py diff --git a/event_generators/infrastructure/github_audit.py b/Backend/event_generators/infrastructure/github_audit.py similarity index 100% rename from event_generators/infrastructure/github_audit.py rename to Backend/event_generators/infrastructure/github_audit.py diff --git a/event_generators/infrastructure/harness_ci.py b/Backend/event_generators/infrastructure/harness_ci.py similarity index 100% rename from event_generators/infrastructure/harness_ci.py rename to Backend/event_generators/infrastructure/harness_ci.py diff --git a/event_generators/infrastructure/iis_w3c.py b/Backend/event_generators/infrastructure/iis_w3c.py similarity index 100% rename from event_generators/infrastructure/iis_w3c.py rename to Backend/event_generators/infrastructure/iis_w3c.py diff --git a/event_generators/infrastructure/isc_bind.py b/Backend/event_generators/infrastructure/isc_bind.py similarity index 100% rename from event_generators/infrastructure/isc_bind.py rename to Backend/event_generators/infrastructure/isc_bind.py diff --git a/event_generators/infrastructure/isc_dhcp.py b/Backend/event_generators/infrastructure/isc_dhcp.py similarity index 100% rename from event_generators/infrastructure/isc_dhcp.py rename to Backend/event_generators/infrastructure/isc_dhcp.py diff --git a/event_generators/infrastructure/manageengine_adauditplus.py b/Backend/event_generators/infrastructure/manageengine_adauditplus.py similarity index 100% rename from event_generators/infrastructure/manageengine_adauditplus.py rename to Backend/event_generators/infrastructure/manageengine_adauditplus.py diff --git a/event_generators/infrastructure/manageengine_general.py b/Backend/event_generators/infrastructure/manageengine_general.py similarity index 100% rename from event_generators/infrastructure/manageengine_general.py rename to Backend/event_generators/infrastructure/manageengine_general.py diff --git a/event_generators/infrastructure/sap.py b/Backend/event_generators/infrastructure/sap.py similarity index 100% rename from event_generators/infrastructure/sap.py rename to Backend/event_generators/infrastructure/sap.py diff --git a/event_generators/infrastructure/securelink.py b/Backend/event_generators/infrastructure/securelink.py similarity index 100% rename from event_generators/infrastructure/securelink.py rename to Backend/event_generators/infrastructure/securelink.py diff --git a/event_generators/infrastructure/tailscale.py b/Backend/event_generators/infrastructure/tailscale.py similarity index 100% rename from event_generators/infrastructure/tailscale.py rename to Backend/event_generators/infrastructure/tailscale.py diff --git a/event_generators/infrastructure/teleport.py b/Backend/event_generators/infrastructure/teleport.py similarity index 100% rename from event_generators/infrastructure/teleport.py rename to Backend/event_generators/infrastructure/teleport.py diff --git a/event_generators/infrastructure/ubiquiti_unifi.py b/Backend/event_generators/infrastructure/ubiquiti_unifi.py similarity index 100% rename from event_generators/infrastructure/ubiquiti_unifi.py rename to Backend/event_generators/infrastructure/ubiquiti_unifi.py diff --git a/event_generators/infrastructure/veeam_backup.py b/Backend/event_generators/infrastructure/veeam_backup.py similarity index 100% rename from event_generators/infrastructure/veeam_backup.py rename to Backend/event_generators/infrastructure/veeam_backup.py diff --git a/event_generators/infrastructure/vmware_vcenter.py b/Backend/event_generators/infrastructure/vmware_vcenter.py similarity index 100% rename from event_generators/infrastructure/vmware_vcenter.py rename to Backend/event_generators/infrastructure/vmware_vcenter.py diff --git a/event_generators/infrastructure/windows_dhcp.py b/Backend/event_generators/infrastructure/windows_dhcp.py similarity index 100% rename from event_generators/infrastructure/windows_dhcp.py rename to Backend/event_generators/infrastructure/windows_dhcp.py diff --git a/event_generators/infrastructure/wiz_cloud.py b/Backend/event_generators/infrastructure/wiz_cloud.py similarity index 100% rename from event_generators/infrastructure/wiz_cloud.py rename to Backend/event_generators/infrastructure/wiz_cloud.py diff --git a/event_generators/infrastructure/zscaler.py b/Backend/event_generators/infrastructure/zscaler.py similarity index 100% rename from event_generators/infrastructure/zscaler.py rename to Backend/event_generators/infrastructure/zscaler.py diff --git a/event_generators/network_security/apache_http.py b/Backend/event_generators/network_security/apache_http.py similarity index 100% rename from event_generators/network_security/apache_http.py rename to Backend/event_generators/network_security/apache_http.py diff --git a/event_generators/network_security/armis.py b/Backend/event_generators/network_security/armis.py similarity index 100% rename from event_generators/network_security/armis.py rename to Backend/event_generators/network_security/armis.py diff --git a/event_generators/network_security/aruba_clearpass.py b/Backend/event_generators/network_security/aruba_clearpass.py similarity index 100% rename from event_generators/network_security/aruba_clearpass.py rename to Backend/event_generators/network_security/aruba_clearpass.py diff --git a/event_generators/network_security/checkpoint.py b/Backend/event_generators/network_security/checkpoint.py similarity index 100% rename from event_generators/network_security/checkpoint.py rename to Backend/event_generators/network_security/checkpoint.py diff --git a/event_generators/network_security/cisco_asa.py b/Backend/event_generators/network_security/cisco_asa.py similarity index 100% rename from event_generators/network_security/cisco_asa.py rename to Backend/event_generators/network_security/cisco_asa.py diff --git a/event_generators/network_security/cisco_duo.py b/Backend/event_generators/network_security/cisco_duo.py similarity index 100% rename from event_generators/network_security/cisco_duo.py rename to Backend/event_generators/network_security/cisco_duo.py diff --git a/event_generators/network_security/cisco_firewall_threat_defense.py b/Backend/event_generators/network_security/cisco_firewall_threat_defense.py similarity index 100% rename from event_generators/network_security/cisco_firewall_threat_defense.py rename to Backend/event_generators/network_security/cisco_firewall_threat_defense.py diff --git a/event_generators/network_security/cisco_fmc.py b/Backend/event_generators/network_security/cisco_fmc.py similarity index 100% rename from event_generators/network_security/cisco_fmc.py rename to Backend/event_generators/network_security/cisco_fmc.py diff --git a/event_generators/network_security/cisco_ios.py b/Backend/event_generators/network_security/cisco_ios.py similarity index 100% rename from event_generators/network_security/cisco_ios.py rename to Backend/event_generators/network_security/cisco_ios.py diff --git a/event_generators/network_security/cisco_ironport.py b/Backend/event_generators/network_security/cisco_ironport.py similarity index 100% rename from event_generators/network_security/cisco_ironport.py rename to Backend/event_generators/network_security/cisco_ironport.py diff --git a/event_generators/network_security/cisco_isa3000.py b/Backend/event_generators/network_security/cisco_isa3000.py similarity index 100% rename from event_generators/network_security/cisco_isa3000.py rename to Backend/event_generators/network_security/cisco_isa3000.py diff --git a/event_generators/network_security/cisco_ise.py b/Backend/event_generators/network_security/cisco_ise.py similarity index 100% rename from event_generators/network_security/cisco_ise.py rename to Backend/event_generators/network_security/cisco_ise.py diff --git a/event_generators/network_security/cisco_meraki.py b/Backend/event_generators/network_security/cisco_meraki.py similarity index 100% rename from event_generators/network_security/cisco_meraki.py rename to Backend/event_generators/network_security/cisco_meraki.py diff --git a/event_generators/network_security/cisco_meraki_flow.py b/Backend/event_generators/network_security/cisco_meraki_flow.py similarity index 100% rename from event_generators/network_security/cisco_meraki_flow.py rename to Backend/event_generators/network_security/cisco_meraki_flow.py diff --git a/event_generators/network_security/cisco_networks.py b/Backend/event_generators/network_security/cisco_networks.py similarity index 100% rename from event_generators/network_security/cisco_networks.py rename to Backend/event_generators/network_security/cisco_networks.py diff --git a/event_generators/network_security/cisco_umbrella.py b/Backend/event_generators/network_security/cisco_umbrella.py similarity index 100% rename from event_generators/network_security/cisco_umbrella.py rename to Backend/event_generators/network_security/cisco_umbrella.py diff --git a/event_generators/network_security/corelight_conn.py b/Backend/event_generators/network_security/corelight_conn.py similarity index 100% rename from event_generators/network_security/corelight_conn.py rename to Backend/event_generators/network_security/corelight_conn.py diff --git a/event_generators/network_security/corelight_http.py b/Backend/event_generators/network_security/corelight_http.py similarity index 100% rename from event_generators/network_security/corelight_http.py rename to Backend/event_generators/network_security/corelight_http.py diff --git a/event_generators/network_security/corelight_ssl.py b/Backend/event_generators/network_security/corelight_ssl.py similarity index 100% rename from event_generators/network_security/corelight_ssl.py rename to Backend/event_generators/network_security/corelight_ssl.py diff --git a/event_generators/network_security/corelight_tunnel.py b/Backend/event_generators/network_security/corelight_tunnel.py similarity index 100% rename from event_generators/network_security/corelight_tunnel.py rename to Backend/event_generators/network_security/corelight_tunnel.py diff --git a/event_generators/network_security/darktrace.py b/Backend/event_generators/network_security/darktrace.py similarity index 100% rename from event_generators/network_security/darktrace.py rename to Backend/event_generators/network_security/darktrace.py diff --git a/event_generators/network_security/extrahop.py b/Backend/event_generators/network_security/extrahop.py similarity index 100% rename from event_generators/network_security/extrahop.py rename to Backend/event_generators/network_security/extrahop.py diff --git a/event_generators/network_security/extreme_networks.py b/Backend/event_generators/network_security/extreme_networks.py similarity index 100% rename from event_generators/network_security/extreme_networks.py rename to Backend/event_generators/network_security/extreme_networks.py diff --git a/event_generators/network_security/f5_networks.py b/Backend/event_generators/network_security/f5_networks.py similarity index 100% rename from event_generators/network_security/f5_networks.py rename to Backend/event_generators/network_security/f5_networks.py diff --git a/event_generators/network_security/f5_vpn.py b/Backend/event_generators/network_security/f5_vpn.py similarity index 100% rename from event_generators/network_security/f5_vpn.py rename to Backend/event_generators/network_security/f5_vpn.py diff --git a/event_generators/network_security/forcepoint_firewall.py b/Backend/event_generators/network_security/forcepoint_firewall.py similarity index 100% rename from event_generators/network_security/forcepoint_firewall.py rename to Backend/event_generators/network_security/forcepoint_firewall.py diff --git a/event_generators/network_security/fortimanager.py b/Backend/event_generators/network_security/fortimanager.py similarity index 100% rename from event_generators/network_security/fortimanager.py rename to Backend/event_generators/network_security/fortimanager.py diff --git a/event_generators/network_security/fortinet_fortigate.py b/Backend/event_generators/network_security/fortinet_fortigate.py similarity index 100% rename from event_generators/network_security/fortinet_fortigate.py rename to Backend/event_generators/network_security/fortinet_fortigate.py diff --git a/event_generators/network_security/infoblox_ddi.py b/Backend/event_generators/network_security/infoblox_ddi.py similarity index 100% rename from event_generators/network_security/infoblox_ddi.py rename to Backend/event_generators/network_security/infoblox_ddi.py diff --git a/event_generators/network_security/juniper_networks.py b/Backend/event_generators/network_security/juniper_networks.py similarity index 100% rename from event_generators/network_security/juniper_networks.py rename to Backend/event_generators/network_security/juniper_networks.py diff --git a/event_generators/network_security/manch_siem.py b/Backend/event_generators/network_security/manch_siem.py similarity index 100% rename from event_generators/network_security/manch_siem.py rename to Backend/event_generators/network_security/manch_siem.py diff --git a/event_generators/network_security/paloalto_firewall.py b/Backend/event_generators/network_security/paloalto_firewall.py similarity index 100% rename from event_generators/network_security/paloalto_firewall.py rename to Backend/event_generators/network_security/paloalto_firewall.py diff --git a/event_generators/network_security/paloalto_prismasase.py b/Backend/event_generators/network_security/paloalto_prismasase.py similarity index 100% rename from event_generators/network_security/paloalto_prismasase.py rename to Backend/event_generators/network_security/paloalto_prismasase.py diff --git a/event_generators/network_security/vectra_ai.py b/Backend/event_generators/network_security/vectra_ai.py similarity index 100% rename from event_generators/network_security/vectra_ai.py rename to Backend/event_generators/network_security/vectra_ai.py diff --git a/event_generators/shared/generic_users.py b/Backend/event_generators/shared/generic_users.py similarity index 100% rename from event_generators/shared/generic_users.py rename to Backend/event_generators/shared/generic_users.py diff --git a/event_generators/shared/hec_sender.py b/Backend/event_generators/shared/hec_sender.py similarity index 54% rename from event_generators/shared/hec_sender.py rename to Backend/event_generators/shared/hec_sender.py index 392d86c..c5d7e77 100644 --- a/event_generators/shared/hec_sender.py +++ b/Backend/event_generators/shared/hec_sender.py @@ -1,6 +1,8 @@ #!/usr/bin/env python3 """Send logs from vendor_product generators to SentinelOne AI SIEM (Splunk‑HEC) one‑by‑one.""" import argparse, json, os, time, random, requests, importlib, sys +import gzip, io, threading, queue +from datetime import datetime from typing import Callable, Tuple, Optional # Add generator category paths to sys.path @@ -598,131 +600,354 @@ def _post(url, headers=None, data=None, json=None, timeout=10): ALLOW_INSECURE_FALLBACK = os.getenv("S1_HEC_AUTO_INSECURE", "false").lower() in ("true", "1", "yes") DEBUG = os.getenv("S1_HEC_DEBUG") +# Cache successful connection config to avoid retry loops +_CONNECTION_CACHE = { + 'configured': False, + 'event_base': None, + 'raw_base': None, + 'verify': DEFAULT_VERIFY_TLS, + 'tls_low': DEFAULT_TLS_LOW, + 'auth_scheme': None, + 'session': None +} + +# Batch mode controls +_BATCH_ENABLED = os.getenv("S1_HEC_BATCH", "").lower() in ("1", "true", "yes") +_BATCH_MAX_BYTES = int(os.getenv("S1_HEC_BATCH_MAX_BYTES", str(5 * 1024 * 1024))) +_BATCH_FLUSH_MS = int(os.getenv("S1_HEC_BATCH_FLUSH_MS", "1000")) +_BATCH_LOCK = threading.Lock() +_BATCH_BUFFERS = {} # key: (is_json:bool, product:str) -> {'lines': list[str], 'bytes': int, 'last': float} +_BATCH_THREAD_STARTED = False +_VERBOSITY = 'info' # Global verbosity level, set after arg parsing +_BATCH_SEND_QUEUE = None # Queue for pipelined batch sending +_BATCH_SENDER_THREAD = None # Background thread for sending batches + +def _batch_key(is_json: bool, product: str): + return (is_json, product) + +def _batch_enqueue(line_str: str, is_json: bool, product: str, attr_fields: dict): + key = _batch_key(is_json, product) + now = time.time() + with _BATCH_LOCK: + buf = _BATCH_BUFFERS.get(key) + if not buf: + buf = {'lines': [], 'bytes': 0, 'last': now} + _BATCH_BUFFERS[key] = buf + sz = len(line_str.encode('utf-8')) + buf['lines'].append(line_str) + buf['bytes'] += sz + # DON'T update 'last' timestamp - we want to track time since first event in batch + # Flush immediately if size threshold reached + if buf['bytes'] >= _BATCH_MAX_BYTES: + _flush_batch_locked(key) + +def _batch_check_and_flush(): + """Check all buffers and flush expired ones. Call this from main thread.""" + # Only show detailed batch checks in debug mode + if _VERBOSITY == 'debug': + print(f"[BATCH] Checking buffers for flush (threshold: {_BATCH_FLUSH_MS}ms)...", flush=True) + sys.stdout.flush() + + now = time.time() + to_flush = [] + with _BATCH_LOCK: + for key, buf in list(_BATCH_BUFFERS.items()): + elapsed_ms = (now - buf['last']) * 1000 + if _VERBOSITY == 'debug': + print(f"[BATCH] Buffer {key}: {len(buf['lines'])} lines, {elapsed_ms:.0f}ms elapsed", flush=True) + sys.stdout.flush() + if buf['lines'] and elapsed_ms >= _BATCH_FLUSH_MS: + to_flush.append(key) + if _VERBOSITY == 'debug': + print(f"[BATCH] Marking {key} for flush", flush=True) + sys.stdout.flush() + + if _VERBOSITY == 'debug' and not to_flush: + print(f"[BATCH] No buffers ready for flush", flush=True) + sys.stdout.flush() + + for key in to_flush: + with _BATCH_LOCK: + _flush_batch_locked(key) + +def _batch_sender_worker(): + """Background worker thread that sends batches from the queue""" + while True: + try: + item = _BATCH_SEND_QUEUE.get(timeout=1) + if item is None: # Poison pill to stop the thread + break + lines, is_json, product = item + _send_batch(lines, is_json, product) + _BATCH_SEND_QUEUE.task_done() + except queue.Empty: + continue + except Exception as e: + if _VERBOSITY == 'debug': + print(f"[BATCH] Error in sender worker: {e}", flush=True) + +def _start_batch_thread(): + global _BATCH_THREAD_STARTED + _BATCH_THREAD_STARTED = True + t = threading.Thread(target=_batch_loop, daemon=True) + t.start() + +def _start_batch_sender(queue_size=10): + """Start background batch sender thread for pipelined sending""" + global _BATCH_SEND_QUEUE, _BATCH_SENDER_THREAD + _BATCH_SEND_QUEUE = queue.Queue(maxsize=queue_size) + _BATCH_SENDER_THREAD = threading.Thread(target=_batch_sender_worker, daemon=True) + _BATCH_SENDER_THREAD.start() + if _VERBOSITY == 'debug': + print(f"[BATCH] Started background sender thread with queue size {queue_size}", flush=True) + +def _batch_loop(): + if DEBUG: + print("[BATCH] Background flush thread started", flush=True) + sys.stdout.flush() + while True: + time.sleep(0.2) + now = time.time() + to_flush = [] + with _BATCH_LOCK: + for key, buf in list(_BATCH_BUFFERS.items()): + elapsed_ms = (now - buf['last']) * 1000 + if buf['lines'] and elapsed_ms >= _BATCH_FLUSH_MS: + to_flush.append(key) + if DEBUG: + print(f"[BATCH] Triggering flush for {key} ({len(buf['lines'])} events, {elapsed_ms:.0f}ms elapsed)", flush=True) + sys.stdout.flush() + for key in to_flush: + with _BATCH_LOCK: + _flush_batch_locked(key) + +def _flush_batch_locked(key): + buf = _BATCH_BUFFERS.get(key) + if not buf or not buf['lines']: + return + is_json, product = key + lines = buf['lines'][::] # Copy the list to avoid race conditions + _BATCH_BUFFERS[key] = {'lines': [], 'bytes': 0, 'last': time.time()} + + # If pipelining is enabled, queue the batch for background sending + if _BATCH_SEND_QUEUE is not None: + try: + _BATCH_SEND_QUEUE.put_nowait((lines, is_json, product)) + except: + # Queue full, send synchronously as fallback + _send_batch(lines, is_json, product) + else: + # Synchronous sending + _send_batch(lines, is_json, product) + +def _send_batch(lines: list, is_json: bool, product: str): + if _VERBOSITY == 'debug': + print(f"[BATCH] _send_batch called with {len(lines)} lines, is_json={is_json}", flush=True) + sys.stdout.flush() + + if not lines: + return + + # Ensure connection cache is established; if not, send first line via normal path + if not _CONNECTION_CACHE['configured']: + if _VERBOSITY == 'debug': + print(f"[BATCH] Connection not configured, establishing with first event...", flush=True) + sys.stdout.flush() + first = lines.pop(0) + try: + if is_json: + payload = json.loads(first) + result = send_one(payload, product, {}) + if _VERBOSITY == 'debug': + print(f"[BATCH] First event result: {result}", flush=True) + sys.stdout.flush() + else: + result = send_one(first, product, {}) + if _VERBOSITY == 'debug': + print(f"[BATCH] First event result: {result}", flush=True) + sys.stdout.flush() + except Exception as e: + if _VERBOSITY == 'debug': + print(f"[BATCH] Error establishing connection: {e}", flush=True) + sys.stdout.flush() + pass + if not lines: + if _VERBOSITY == 'debug': + print(f"[BATCH] No more lines after connection setup", flush=True) + sys.stdout.flush() + return + + if not _CONNECTION_CACHE['configured']: + if _VERBOSITY == 'debug': + print(f"[BATCH] Connection still not configured after setup attempt, skipping batch", flush=True) + sys.stdout.flush() + return + + if _CONNECTION_CACHE['session'] is None: + _CONNECTION_CACHE['session'] = _make_poster(_CONNECTION_CACHE['verify'], _CONNECTION_CACHE['tls_low']) + POST = _CONNECTION_CACHE['session'] + headers_auth = {**HEADERS} + headers_auth["Authorization"] = f"{_CONNECTION_CACHE['auth_scheme']} {HEC_TOKEN}" + # Both endpoints use text/plain with gzip for batched events + body = "\n".join(lines).encode('utf-8') + + # Use fast compression (level 1) for high throughput - trades compression ratio for speed + # Level 1 is ~10x faster than default level 9, with only ~10% larger output + gz = gzip.compress(body, compresslevel=1) + headers = {**headers_auth, "Content-Type": "text/plain", "Content-Encoding": "gzip"} + + if is_json: + # JSON products to /event endpoint + url = _CONNECTION_CACHE['event_base'] + else: + # Raw/syslog products to /raw endpoint + url = f"{_CONNECTION_CACHE['raw_base']}?{_build_qs(product)}" + + # Show batch flush in info mode and above (not debug only) + if _VERBOSITY in ('info', 'verbose', 'debug'): + print(f"[BATCH] Flushing {len(lines)} events ({len(gz)} bytes compressed)", flush=True) + sys.stdout.flush() + + resp = POST(url, headers=headers, data=gz, timeout=30) + resp.raise_for_status() + + if _VERBOSITY == 'debug': + print(f"[BATCH] Response: {resp.status_code} - {resp.text[:200] if resp.text else 'OK'}", flush=True) + sys.stdout.flush() + SOURCETYPE_MAP_OVERRIDES = { - # ===== FIXED PARSER MAPPINGS (Based on actual parser discovery) ===== - # Marketplace parsers (official) - Working parsers - "fortinet_fortigate": "marketplace-fortinetfortigate-latest", - "zscaler": "marketplace-zscalerinternetaccess-latest", - "aws_cloudtrail": "marketplace-awscloudtrail-latest", # Fixed: Use marketplace parser - "aws_vpcflowlogs": "marketplace-awsvpcflowlogs-latest", - "aws_guardduty": "marketplace-awsguardduty-latest", # Fixed: Use marketplace parser - "aws_elasticloadbalancer": "marketplace-awselasticloadbalancer-latest", # Fixed: Use marketplace parser - "cisco_firewall_threat_defense": "community-ciscofirewallthreatdefense-latest", # Fixed: Use community format - "checkpoint": "marketplace-checkpointfirewall-latest", - "fortimanager": "marketplace-fortinetfortimanager-latest", - "infoblox_ddi": "marketplace-infobloxddi-latest", - "paloalto_firewall": "community-paloaltofirewall-latest", # Fixed: Use community format - "paloalto_prismasase": "community-paloaltoprismasase-latest", # Fixed: Use community format - "zscaler_private_access": "community-zscalerprivateaccess-latest", # Fixed: Use community format - "netskope": "community-netskope-latest", # Fixed: Use community format - "corelight_conn": "community-corelightconn-latest", # Fixed: Use community format - "corelight_http": "community-corelighthttp-latest", # Fixed: Use community format - "corelight_ssl": "community-corelightssl-latest", # Fixed: Use community format - "corelight_tunnel": "community-corelighttunnel-latest", # Fixed: Use community format + # ===== FIXED PARSER MAPPINGS (Based on actual parser directory names) ===== + # AWS parsers - use actual directory names + "aws_cloudtrail": "aws_cloudtrail-latest", + "aws_vpcflowlogs": "aws_vpcflowlogs-latest", + "aws_guardduty": "aws_guardduty_logs-latest", + "aws_elasticloadbalancer": "aws_elasticloadbalancer_logs-latest", + "aws_waf": "aws_waf-latest", + "aws_route53": "aws_route53-latest", + "aws_vpc_dns": "aws_vpc_dns_logs-latest", + "aws_vpcflow": "aws_vpcflow_logs-latest", + + # Network security - actual directory names + "fortinet_fortigate": "fortinet_fortigate_candidate_logs-latest", + "fortimanager": "fortinet_fortigate_fortimanager_logs-latest", + "checkpoint": "checkpoint_checkpoint_logs-latest", + "paloalto_firewall": "paloalto_firewall-latest", + "paloalto_prismasase": "paloalto_prismasase_logs-latest", + "cisco_firewall_threat_defense": "cisco_firewall_threat_defense-latest", + "infoblox_ddi": "infoblox_ddi-latest", + + # Zscaler products + "zscaler": "zscaler_logs-latest", + "zscaler_private_access": "zscaler_private_access-latest", + "zscaler_firewall": "zscaler_firewall_logs-latest", + "zscaler_dns_firewall": "zscaler_dns_firewall-latest", + + # Netskope + "netskope": "netskope_netskope_logs-latest", + + # Corelight + "corelight_conn": "corelight_conn_logs-latest", + "corelight_http": "corelight_http_logs-latest", + "corelight_ssl": "corelight_ssl_logs-latest", + "corelight_tunnel": "corelight_tunnel_logs-latest", - # Community parsers - Fixed to use community- prefix format - "okta_authentication": "community-oktaauthentication-latest", # Fixed: Use community format - "crowdstrike_falcon": "community-crowdstrikefalcon-latest", # Fixed: Use community format - "sentinelone_endpoint": "community-sentineloneendpoint-latest", # Fixed: Use community format - "sentinelone_identity": "community-sentineloneidentity-latest", # Fixed: Use community format - "vectra_ai": "community-vectraai-latest", # Fixed: Use community format + # Identity and access management + "okta_authentication": "okta_authentication-latest", + "microsoft_azuread": "microsoft_azuread-latest", + "microsoft_azure_ad": "microsoft_azure_ad_logs-latest", + "microsoft_azure_ad_signin": "microsoft_azure_ad_signin-latest", + "beyondtrust_passwordsafe": "beyondtrust_passwordsafe_logs-latest", + "beyondtrust_privilegemgmt_windows": "beyondtrust_privilegemgmt_windows-latest", + "hashicorp_vault": "hashicorp_vault-latest", + "hypr_auth": "hypr_auth-latest", + "pingfederate": "pingfederate-latest", + "pingone_mfa": "pingone_mfa-latest", + "pingprotect": "pingprotect-latest", + "rsa_adaptive": "rsa_adaptive-latest", + "cyberark_pas": "cyberark_pas_logs-latest", + "cyberark_conjur": "cyberark_conjur-latest", - # Microsoft products - mapped to community format - "microsoft_azuread": "community-microsoftazuread-latest", - "microsoft_azure_ad": "community-microsoftazuread-latest", - "microsoft_azure_ad_signin": "community-microsoftazureadsignin-latest", - "microsoft_365_mgmt_api": "community-microsoft365mgmtapi-latest", - "microsoft_365_collaboration": "community-microsoft365collaboration-latest", - "microsoft_365_defender": "community-microsoft365defender-latest", - "microsoft_defender_email": "community-microsoftdefenderemail-latest", - "microsoft_windows_eventlog": "community-microsoftwindowseventlog-latest", - "microsoft_eventhub_azure_signin": "community-microsofteventhubazuresignin-latest", - "microsoft_eventhub_defender_email": "community-microsofteventhubdefenderemail-latest", - "microsoft_eventhub_defender_emailforcloud": "community-microsofteventhubdefenderemailforcloud-latest", + # Microsoft products + "microsoft_365_mgmt_api": "microsoft_365_mgmt_api_logs-latest", + "microsoft_365_collaboration": "microsoft_365_collaboration-latest", + "microsoft_365_defender": "microsoft_365_defender-latest", + "microsoft_defender_email": "microsoft_defender_email-latest", + "microsoft_windows_eventlog": "microsoft_windows_eventlog-latest", + "microsoft_eventhub_azure_signin": "microsoft_eventhub_azure_signin_logs-latest", + "microsoft_eventhub_defender_email": "microsoft_eventhub_defender_email_logs-latest", + "microsoft_eventhub_defender_emailforcloud": "microsoft_eventhub_defender_emailforcloud_logs-latest", - # Cisco products - mapped to community format - "cisco_asa": "community-ciscoasa-latest", - "cisco_umbrella": "community-ciscoumbrella-latest", - "cisco_meraki": "community-ciscomeraki-latest", - "cisco_duo": "community-ciscoduo-latest", - "cisco_ise": "community-ciscoise-latest", - "cisco_fmc": "community-ciscofmc-latest", - "cisco_ios": "community-ciscoios-latest", - "cisco_ironport": "community-ciscoironport-latest", - "cisco_meraki_flow": "community-ciscomerakiflow-latest", - "cisco_networks": "community-cisconetworks-latest", + # Cisco products + "cisco_asa": "cisco_asa-latest", + "cisco_umbrella": "cisco_umbrella-latest", + "cisco_meraki": "cisco_meraki-latest", + "cisco_duo": "cisco_duo-latest", + "cisco_ise": "cisco_ise_logs-latest", + "cisco_fmc": "cisco_fmc_logs-latest", + "cisco_ios": "cisco_ios_logs-latest", + "cisco_ironport": "cisco_ironport-latest", + "cisco_meraki_flow": "cisco_meraki_flow_logs-latest", + "cisco_networks": "cisco_networks_logs-latest", - # Security vendors - mapped to existing parsers - "cyberark_pas": "community-cyberarkpas-latest", # Fixed: Use community format - "cyberark_conjur": "community-cyberarkconjur-latest", # Fixed: Use community format - "darktrace": "community-darktrace-latest", # Fixed: Use community format - "extrahop": "community-extrahop-latest", # Fixed: Use community format - "armis": "community-armis-latest", - # "sentinelone_endpoint": "singularityidentity_singularityidentity_logs-latest", # DUPLICATE - moved up to line 618 + # Endpoint security + "crowdstrike_falcon": "crowdstrike_falcon-latest", + "sentinelone_endpoint": "sentinelone_endpoint-latest", + "sentinelone_identity": "sentinelone_identity-latest", + "jamf_protect": "jamf_protect-latest", - # Email security - mapped to community format - "proofpoint": "community-proofpoint-latest", - "mimecast": "community-mimecast-latest", - "abnormal_security": "community-abnormalsecurity-latest", + # Network detection + "darktrace": "darktrace_darktrace_logs-latest", + "extrahop": "extrahop_extrahop_logs-latest", + "vectra_ai": "vectra_ai_logs-latest", + "armis": "armis_armis_logs-latest", - # Identity and access management - community format - "beyondtrust_passwordsafe": "community-beyondtrustpasswordsafe-latest", - "beyondtrust_privilegemgmt_windows": "community-beyondtrustprivilegemgmtwindows-latest", - "hashicorp_vault": "community-hashicorpvault-latest", - "hypr_auth": "community-hyprauth-latest", - "pingfederate": "community-pingfederate-latest", - "pingone_mfa": "community-pingonemfa-latest", - "pingprotect": "community-pingprotect-latest", - "rsa_adaptive": "community-rsaadaptive-latest", + # Email security + "proofpoint": "proofpoint_proofpoint_logs-latest", + "mimecast": "mimecast_mimecast_logs-latest", + "abnormal_security": "abnormal_security_logs-latest", - # Web security and CDN - community format - "cloudflare_general": "community-cloudflaregeneral-latest", - "cloudflare_waf": "community-cloudflarewaf-latest", - "imperva_waf": "community-impervawaf-latest", - "imperva_sonar": "community-impervasonar-latest", - "incapsula": "community-incapsula-latest", - "akamai_cdn": "community-akamaicdn-latest", - "akamai_dns": "community-akamaidns-latest", - "akamai_general": "community-akamaigeneral-latest", - "akamai_sitedefender": "community-akamaisitedefender-latest", - "zscaler_firewall": "community-zscalerfirewall-latest", - "zscaler_dns_firewall": "community-zscalerdnsfirewall-latest", + # Web security and CDN + "cloudflare_general": "cloudflare_general_logs-latest", + "cloudflare_waf": "cloudflare_waf_logs-latest", + "imperva_waf": "imperva_waf_logs-latest", + "imperva_sonar": "imperva_sonar-latest", + "incapsula": "incapsula_incapsula_logs-latest", + "akamai_cdn": "akamai_cdn-latest", + "akamai_dns": "akamai_dns-latest", + "akamai_general": "akamai_general-latest", + "akamai_sitedefender": "akamai_sitedefender-latest", - # AWS services - use marketplace parsers - "aws_waf": "marketplace-awswaf-latest", - "aws_route53": "marketplace-awsroute53-latest", - "aws_vpc_dns": "marketplace-awsvpcdns-latest", - "google_workspace": "community-googleworkspace-latest", - "google_cloud_dns": "community-googleclouddns-latest", + # Cloud services + "google_workspace": "google_workspace_logs-latest", + "google_cloud_dns": "google_cloud_dns_logs-latest", + "wiz_cloud": "wiz_cloud-latest", - # Network infrastructure - community format - "apache_http": "community-apachehttp-latest", - "f5_networks": "community-f5networks-latest", - "f5_vpn": "community-f5vpn-latest", - "extreme_networks": "community-extremenetworks-latest", - "juniper_networks": "community-junipernetworks-latest", - "ubiquiti_unifi": "community-ubiquitiunifi-latest", - "tailscale": "community-tailscale-latest", + # Network infrastructure + "apache_http": "apache_http_logs-latest", + "f5_networks": "f5_networks_logs-latest", + "f5_vpn": "f5_vpn-latest", + "extreme_networks": "extreme_networks_logs-latest", + "juniper_networks": "juniper_networks_logs-latest", + "ubiquiti_unifi": "ubiquiti_unifi_logs-latest", + "tailscale": "tailscale_tailscale_logs-latest", + "isc_bind": "isc_bind-latest", + "isc_dhcp": "isc_dhcp-latest", - # IT management and DevOps - community format - "buildkite": "community-buildkite-latest", - "github_audit": "community-githubaudit-latest", - "harness_ci": "community-harnessci-latest", - "teleport": "community-teleportaccessproxy-latest", - "linux_auth": "community-linuxauth-latest", - "iis_w3c": "community-iisw3c-latest", - "veeam_backup": "community-veeambackup-latest", - "cohesity_backup": "community-cohesitybackup-latest", - "axway_sftp": "community-axwaysftp-latest", - "sap": "community-sap-latest", - "securelink": "community-securelink-latest", - "wiz_cloud": "community-wizcloud-latest", - "manageengine_general": "community-manageenginegeneral-latest", - "manageengine_adauditplus": "community-manageengineadauditplus-latest", - "manch_siem": "community-manchsiem-latest", - "isc_bind": "community-iscbind-latest", - "isc_dhcp": "community-iscdhcp-latest", - "jamf_protect": "community-jamfprotect-latest", + # IT management and DevOps + "buildkite": "buildkite_ci_logs-latest", + "github_audit": "github_audit-latest", + "harness_ci": "harness_ci-latest", + "teleport": "teleport_logs-latest", + "linux_auth": "linux_auth-latest", + "iis_w3c": "iis_w3c-latest", + "veeam_backup": "veeam_backup-latest", + "cohesity_backup": "cohesity_backup-latest", + "axway_sftp": "axway_sftp-latest", + "sap": "sap_logs-latest", + "securelink": "securelink_logs-latest", + "manageengine_general": "manageengine_general_logs-latest", + "manageengine_adauditplus": "manageengine_adauditplus_logs-latest", + "manch_siem": "manch_siem_logs-latest", } # Merge dynamically discovered sourcetypes with explicit overrides. @@ -855,14 +1080,16 @@ def _build_qs(product: str) -> str: "pingprotect", } -def _envelope(line, product: str, attr_fields: dict) -> dict: +def _envelope(line, product: str, attr_fields: dict, event_time: float | None = None) -> dict: # Handle both JSON dict objects and string inputs if isinstance(line, dict): event_data = line # Use dict directly for JSON products else: event_data = line # Use string for raw products - env = {"time": round(time.time()), + # If event_time is provided, use it; otherwise current time + env_time = round(time.time()) if event_time is None else int(event_time) + env = {"time": env_time, "event": event_data, "sourcetype": SOURCETYPE_MAP.get(product, product), "fields": attr_fields} @@ -874,10 +1101,11 @@ def _envelope(line, product: str, attr_fields: dict) -> dict: env["index"] = ENV_INDEX return env -def send_one(line, product: str, attr_fields: dict): +def send_one(line, product: str, attr_fields: dict, event_time: float | None = None): """ Route JSON‑structured products to the /event endpoint and all raw / CSV / syslog products to the /raw endpoint. + Uses cached connection config after first successful send for performance. """ # Build endpoint bases to try (env override → us1 → usea1 → global) env_event = os.getenv("S1_HEC_EVENT_URL_BASE") @@ -921,6 +1149,57 @@ def send_one(line, product: str, attr_fields: dict): last_error: Optional[Exception] = None + # Batch mode: enqueue and return + if _BATCH_ENABLED: + if product in JSON_PRODUCTS: + payload = _envelope(line, product, attr_fields, event_time) + line_str = json.dumps(payload, separators=(",", ":")) + _batch_enqueue(line_str, True, product, attr_fields) + else: + if isinstance(line, (dict, list)): + line_str = json.dumps(line, separators=(",", ":")) + else: + line_str = str(line) + _batch_enqueue(line_str, False, product, attr_fields) + return {"status": "QUEUED"} + + # Try cached config first (fast path after first successful send) + if _CONNECTION_CACHE['configured']: + try: + if _CONNECTION_CACHE['session'] is None: + _CONNECTION_CACHE['session'] = _make_poster( + _CONNECTION_CACHE['verify'], + _CONNECTION_CACHE['tls_low'] + ) + + POST = _CONNECTION_CACHE['session'] + headers_auth = {**HEADERS} + headers_auth["Authorization"] = f"{_CONNECTION_CACHE['auth_scheme']} {HEC_TOKEN}" + + if product in JSON_PRODUCTS: + url = _CONNECTION_CACHE['event_base'] + payload = _envelope(line, product, attr_fields, event_time) + headers = {**headers_auth, "Content-Type": "application/json"} + resp = POST(url, headers=headers, json=payload, timeout=10) + else: + url = f"{_CONNECTION_CACHE['raw_base']}?{_build_qs(product)}" + payload = line + headers = {**headers_auth, "Content-Type": "text/plain"} + resp = POST(url, headers=headers, data=payload, timeout=10) + + resp.raise_for_status() + try: + return resp.json() + except ValueError: + return {"status": "OK", "code": resp.status_code} + except Exception as e: + # Cache failed, fall through to full retry logic + if DEBUG: + print(f"[DEBUG] Cached config failed: {e}, trying full retry") + _CONNECTION_CACHE['configured'] = False + _CONNECTION_CACHE['session'] = None + + # Full retry logic (slow path for first send or after cache failure) for event_base, raw_base in bases: for verify, tls_low in combos: POST = _make_poster(verify=verify, tls_low=tls_low) @@ -933,14 +1212,21 @@ def send_one(line, product: str, attr_fields: dict): if product in JSON_PRODUCTS: # JSON payload → /event url = event_base - payload = _envelope(line, product, attr_fields) + payload = _envelope(line, product, attr_fields, event_time) headers = {**headers_auth, "Content-Type": "application/json"} + if DEBUG: + print(f"[DEBUG] Sending to {url}") + print(f"[DEBUG] Sourcetype: {payload.get('sourcetype')}") + print(f"[DEBUG] Payload: {payload}") resp = POST(url, headers=headers, json=payload, timeout=10) else: # Raw payload → /raw url = f"{raw_base}?{_build_qs(product)}" payload = line headers = {**headers_auth, "Content-Type": "text/plain"} + if DEBUG: + print(f"[DEBUG] Sending to {url}") + print(f"[DEBUG] Payload (first 200 chars): {str(payload)[:200]}") resp = POST(url, headers=headers, data=payload, timeout=10) # If unauthorized with Splunk, retry with Bearer (handled by loop) @@ -948,6 +1234,16 @@ def send_one(line, product: str, attr_fields: dict): continue resp.raise_for_status() + + # Success! Cache this config for future sends + _CONNECTION_CACHE['configured'] = True + _CONNECTION_CACHE['event_base'] = event_base + _CONNECTION_CACHE['raw_base'] = raw_base + _CONNECTION_CACHE['verify'] = verify + _CONNECTION_CACHE['tls_low'] = tls_low + _CONNECTION_CACHE['auth_scheme'] = scheme + _CONNECTION_CACHE['session'] = POST + try: return resp.json() except ValueError: @@ -1100,9 +1396,23 @@ def send_many_with_spacing(lines, product: str, attr_fields: dict, ) parser.add_argument("--marketplace-parser", type=str, help="Use a specific marketplace parser (e.g., marketplace-awscloudtrail-latest)") + parser.add_argument("--verbosity", type=str, choices=['quiet', 'info', 'verbose', 'debug'], + default='info', + help="Output verbosity: quiet (no output), info (periodic stats), verbose (every event), debug (all details)") parser.add_argument("--print-responses", action="store_true", - help="Print all HEC responses instead of a concise summary") + help="(Deprecated: use --verbosity verbose) Print all HEC responses") + parser.add_argument("--speed-mode", action="store_true", + help="Speed mode: pre-generate 1K events and loop for max throughput") + parser.add_argument("--metadata", type=str, default=None, + help="Custom metadata fields as JSON object (e.g., '{\"scenario.trace_id\":\"abc-123\",\"environment\":\"test\"}')") args = parser.parse_args() + + # Backward compatibility: --print-responses sets verbosity to verbose + if args.print_responses: + args.verbosity = 'verbose' + + # Set module-level verbosity for batch logging (no global needed since it's already module-level) + _VERBOSITY = args.verbosity # Handle marketplace parser name if args.marketplace_parser: @@ -1126,15 +1436,183 @@ def send_many_with_spacing(lines, product: str, attr_fields: dict, mod_name, func_names = PROD_MAP[product] gen_mod = importlib.import_module(mod_name) - # ATTR_FIELDS removed - generators now produce realistic fields only - attr_fields = {} # Empty dict since we removed ATTR_FIELDS + + # Parse custom metadata fields if provided + attr_fields = {} + if args.metadata: + try: + attr_fields = json.loads(args.metadata) + if not isinstance(attr_fields, dict): + print(f"Error: --metadata must be a JSON object, got {type(attr_fields).__name__}") + sys.exit(1) + print(f"Using custom metadata fields: {attr_fields}", flush=True) + except json.JSONDecodeError as e: + print(f"Error: Invalid JSON in --metadata argument: {e}") + sys.exit(1) + generators = [getattr(gen_mod, fn) for fn in func_names] - events = [generators[i % len(generators)]() for i in range(args.count)] - + # For large counts (continuous mode), stream events instead of pre-generating + STREAMING_THRESHOLD = 10000 + if args.count == 1: - print("HEC response:", send_one(events[0], product, attr_fields)) + event = generators[0]() + print("HEC response:", send_one(event, product, attr_fields)) + elif args.count > STREAMING_THRESHOLD: + # Streaming mode for continuous/large counts - generate on the fly + print(f"Starting continuous send mode (spacing {args.min_delay}s – {args.max_delay}s)…", flush=True) + + # Establish connection with first event BEFORE enabling batch mode + # This prevents blocking during the first batch flush + if _BATCH_ENABLED: + if args.verbosity in ('info', 'verbose', 'debug'): + print("[BATCH] Establishing connection with first event...", flush=True) + first_event = generators[0]() + # Temporarily disable batch mode for connection setup + import os + original_batch = os.environ.get('S1_HEC_BATCH') + os.environ['S1_HEC_BATCH'] = '0' + globals()['_BATCH_ENABLED'] = False + + try: + result = send_one(first_event, product, attr_fields) + if args.verbosity == 'debug': + print(f"[BATCH] Connection established: {result}", flush=True) + except Exception as e: + print(f"[BATCH] Failed to establish connection: {e}", flush=True) + finally: + # Re-enable batch mode + if original_batch: + os.environ['S1_HEC_BATCH'] = original_batch + globals()['_BATCH_ENABLED'] = True + + # Enable pipelined batch sending for high throughput (>1K EPS) + if args.min_delay < 0.001: # >1K EPS + _start_batch_sender(queue_size=20) # Allow up to 20 batches in flight + if args.verbosity in ('info', 'verbose', 'debug'): + print("[BATCH] Enabled pipelined sending for high throughput", flush=True) + + # Start from event 2 since we already sent event 1 + start_idx = 1 + else: + start_idx = 0 + + # Speed mode: pre-generate 1K events and loop through them + speed_events = None + if args.speed_mode: + if args.verbosity in ('info', 'verbose', 'debug'): + print("[SPEED] Pre-generating 1000 events for maximum throughput...", flush=True) + speed_events = [generators[i % len(generators)]() for i in range(1000)] + if args.verbosity in ('info', 'verbose', 'debug'): + print(f"[SPEED] Pre-generated {len(speed_events)} events, looping continuously", flush=True) + + ok = 0 + fail = 0 + samples = [] + last_status_time = time.time() + status_interval = 5.0 # seconds + start_time = time.time() + + for i in range(start_idx, args.count): + try: + # Use pre-generated events in speed mode, otherwise generate on the fly + if args.speed_mode: + # Get pre-generated event + # For ultra-high EPS (>10K), skip timestamp updates to reduce overhead + # Timestamps will be slightly stale but throughput is prioritized + event = speed_events[i % len(speed_events)] + + # Only update timestamps for moderate EPS (<10K) + if args.min_delay >= 0.0001: # ~10K EPS threshold + # Update timestamps for JSON events + if isinstance(event, dict): + current_time = time.time() + current_time_ms = int(current_time * 1000) + current_time_s = int(current_time) + # Update common timestamp fields + for ts_field in ['eventtime', 'timestamp', 'time', '@timestamp', 'event_time', 'logTime', 'createdAt', 'datetime']: + if ts_field in event: + # Handle different timestamp formats + if isinstance(event[ts_field], int): + # Check if milliseconds (>1e12) or seconds + if event[ts_field] > 1e12: + event[ts_field] = current_time_ms + else: + event[ts_field] = current_time_s + elif isinstance(event[ts_field], float): + event[ts_field] = current_time + elif isinstance(event[ts_field], str): + # ISO format timestamp + event[ts_field] = datetime.utcnow().isoformat() + 'Z' + else: + event = generators[i % len(generators)]() + result = send_one(event, product, attr_fields) + + # Verbose mode: print every response + if args.verbosity == 'verbose': + print(f"Response {i+1 if start_idx == 0 else i}:", result, flush=True) + + if isinstance(result, dict) and (result.get('code') == 0 or result.get('status') in ('OK', 'QUEUED')): + ok += 1 + else: + fail += 1 + if len(samples) < 3: + samples.append(result) + + # Check and flush batches periodically (in batch mode) + # At high EPS, check less frequently to reduce overhead + check_interval = 1000 if args.min_delay < 0.001 else 10 # Every 1000 events for >1K EPS, else every 10 + if _BATCH_ENABLED and (i + 1) % check_interval == 0: + _batch_check_and_flush() + + # Info mode: periodic status updates every 5 seconds + current_time = time.time() + if args.verbosity == 'info' and (current_time - last_status_time) >= status_interval: + elapsed = current_time - start_time + total_sent = i + 1 - start_idx + actual_eps = total_sent / elapsed if elapsed > 0 else 0 + success_rate = (ok / total_sent * 100) if total_sent > 0 else 0 + print(f"INFO: {total_sent} events sent | {actual_eps:.1f} EPS | {ok} success ({success_rate:.1f}%) | {fail} failed", flush=True) + last_status_time = current_time + + # Sleep between events (skip for ultra-high EPS where sleep overhead dominates) + # Python's time.sleep() has ~1ms overhead, so skip for delays < 0.001s (>1000 EPS) + if args.min_delay >= 0.001: + time.sleep(random.uniform(args.min_delay, args.max_delay)) + + except KeyboardInterrupt: + print(f"\nStopped by user after {i+1} events", flush=True) + break + except Exception as e: + print(f"Error at event {i+1}: {e}", flush=True) + fail += 1 + + # Flush any remaining batches + if _BATCH_ENABLED: + if args.verbosity in ('info', 'verbose', 'debug'): + print("\n[BATCH] Flushing remaining batches...", flush=True) + _batch_check_and_flush() + # Force flush all buffers + with _BATCH_LOCK: + for key in list(_BATCH_BUFFERS.keys()): + _flush_batch_locked(key) + + # Wait for pipelined batches to complete + if _BATCH_SEND_QUEUE is not None: + if args.verbosity in ('info', 'verbose', 'debug'): + print("[BATCH] Waiting for pipelined batches to complete...", flush=True) + _BATCH_SEND_QUEUE.join() # Wait for all queued batches to be sent + if args.verbosity in ('info', 'verbose', 'debug'): + print("[BATCH] All batches sent", flush=True) + + print(f"\nDone. Delivered {ok}/{i+1} successfully. Failures: {fail}.") + if samples: + print("Sample failure responses:") + for s in samples: + print(" -", s) else: + # Original batch mode for reasonable counts + events = [generators[i % len(generators)]() for i in range(args.count)] print(f"Sending {args.count} events one-by-one " f"(spacing {args.min_delay}s – {args.max_delay}s)…", flush=True) results = send_many_with_spacing( diff --git a/event_generators/shared/parser_map.py b/Backend/event_generators/shared/parser_map.py similarity index 100% rename from event_generators/shared/parser_map.py rename to Backend/event_generators/shared/parser_map.py diff --git a/event_generators/shared/requirements.txt b/Backend/event_generators/shared/requirements.txt similarity index 100% rename from event_generators/shared/requirements.txt rename to Backend/event_generators/shared/requirements.txt diff --git a/event_generators/shared/s1_api_client.py b/Backend/event_generators/shared/s1_api_client.py similarity index 100% rename from event_generators/shared/s1_api_client.py rename to Backend/event_generators/shared/s1_api_client.py diff --git a/event_generators/shared/starfleet_characters.py b/Backend/event_generators/shared/starfleet_characters.py similarity index 100% rename from event_generators/shared/starfleet_characters.py rename to Backend/event_generators/shared/starfleet_characters.py diff --git a/event_generators/web_security/akamai_cdn.py b/Backend/event_generators/web_security/akamai_cdn.py similarity index 100% rename from event_generators/web_security/akamai_cdn.py rename to Backend/event_generators/web_security/akamai_cdn.py diff --git a/event_generators/web_security/akamai_dns.py b/Backend/event_generators/web_security/akamai_dns.py similarity index 100% rename from event_generators/web_security/akamai_dns.py rename to Backend/event_generators/web_security/akamai_dns.py diff --git a/event_generators/web_security/akamai_general.py b/Backend/event_generators/web_security/akamai_general.py similarity index 100% rename from event_generators/web_security/akamai_general.py rename to Backend/event_generators/web_security/akamai_general.py diff --git a/event_generators/web_security/akamai_sitedefender.py b/Backend/event_generators/web_security/akamai_sitedefender.py similarity index 100% rename from event_generators/web_security/akamai_sitedefender.py rename to Backend/event_generators/web_security/akamai_sitedefender.py diff --git a/event_generators/web_security/cloudflare_general.py b/Backend/event_generators/web_security/cloudflare_general.py similarity index 100% rename from event_generators/web_security/cloudflare_general.py rename to Backend/event_generators/web_security/cloudflare_general.py diff --git a/event_generators/web_security/cloudflare_waf.py b/Backend/event_generators/web_security/cloudflare_waf.py similarity index 100% rename from event_generators/web_security/cloudflare_waf.py rename to Backend/event_generators/web_security/cloudflare_waf.py diff --git a/event_generators/web_security/imperva_sonar.py b/Backend/event_generators/web_security/imperva_sonar.py similarity index 100% rename from event_generators/web_security/imperva_sonar.py rename to Backend/event_generators/web_security/imperva_sonar.py diff --git a/event_generators/web_security/imperva_waf.py b/Backend/event_generators/web_security/imperva_waf.py similarity index 100% rename from event_generators/web_security/imperva_waf.py rename to Backend/event_generators/web_security/imperva_waf.py diff --git a/event_generators/web_security/incapsula.py b/Backend/event_generators/web_security/incapsula.py similarity index 100% rename from event_generators/web_security/incapsula.py rename to Backend/event_generators/web_security/incapsula.py diff --git a/event_generators/web_security/netskope.py b/Backend/event_generators/web_security/netskope.py similarity index 100% rename from event_generators/web_security/netskope.py rename to Backend/event_generators/web_security/netskope.py diff --git a/event_generators/web_security/zscaler_firewall.py b/Backend/event_generators/web_security/zscaler-trigger-detections.py similarity index 82% rename from event_generators/web_security/zscaler_firewall.py rename to Backend/event_generators/web_security/zscaler-trigger-detections.py index 6efe8aa..ed5c476 100644 --- a/event_generators/web_security/zscaler_firewall.py +++ b/Backend/event_generators/web_security/zscaler-trigger-detections.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 + """ -Zscaler Firewall event generator Generates synthetic Zscaler firewall and security events """ import json @@ -10,7 +10,7 @@ from typing import Dict # Actions taken by firewall -ACTIONS = ["Allow", "Block", "Drop", "Redirect"] +ACTIONS = ["Allow"] # Protocols PROTOCOLS = ["TCP", "UDP", "ICMP", "GRE", "ESP"] @@ -24,16 +24,9 @@ # Threat categories THREAT_CATEGORIES = [ - "Malware", - "Phishing", - "Botnet", "Command & Control", - "Cryptocurrency Mining", - "Adware", - "Spyware", "Ransomware", - "Data Theft", - "DNS Tunneling" + ] # Countries @@ -49,7 +42,7 @@ def generate_ip() -> str: def zscaler_firewall_log() -> str: """Generate a single Zscaler Firewall event log""" now = datetime.now(timezone.utc) - event_time = now - timedelta(minutes=random.randint(0, 1440)) + event_time = now - timedelta(minutes=random.randint(0, 5)) action = random.choice(ACTIONS) protocol = random.choice(PROTOCOLS) @@ -99,18 +92,43 @@ def zscaler_firewall_log() -> str: } # Add threat detection fields for blocked traffic - if action in ["Block", "Drop"]: + if action in ["Allow"]: if random.choice([True, False]): # 50% chance of threat detection event.update({ - "threat_category": random.choice(THREAT_CATEGORIES), - "threat_name": random.choice([ - "Trojan.GenKryptik", - "Adware.Bundler", - "Phishing.Generic", - "Botnet.Zeus", - "Ransomware.WannaCry", - "Cryptominer.Generic" - ]), + "threatcat": random.choice(THREAT_CATEGORIES), + "threatname": random.choice([ + "cobaltstrike", + "8base", + "abyss", + "akira", + "alphv", + "babuk", + "bashe", + "bianlian", + "blackbasta", + "blackout", + "blacksuit", + "braincipher", + "cactus", + "ciphbit", + "clop", + "everest", + "hunters", + "kairos", + "killsecurity", + "lockbit", + "lynx", + "medusa", + "moneymessage", + "nitrogen", + "ragroup", + "revil", + "ransom", + "rhysida", + "qilin", + "spacebears", + "termite" + ]), "threat_score": random.randint(1, 100), "file_hash": f"{''.join(random.choices('abcdef0123456789', k=64))}", "file_name": random.choice([ @@ -170,8 +188,8 @@ def zscaler_firewall_log() -> str: if __name__ == "__main__": # Generate sample events - print("Sample Zscaler Firewall Events:") + #print("Sample Zscaler Firewall Events:") print("=" * 50) - for i in range(3): - print(f"\nEvent {i+1}:") + for i in range(5): + #print(f"\nEvent {i+1}:") print(zscaler_firewall_log()) \ No newline at end of file diff --git a/Backend/event_generators/web_security/zscaler_dns.py b/Backend/event_generators/web_security/zscaler_dns.py new file mode 100644 index 0000000..bb5f3eb --- /dev/null +++ b/Backend/event_generators/web_security/zscaler_dns.py @@ -0,0 +1,118 @@ +#!/usr/bin/env python3 +""" +Zscaler Firewall event generator +Generates synthetic Zscaler firewall and security events +""" +import json +import random +import time +from datetime import datetime, timezone, timedelta +from typing import Dict + +# Actions taken by firewall +ACTIONS = ["Allow", "Block", "Drop", "Redirect"] + +# DNS Record types +DNSRECORD = ["A","AAAA","SRV","HTTPS"] + +# Protocols +PROTOCOLS = ["TCP", "UDP", "ICMP", "GRE", "ESP"] + +# Applications detected +APPLICATIONS = [ + "HTTP", "HTTPS", "SSH", "FTP", "DNS", "SMTP", "POP3", "IMAP", + "Facebook", "YouTube", "Twitter", "WhatsApp", "Skype", "Zoom", + "Dropbox", "OneDrive", "GoogleDrive", "Box", "Slack", "Teams" +] + +# Threat categories +THREAT_CATEGORIES = [ + "Malware", + "Phishing", + "Botnet", + "Command & Control", + "Cryptocurrency Mining", + "Adware", + "Spyware", + "Ransomware", + "Data Theft", + "DNS Tunneling" +] + +# Countries +COUNTRIES = ["US", "CA", "GB", "DE", "FR", "CN", "RU", "IN", "BR", "JP", "AU", "IT"] + +# Departments +DEPARTMENTS = ["IT", "Sales", "Marketing", "Finance", "HR", "Engineering", "Legal", "Operations"] + +# DNS Requests +REQUESTS = ["google.com","linkedin.com","amazon.com","cloudflare.com"] + +# DNS RESPONSES +RESPONSES = ["1.1.1.1","2.2.2.2","3.3.3.3","4.4.4.4"] + +# Categories +CATEGORIES = ["Internet Services","Social Networking","Ecommerce","Internet Infrastructure"] + +def generate_ip() -> str: + """Generate a random IP address""" + return f"{random.randint(1, 223)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 254)}" + +def zscaler_firewall_log() -> str: + """Generate a single Zscaler Firewall event log""" + now = datetime.now(timezone.utc) + event_time = now - timedelta(minutes=random.randint(0, 5)) + + action = random.choice(ACTIONS) + protocol = random.choice(PROTOCOLS) + app = random.choice(APPLICATIONS) + dns = random.choice(DNSRECORD) + request = random.choice(REQUESTS) + response = random.choice(RESPONSES) + category = random.choice(CATEGORIES) + + event = { + "datetime": event_time.isoformat(), + "user": f"user{random.randint(1, 100)}@company.com", + "department": random.choice(DEPARTMENTS), + "location": random.choice(["San Jose", "New York", "London", "Frankfurt", "Tokyo"]), + "reqaction": action, + "resaction": action, + "reqrulelabel":"Default Firewall DNS Rule", + "resrulelabel":"Default Firewall DNS Rule", + "dns_reqtype": dns, + "dns_req": request, + "dns_resp": response, + "srv_dport":"53", + "durationms":"2", + "clt_sip":f"10.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 254)}", + "srv_dip":f"{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}", + "category": category, + "respipcategory":"Professional Services", + "deviceowner":"test_owner", + "devicehostname":"test_hostname" + } + + # Add OCSF compliance fields + event.update({ + "class_uid": 4001, + "class_name": "Network Activity", + "category_uid": 4, + "category_name": "Network Activity", + "activity_id": 6, + "activity_name": "Traffic", + "type_uid": 400106, + "severity_id": 4 if action == "Block" else 2 if action == "Drop" else 1, + "status_id": 2 if action in ["Block", "Drop"] else 1 + }) + + # Return JSON for the proven Cisco Duo-style parser + return json.dumps(event) + +if __name__ == "__main__": + # Generate sample events + # print("Sample Zscaler Firewall Events:") + #print("=" * 50) + for i in range(100): + #print(f"\nEvent {i+1}:") + print(zscaler_firewall_log()) \ No newline at end of file diff --git a/event_generators/web_security/zscaler_dns_firewall.py b/Backend/event_generators/web_security/zscaler_dns_firewall.py similarity index 93% rename from event_generators/web_security/zscaler_dns_firewall.py rename to Backend/event_generators/web_security/zscaler_dns_firewall.py index 3cbc08e..dd0984c 100644 --- a/event_generators/web_security/zscaler_dns_firewall.py +++ b/Backend/event_generators/web_security/zscaler_dns_firewall.py @@ -118,8 +118,11 @@ def zscaler_dns_firewall_log() -> Dict: if __name__ == "__main__": # Generate sample events - print("Sample Zscaler DNS Firewall Events:") - print("=" * 50) - for i in range(3): - print(f"\nEvent {i+1}:") - print(zscaler_dns_firewall_log()) \ No newline at end of file + #print("Sample Zscaler DNS Firewall Events:") + #print("=" * 50) + for i in range(100): + #print(f"\nEvent {i+1}:") + event_string = json.dumps(zscaler_dns_firewall_log()) + #perfect_event_string = event_string.replace("'",'"') + print(event_string) + #print(perfect_event_string) \ No newline at end of file diff --git a/Backend/event_generators/web_security/zscaler_firewall.py b/Backend/event_generators/web_security/zscaler_firewall.py new file mode 100644 index 0000000..8495d5a --- /dev/null +++ b/Backend/event_generators/web_security/zscaler_firewall.py @@ -0,0 +1,178 @@ +#!/usr/bin/env python3 +""" +Zscaler Firewall event generator +Generates synthetic Zscaler firewall and security events +""" +import json +import random +import time +from datetime import datetime, timezone, timedelta +from typing import Dict + +# Actions taken by firewall +ACTIONS = ["Allow", "Block", "Drop", "Redirect"] + +# Protocols +PROTOCOLS = ["TCP", "UDP", "ICMP", "GRE", "ESP"] + +# Applications detected +APPLICATIONS = [ + "HTTP", "HTTPS", "SSH", "FTP", "DNS", "SMTP", "POP3", "IMAP", + "Facebook", "YouTube", "Twitter", "WhatsApp", "Skype", "Zoom", + "Dropbox", "OneDrive", "GoogleDrive", "Box", "Slack", "Teams", "QUIC" +] + +# Threat categories +THREAT_CATEGORIES = [ + "Malware", + "Phishing", + "Botnet", + "Command & Control", + "Cryptocurrency Mining", + "Adware", + "Spyware", + "Ransomware", + "Data Theft", + "DNS Tunneling" +] + +# Countries +COUNTRIES = ["US", "CA", "GB", "DE", "FR", "CN", "RU", "IN", "BR", "JP", "AU", "IT"] + +# Departments +DEPARTMENTS = ["IT", "Sales", "Marketing", "Finance", "HR", "Engineering", "Legal", "Operations"] + +#Rules +RULES = ["Recommended Firewall Rule", "Default Firewall Filtering Rule", "Block QUIC", "Proxy Bypass"] + +def generate_ip() -> str: + """Generate a random IP address""" + return f"{random.randint(1, 223)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 254)}" + +def zscaler_firewall_log() -> str: + """Generate a single Zscaler Firewall event log""" + now = datetime.now(timezone.utc) + event_time = now - timedelta(minutes=random.randint(0, 5)) + + action = random.choice(ACTIONS) + protocol = random.choice(PROTOCOLS) + app = random.choice(APPLICATIONS) + user = f"user{random.randint(1, 100)}@company.com", + event = { + "datetime": event_time.isoformat(), + "user": user, + "department": random.choice(DEPARTMENTS), + "locationname": random.choice(["San Jose", "New York", "London", "Frankfurt", "Tokyo"]), + "cdport": random.choice([22, 23, 25, 53, 80, 143, 443, 993, 995, 8080]), + "csport": random.randint(32768, 65535), + "sdport":"0", + "ssport":"0", + "csip":f"10.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 254)}", + "cdip": generate_ip(), + "ssip":"0.0.0.0", + "sdip":"0.0.0.0", + "tsip": generate_ip(), + "tunsport":"0", + "tuntype":"ZscalerClientConnector", + "action": action, + "dnat":"No", + "stateful":"Yes", + "aggregate":"No", + "nwsvc": app, + "nwapp":"udp", + "proto":"UDP", + "ipcat":"Miscellaneous or Unknown", + "destcountry": random.choice(COUNTRIES), + "avgduration":random.randint(1000, 5000), + "rulelabel": random.choice(RULES), + "inbytes":random.randint(0, 5000), + "outbytes":random.randint(0, 5000), + "duration":random.randint(0, 10), + "durationms":random.randint(0, 5000), + "numsessions":"1", + "ipsrulelabel":"None", + "threatcat":"None", + "threatname":"None", + "deviceowner":"user", + "devicehostname": f"DEVICE{random.randint(1, 100)}", + "threat_score":"0", + "threat_severity":"None" + } + + # Add threat detection fields for blocked traffic + if action in ["Block", "Drop"]: + if random.choice([True, False]): # 50% chance of threat detection + event.update({ + "threatcat": random.choice(THREAT_CATEGORIES), + "threatnam": random.choice([ + "Trojan.GenKryptik", + "Adware.Bundler", + "Phishing.Generic", + "Botnet.Zeus", + "Ransomware.WannaCry", + "Cryptominer.Generic" + ]), + "threat_score": random.randint(1, 100), + "file_hash": f"{''.join(random.choices('abcdef0123456789', k=64))}", + "file_name": random.choice([ + "document.pdf.exe", + "invoice.zip", + "update.exe", + "photo.jpg.scr" + ]) + }) + + # Add URL category for web traffic + if app in ["HTTP", "HTTPS"] or "Web" in event.get("nwapp", ""): + event.update({ + "url": random.choice([ + "http://malicious-site.com/payload", + "https://phishing-bank.net/login", + "http://c2-server.org/beacon", + "https://legitimate-site.com/page" + ]), + "url_category": random.choice([ + "Business", "Social Networking", "News/Media", "Shopping", + "Malware", "Phishing", "Command & Control", "Adult/Mature" + ]), + "referer": random.choice([ + "https://google.com/search", + "https://company.com/", + "https://malicious-redirect.com/" + ]), + "http_method": random.choice(["GET", "POST", "PUT", "DELETE"]), + "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", + "response_code": random.choice([200, 302, 403, 404, 500]) + }) + + # Add tunnel information for VPN traffic + if random.choice([True, False]): # 30% chance of tunnel traffic + event.update({ + "tunnel_type": random.choice(["GRE", "IPSec", "SSL", "L2TP"]), + "tunnel_id": f"tunnel_{random.randint(1000, 9999)}", + "encrypted": "Yes" + }) + + # Add OCSF compliance fields + event.update({ + "class_uid": 4001, + "class_name": "Network Activity", + "category_uid": 4, + "category_name": "Network Activity", + "activity_id": 6, + "activity_name": "Traffic", + "type_uid": 400106, + "severity_id": 4 if action == "Block" else 2 if action == "Drop" else 1, + "status_id": 2 if action in ["Block", "Drop"] else 1 + }) + + # Return JSON for the proven Cisco Duo-style parser + return json.dumps(event) + +if __name__ == "__main__": + # Generate sample events + # print("Sample Zscaler Firewall Events:") + #print("=" * 50) + for i in range(100): + #print(f"\nEvent {i+1}:") + print(zscaler_firewall_log()) \ No newline at end of file diff --git a/Backend/event_generators/web_security/zscaler_private_access.py b/Backend/event_generators/web_security/zscaler_private_access.py new file mode 100644 index 0000000..022671e --- /dev/null +++ b/Backend/event_generators/web_security/zscaler_private_access.py @@ -0,0 +1,173 @@ +#!/usr/bin/env python3 +""" +Zscaler Private Access Event Generator +Generates synthetic ZPA zero-trust network access events for testing +""" + +import random +import time +import json +from datetime import datetime, timezone, timedelta + +# SentinelOne AI-SIEM specific field attributes +def zscaler_private_access_log(): + """Generate a synthetic Zscaler Private Access log event in JSON format.""" + + # Generate timestamp + now = datetime.now(timezone.utc) + + # ZPA event types + event_types = ["UserActivity", "AppConnectorStatus", "UserStatus", "PolicyViolation", "Authentication"] + event_type = random.choice(event_types) + + # Generate common fields + user_email = f"user{random.randint(1000,9999)}@company.com" + client_ip = f"{random.randint(1,223)}.{random.randint(0,255)}.{random.randint(0,255)}.{random.randint(1,254)}" + + # Build the JSON log entry matching marketplace parser expectations + zpa_event = { + "LogTimestamp": now.isoformat().replace("+00:00", "Z"),"Customer": "company.com","SessionID": f"{random.randint(10000000, 99999999)}", \ + "ConnectionID": f"conn_{random.randint(1000000, 9999999)}", \ + "InternalReason": "", \ + "ConnectionStatus": random.choice(["active", "closed", "timeout"]), \ + "IPProtocol": random.randint(1, 255), \ + "DoubleEncryption": random.randint(0, 1), \ + "Username": user_email, \ + "ServicePort": random.choice([443, 8443, 3389, 22, 445]), \ + "ClientPublicIP": client_ip, \ + "ClientPrivateIP": f"10.{random.randint(0,255)}.{random.randint(0,255)}.{random.randint(1,254)}", \ + "ClientLatitude": round(random.uniform(-90, 90), 6), \ + "ClientLongitude": round(random.uniform(-180, 180), 6), \ + "ClientCountryCode": random.choice(["US", "GB", "DE", "FR", "JP", "AU"]), \ + "ClientZEN": f"zen{random.randint(1,10)}.zscaler.net", \ + "Policy": f"Policy_{random.randint(1,50)}", \ + "Connector": f"zpa-connector-{random.randint(10,99)}", \ + "ConnectorZEN": f"zen{random.randint(1,10)}.zscaler.net", \ + "ConnectorIP": f"172.16.{random.randint(0,255)}.{random.randint(1,254)}", \ + "ConnectorPort": random.randint(49152, 65535), \ + "Host": f"app{random.randint(1,20)}.internal.company.com", \ + "Application": random.choice(["Internal-CRM", "HR-Portal", "Dev-Environment", "Finance-DB", "Manufacturing-SCADA"]), \ + "AppGroup": random.choice(["Business_Apps", "Developer_Tools", "Admin_Tools"]), \ + "Server": f"server{random.randint(1,50)}.company.local", \ + "ServerIP": f"10.{random.randint(0,255)}.{random.randint(0,255)}.{random.randint(1,254)}", \ + "ServerPort": random.choice([443, 8080, 3000, 5000]), \ + "ServerProtocol": random.choice(["HTTPS", "HTTP", "TCP", "UDP"]), \ + "Type": event_type, \ + "ZENLatitude": round(random.uniform(-90, 90), 6), \ + "ZENLongitude": round(random.uniform(-180, 180), 6), \ + "ZENCountryCode": random.choice(["US", "GB", "DE", "FR", "JP", "AU"]), \ + "TimestampRequestReceiveStart": now.isoformat(), \ + "TimestampRequestReceiveHeaderFinish": (now + timedelta(milliseconds=random.randint(1, 10))).isoformat(), \ + "TimestampRequestReceiveFinish": (now + timedelta(milliseconds=random.randint(10, 50))).isoformat(), \ + "TimestampRequestTransmitStart": (now + timedelta(milliseconds=random.randint(50, 100))).isoformat(), \ + "TimestampRequestTransmitFinish": (now + timedelta(milliseconds=random.randint(100, 200))).isoformat(), \ + "TimestampResponseReceiveStart": (now + timedelta(milliseconds=random.randint(200, 500))).isoformat(), \ + "TimestampResponseReceiveFinish": (now + timedelta(milliseconds=random.randint(500, 1000))).isoformat(), \ + "TimestampResponseTransmitStart": (now + timedelta(milliseconds=random.randint(1000, 1100))).isoformat(), \ + "TimestampResponseTransmitFinish": (now + timedelta(milliseconds=random.randint(1100, 1500))).isoformat(), \ + "TimestampCARx": (now + timedelta(milliseconds=random.randint(0, 5))).isoformat(), \ + "TimestampCATx": (now + timedelta(milliseconds=random.randint(1500, 2000))).isoformat(), \ + "TimestampAppLearnStart": "", \ + "TimestampZENFirstRxClient": (now + timedelta(milliseconds=random.randint(0, 10))).isoformat(), \ + "TimestampZENFirstTxClient": (now + timedelta(milliseconds=random.randint(10, 20))).isoformat(), \ + "TimestampZENLastRxClient": (now + timedelta(milliseconds=random.randint(1000, 1500))).isoformat(), \ + "TimestampZENLastTxClient": (now + timedelta(milliseconds=random.randint(1500, 2000))).isoformat(), \ + "TimestampConnectorZENSetupComplete": (now + timedelta(milliseconds=random.randint(0, 100))).isoformat(), \ + "TimestampZENFirstRxConnector": (now + timedelta(milliseconds=random.randint(100, 200))).isoformat(), \ + "TimestampZENFirstTxConnector": (now + timedelta(milliseconds=random.randint(200, 300))).isoformat(), \ + "TimestampZENLastRxConnector": (now + timedelta(milliseconds=random.randint(1000, 1500))).isoformat(), \ + "TimestampZENLastTxConnector": (now + timedelta(milliseconds=random.randint(1500, 2000))).isoformat(), \ + "ZENTotalBytesRxClient": random.randint(1024, 1048576), \ + "ZENBytesRxClient": random.randint(512, 524288), \ + "ZENTotalBytesTxClient": random.randint(1024, 1048576), \ + "ZENBytesTxClient": random.randint(512, 524288), \ + "ZENTotalBytesRxConnector": random.randint(1024, 1048576), \ + "ZENBytesRxConnector": random.randint(512, 524288), \ + "ZENTotalBytesTxConnector": random.randint(1024, 1048576), \ + "ZENBytesTxConnector": random.randint(512, 524288), \ + "Idp": random.choice(["Okta", "AzureAD", "Ping", "OneLogin"]), \ + "ClientToClient": "", \ + "ConnectionReason": "", \ + "TimestampUnAuthenticated": "", \ + "TotalTimeBlockedRequestTransmitFinish": 0, \ + "TotalTimeBlockedResponseReceiveFinish": 0, \ + "TotalTimeBlockedResponseTransmitFinish": 0, \ + "TotalTimeBlockedRequestReceiveFinish": 0, \ + "CPUUtilization": random.randint(1, 100), \ + "MemUtilization": random.randint(20, 95), \ + "ServicePortRange": "", \ + "ClientConnector": f"client-connector-{random.randint(1,5)}", \ + "ConnectorGroupID": f"GRP_{random.randint(100, 999)}", \ + "ConnectorGroup": "Default", \ + "PolicyProcessingTime": random.randint(1, 100), \ + "CAProcessingTime": random.randint(1, 50), \ + "AppLearnTime": 0, \ + "TimestampCAFirstRxApp": "", \ + "TimestampCAFirstTxApp": "", \ + "ServerSetupTime": random.randint(10, 500), \ + "TimestampCATxFirstReq": "", \ + "TimestampCAGapRxFirstReq": "", \ + "TimestampServerFirstRxCA": "", \ + "ClientCity": random.choice(["New York", "London", "Tokyo", "Sydney", "Frankfurt"]), \ + "ClientRegion": random.choice(["Americas", "EMEA", "APAC"]), \ + "ClientZENCity": random.choice(["San Jose", "London", "Tokyo", "Sydney", "Frankfurt"]), \ + "ZENCity": random.choice(["San Jose", "London", "Tokyo", "Sydney", "Frankfurt"]), \ + "ConnectorZENCity": random.choice(["San Jose", "London", "Tokyo", "Sydney", "Frankfurt"]), \ + "ConnectorCity": random.choice(["New York", "London", "Tokyo", "Sydney", "Frankfurt"]), \ + "ConnectorCountryCode": random.choice(["US", "GB", "DE", "FR", "JP", "AU"]), \ + "ConnectorLatitude": round(random.uniform(-90, 90), 6), \ + "ConnectorLongitude": round(random.uniform(-180, 180), 6), \ + "Method": random.choice(["GET", "POST", "PUT", "DELETE", "HEAD"]), \ + "URL": f"/api/v1/{random.choice(["users", "data", "reports", "config"])}/{random.randint(1,1000)}", \ + "HostHeader": f"app{random.randint(1,20)}.internal.company.com", \ + "UserAgent": random.choice([ \ + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/91.0", \ + "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/537.36", \ + "ZPA-Client/3.7.1.44" \ + ]), \ + "XFF": "", \ + "NameID": user_email, \ + "StatusCode": random.choice([200, 201, 204, 301, 302, 401, 403, 404, 500, 503]) if event_type != "PolicyViolation" else 403, \ + "RequestSize": random.randint(100, 10000), \ + "ResponseSize": random.randint(100, 100000), \ + "TotalBytesRx": random.randint(1000, 10000000), \ + "TotalBytesTx": random.randint(1000, 10000000), \ + "Exporter": "ZPA", \ + "TimestampRequestProxyConnSetupStart": "", \ + "TimestampRequestProxyConnSetupFinish": "", \ + "TotalTimeProxyConnSetup": 0, \ + "TotalTimeServerConnSetup": random.randint(10, 500), \ + "ServerConnSetupStartToFinish": random.randint(10, 500), \ + "Source": "USER", \ + "ClientCityGeoID": random.randint(1000000, 9999999), \ + "ClientStateOrProvince": random.choice(["NY", "CA", "TX", "FL", "IL", "WA"]), \ + "ClientPostalCode": f"{random.randint(10000, 99999)}", \ + "DeviceOwner": user_email, \ + "DeviceName": f"{user_email.split("@")[0]}-laptop", \ + "DeviceModel": random.choice(["MacBookPro", "ThinkPad", "Surface", "Dell Latitude"]), \ + "DeviceType": random.choice(["Laptop", "Desktop", "Mobile", "Tablet"]), \ + "DeviceOSType": random.choice(["Windows", "macOS", "Linux", "iOS", "Android"]), \ + "DeviceOSVersion": random.choice(["10.0", "11.0", "14.0", "22.04"]), \ + "DeviceHostName": f"device-{random.randint(1000, 9999)}.company.com", \ + "ConnectionCloseCode": random.choice(["0", "1", "2", "3"]) if event_type == "closed" else "", \ + "ConnectionCloseReason": "Normal closure" if event_type == "closed" else "", \ + "SAMLAttributes": json.dumps({"memberOf": ["group1", "group2"], "department": "Engineering"}), \ + "PostureUDID": f"UDID_{random.randint(100000, 999999)}", \ + "PostureTrustedNetwork": random.choice(["Corporate", "VPN", "Public"]), \ + "MicroTenantID": f"MT_{random.randint(100, 999)}", \ + "MicroTenantName": "Default" + + } + + return zpa_event + +if __name__ == "__main__": + # Generate and print sample events + #print("Zscaler Private Access JSON Format Examples:") + #print("=" * 60) + + for i in range(100): + event = zscaler_private_access_log() + json_string = json.dumps(event) + print(json_string) + #print(json.dumps(event, indent=2, default=str)[:500] + "...") \ No newline at end of file diff --git a/Backend/event_generators/web_security/zscaler_web.py b/Backend/event_generators/web_security/zscaler_web.py new file mode 100644 index 0000000..0cec224 --- /dev/null +++ b/Backend/event_generators/web_security/zscaler_web.py @@ -0,0 +1,129 @@ +#!/usr/bin/env python3 +""" +Zscaler Firewall event generator +Generates synthetic Zscaler firewall and security events +""" +import json +import random +import time +from datetime import datetime, timezone, timedelta +from typing import Dict + +# Actions taken by firewall +ACTIONS = ["Allow", "Block", "Drop", "Redirect"] + +# Protocols +PROTOCOLS = ["TCP", "UDP", "ICMP", "GRE", "ESP"] + +# Applications detected +APPLICATIONS = [ + "HTTP", "HTTPS", "SSH", "FTP", "DNS", "SMTP", "POP3", "IMAP", + "Facebook", "YouTube", "Twitter", "WhatsApp", "Skype", "Zoom", + "Dropbox", "OneDrive", "GoogleDrive", "Box", "Slack", "Teams", "QUIC" +] + +# Threat categories +THREAT_CATEGORIES = [ + "Malware", + "Phishing", + "Botnet", + "Command & Control", + "Cryptocurrency Mining", + "Adware", + "Spyware", + "Ransomware", + "Data Theft", + "DNS Tunneling" +] + +# Countries +COUNTRIES = ["US", "CA", "GB", "DE", "FR", "CN", "RU", "IN", "BR", "JP", "AU", "IT"] + +# Departments +DEPARTMENTS = ["IT", "Sales", "Marketing", "Finance", "HR", "Engineering", "Legal", "Operations"] + +#Rules +RULES = ["Recommended Firewall Rule", "Default Firewall Filtering Rule", "Block QUIC", "Proxy Bypass"] + +def generate_ip() -> str: + """Generate a random IP address""" + return f"{random.randint(1, 223)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 254)}" + +def zscaler_firewall_log() -> str: + """Generate a single Zscaler Firewall event log""" + now = datetime.now(timezone.utc) + event_time = now - timedelta(minutes=random.randint(0, 5)) + + action = random.choice(ACTIONS) + protocol = random.choice(PROTOCOLS) + app = random.choice(APPLICATIONS) + user = f"user{random.randint(1, 100)}@company.com", + + event = { + "datetime": event_time.isoformat(), + "reason":"Allowed", + "event_id": random.randint(1000000000000000000,9999999999999999999 ), + "protocol":"HTTP", + "action":"Allowed" + "transactionsize":random.randint(1,1000), + "responsesize":random.randint(1,1000), + "requestsize":random.randint(1,1000), + "urlcategory":"Internet Services", + "serverip": generate_ip(), + "requestmethod":"GET", + "refererURL":"None", + "useragent":"Mozilla/5.0", + "product":"NSS", + "location": random.choice(COUNTRIES) + "ClientIP":f"10.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 254)}", + "status":"200", + "user": user + "url":"www.msftconnecttest.com/connecttest.txt", + "vendor":"Zscaler", + "hostname":"www.msftconnecttest.com", + "clientpublicIP":generate_ip(), + "threatcategory":"None", + "threatname":"None", + "filetype":"None", + "appname":"General Browsing", + "app_status":"N/A", + "pagerisk":"0", + "threatseverity":"None", + "department": random.choice(DEPARTMENTS), + "urlsupercategory":"Internet Communication", + "appclass":"General Browsing", + "dlpengine":"None", + "urlclass":"Business Use", + "threatclass":"None", + "dlpdictionaries":"None", + "fileclass":"None", + "bwthrottle":"NO", + "contenttype":"text/plain", + "unscannabletype":"None", + "deviceowner": user, + "devicehostname":f"DEVICE{random.randint(1, 100)}", + "keyprotectiontype":"N/A" + } + # Add OCSF compliance fields + event.update({ + "class_uid": 4001, + "class_name": "Network Activity", + "category_uid": 4, + "category_name": "Network Activity", + "activity_id": 6, + "activity_name": "Traffic", + "type_uid": 400106, + "severity_id": 4 if action == "Block" else 2 if action == "Drop" else 1, + "status_id": 2 if action in ["Block", "Drop"] else 1 + }) + + # Return JSON for the proven Cisco Duo-style parser + return json.dumps(event) + +if __name__ == "__main__": + # Generate sample events + # print("Sample Zscaler Firewall Events:") + #print("=" * 50) + for i in range(100): + #print(f"\nEvent {i+1}:") + print(zscaler_firewall_log()) \ No newline at end of file diff --git a/Backend/goldenVersion-agent.json b/Backend/goldenVersion-agent.json new file mode 100644 index 0000000..d69535a --- /dev/null +++ b/Backend/goldenVersion-agent.json @@ -0,0 +1,33 @@ +// Configuration for the Scalyr Agent. For help: +// +// https://www.scalyr.com/help/scalyr-agent-2 + +{ + // Enter a "Write Logs" api key for your account. These are available at https://www.scalyr.com/keys + api_key: "", + + // Fields describing this server. These fields are attached to each log message, and + // can be used to filter data from a particular server or group of servers. + server_attributes: { + // Fill in this field if you'd like to override the server's hostname. + // serverHost: "REPLACE THIS", + + // You can add whatever additional fields you'd like. + // tier: "production" + } + + // Log files to upload to Scalyr. You can use '*' wildcards here. + logs: [ + { path: "/home/ubuntu/sample-logs/web_security/zscaler_private_access.log", attributes: {parser: "community-zscalerprivateaccess-latest"} }, + { path: "/home/ubuntu/sample-logs/web_security/zscaler-firewall.log", attributes: {parser: "community-zscalerfirewall-latest"} }, + { path: "/home/ubuntu/sample-logs/web_security/zscaler-dns-firewall.log", attributes: {parser: "community-zscalerdnsfirewall-latest"} }, + + + { path: "/home/ubuntu/sample-logs/identity_access/azure_ad.log", attributes: {parser: "community-azure-ad-latest"} }, + { path: "/home/ubuntu/sample-logs/identity_access/azure_ad_signin.log", attributes: {parser: "community-azure-ad-signin-latest"} }, + { path: "/home/ubuntu/sample-logs/identity_access/azuread.log", attributes: {parser: "community-azuread-latest"} }, + ], + + monitors: [ + ] +} \ No newline at end of file diff --git a/parsers/PARSER_TEMPLATE.json b/Backend/parsers/PARSER_TEMPLATE.json similarity index 100% rename from parsers/PARSER_TEMPLATE.json rename to Backend/parsers/PARSER_TEMPLATE.json diff --git a/parsers/community/abnormal_security_logs-latest/abnormal_security.json b/Backend/parsers/community/abnormal_security_logs-latest/abnormal_security.json similarity index 100% rename from parsers/community/abnormal_security_logs-latest/abnormal_security.json rename to Backend/parsers/community/abnormal_security_logs-latest/abnormal_security.json diff --git a/parsers/community/abnormal_security_logs-latest/metadata.yaml b/Backend/parsers/community/abnormal_security_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/abnormal_security_logs-latest/metadata.yaml rename to Backend/parsers/community/abnormal_security_logs-latest/metadata.yaml diff --git a/parsers/community/akamai_cdn-latest/akamai_cdn.json b/Backend/parsers/community/akamai_cdn-latest/akamai_cdn.json similarity index 100% rename from parsers/community/akamai_cdn-latest/akamai_cdn.json rename to Backend/parsers/community/akamai_cdn-latest/akamai_cdn.json diff --git a/parsers/community/akamai_cdn-latest/metadata.yaml b/Backend/parsers/community/akamai_cdn-latest/metadata.yaml similarity index 100% rename from parsers/community/akamai_cdn-latest/metadata.yaml rename to Backend/parsers/community/akamai_cdn-latest/metadata.yaml diff --git a/parsers/community/akamai_dns-latest/akamai_dns.json b/Backend/parsers/community/akamai_dns-latest/akamai_dns.json similarity index 100% rename from parsers/community/akamai_dns-latest/akamai_dns.json rename to Backend/parsers/community/akamai_dns-latest/akamai_dns.json diff --git a/parsers/community/akamai_dns-latest/metadata.yaml b/Backend/parsers/community/akamai_dns-latest/metadata.yaml similarity index 100% rename from parsers/community/akamai_dns-latest/metadata.yaml rename to Backend/parsers/community/akamai_dns-latest/metadata.yaml diff --git a/parsers/community/akamai_general-latest/akamai_general.json b/Backend/parsers/community/akamai_general-latest/akamai_general.json similarity index 100% rename from parsers/community/akamai_general-latest/akamai_general.json rename to Backend/parsers/community/akamai_general-latest/akamai_general.json diff --git a/parsers/community/akamai_general-latest/metadata.yaml b/Backend/parsers/community/akamai_general-latest/metadata.yaml similarity index 100% rename from parsers/community/akamai_general-latest/metadata.yaml rename to Backend/parsers/community/akamai_general-latest/metadata.yaml diff --git a/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.json b/Backend/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.json similarity index 100% rename from parsers/community/akamai_sitedefender-latest/akamai_sitedefender.json rename to Backend/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.json diff --git a/parsers/community/akamai_sitedefender-latest/metadata.yaml b/Backend/parsers/community/akamai_sitedefender-latest/metadata.yaml similarity index 100% rename from parsers/community/akamai_sitedefender-latest/metadata.yaml rename to Backend/parsers/community/akamai_sitedefender-latest/metadata.yaml diff --git a/parsers/community/apache_http_logs-latest/apache_http_logs.json b/Backend/parsers/community/apache_http_logs-latest/apache_http_logs.json similarity index 100% rename from parsers/community/apache_http_logs-latest/apache_http_logs.json rename to Backend/parsers/community/apache_http_logs-latest/apache_http_logs.json diff --git a/parsers/community/apache_http_logs-latest/metadata.yaml b/Backend/parsers/community/apache_http_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/apache_http_logs-latest/metadata.yaml rename to Backend/parsers/community/apache_http_logs-latest/metadata.yaml diff --git a/parsers/community/armis_armis_logs-latest/armis_armis_logs.json b/Backend/parsers/community/armis_armis_logs-latest/armis_armis_logs.json similarity index 100% rename from parsers/community/armis_armis_logs-latest/armis_armis_logs.json rename to Backend/parsers/community/armis_armis_logs-latest/armis_armis_logs.json diff --git a/parsers/community/armis_armis_logs-latest/metadata.yaml b/Backend/parsers/community/armis_armis_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/armis_armis_logs-latest/metadata.yaml rename to Backend/parsers/community/armis_armis_logs-latest/metadata.yaml diff --git a/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.json b/Backend/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.json similarity index 100% rename from parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.json rename to Backend/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.json diff --git a/parsers/community/aruba_clearpass_logs-latest/metadata.yaml b/Backend/parsers/community/aruba_clearpass_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/aruba_clearpass_logs-latest/metadata.yaml rename to Backend/parsers/community/aruba_clearpass_logs-latest/metadata.yaml diff --git a/parsers/community/aws_cloudtrail-latest/aws_cloudtrail.json b/Backend/parsers/community/aws_cloudtrail-latest/aws_cloudtrail.json similarity index 100% rename from parsers/community/aws_cloudtrail-latest/aws_cloudtrail.json rename to Backend/parsers/community/aws_cloudtrail-latest/aws_cloudtrail.json diff --git a/parsers/community/aws_cloudtrail-latest/metadata.yaml b/Backend/parsers/community/aws_cloudtrail-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_cloudtrail-latest/metadata.yaml rename to Backend/parsers/community/aws_cloudtrail-latest/metadata.yaml diff --git a/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.json b/Backend/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.json similarity index 100% rename from parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.json rename to Backend/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.json diff --git a/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml b/Backend/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml rename to Backend/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml diff --git a/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.json b/Backend/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.json similarity index 100% rename from parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.json rename to Backend/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.json diff --git a/parsers/community/aws_guardduty_logs-latest/metadata.yaml b/Backend/parsers/community/aws_guardduty_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_guardduty_logs-latest/metadata.yaml rename to Backend/parsers/community/aws_guardduty_logs-latest/metadata.yaml diff --git a/parsers/community/aws_route53-latest/aws_route53.json b/Backend/parsers/community/aws_route53-latest/aws_route53.json similarity index 100% rename from parsers/community/aws_route53-latest/aws_route53.json rename to Backend/parsers/community/aws_route53-latest/aws_route53.json diff --git a/parsers/community/aws_route53-latest/metadata.yaml b/Backend/parsers/community/aws_route53-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_route53-latest/metadata.yaml rename to Backend/parsers/community/aws_route53-latest/metadata.yaml diff --git a/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.json b/Backend/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.json similarity index 100% rename from parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.json rename to Backend/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.json diff --git a/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml b/Backend/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_vpc_dns_logs-latest/metadata.yaml rename to Backend/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml diff --git a/parsers/community/aws_vpcflow_logs-latest/aws_vpcflow_logs.json b/Backend/parsers/community/aws_vpcflow_logs-latest/aws_vpcflow_logs.json similarity index 100% rename from parsers/community/aws_vpcflow_logs-latest/aws_vpcflow_logs.json rename to Backend/parsers/community/aws_vpcflow_logs-latest/aws_vpcflow_logs.json diff --git a/parsers/community/aws_vpcflow_logs-latest/metadata.yaml b/Backend/parsers/community/aws_vpcflow_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_vpcflow_logs-latest/metadata.yaml rename to Backend/parsers/community/aws_vpcflow_logs-latest/metadata.yaml diff --git a/parsers/community/aws_vpcflowlogs-latest/aws_vpcflowlogs.json b/Backend/parsers/community/aws_vpcflowlogs-latest/aws_vpcflowlogs.json similarity index 100% rename from parsers/community/aws_vpcflowlogs-latest/aws_vpcflowlogs.json rename to Backend/parsers/community/aws_vpcflowlogs-latest/aws_vpcflowlogs.json diff --git a/parsers/community/aws_vpcflowlogs-latest/metadata.yaml b/Backend/parsers/community/aws_vpcflowlogs-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_vpcflowlogs-latest/metadata.yaml rename to Backend/parsers/community/aws_vpcflowlogs-latest/metadata.yaml diff --git a/parsers/community/aws_waf-latest/aws_waf.json b/Backend/parsers/community/aws_waf-latest/aws_waf.json similarity index 100% rename from parsers/community/aws_waf-latest/aws_waf.json rename to Backend/parsers/community/aws_waf-latest/aws_waf.json diff --git a/parsers/community/aws_waf-latest/metadata.yaml b/Backend/parsers/community/aws_waf-latest/metadata.yaml similarity index 100% rename from parsers/community/aws_waf-latest/metadata.yaml rename to Backend/parsers/community/aws_waf-latest/metadata.yaml diff --git a/parsers/community/axway_sftp-latest/axway_sftp.json b/Backend/parsers/community/axway_sftp-latest/axway_sftp.json similarity index 100% rename from parsers/community/axway_sftp-latest/axway_sftp.json rename to Backend/parsers/community/axway_sftp-latest/axway_sftp.json diff --git a/parsers/community/axway_sftp-latest/metadata.yaml b/Backend/parsers/community/axway_sftp-latest/metadata.yaml similarity index 100% rename from parsers/community/axway_sftp-latest/metadata.yaml rename to Backend/parsers/community/axway_sftp-latest/metadata.yaml diff --git a/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.json b/Backend/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.json similarity index 100% rename from parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.json rename to Backend/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.json diff --git a/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml b/Backend/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml rename to Backend/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml diff --git a/parsers/community/beyondtrust_privilegemgmt_windows-latest/beyondtrust_privilegemgmt_windows.json b/Backend/parsers/community/beyondtrust_privilegemgmt_windows-latest/beyondtrust_privilegemgmt_windows.json similarity index 100% rename from parsers/community/beyondtrust_privilegemgmt_windows-latest/beyondtrust_privilegemgmt_windows.json rename to Backend/parsers/community/beyondtrust_privilegemgmt_windows-latest/beyondtrust_privilegemgmt_windows.json diff --git a/parsers/community/beyondtrust_privilegemgmt_windows-latest/metadata.yaml b/Backend/parsers/community/beyondtrust_privilegemgmt_windows-latest/metadata.yaml similarity index 100% rename from parsers/community/beyondtrust_privilegemgmt_windows-latest/metadata.yaml rename to Backend/parsers/community/beyondtrust_privilegemgmt_windows-latest/metadata.yaml diff --git a/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.json b/Backend/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.json similarity index 100% rename from parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.json rename to Backend/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.json diff --git a/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml b/Backend/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml rename to Backend/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml diff --git a/parsers/community/buildkite_ci_logs-latest/buildkite.json b/Backend/parsers/community/buildkite_ci_logs-latest/buildkite.json similarity index 100% rename from parsers/community/buildkite_ci_logs-latest/buildkite.json rename to Backend/parsers/community/buildkite_ci_logs-latest/buildkite.json diff --git a/parsers/community/buildkite_ci_logs-latest/metadata.yaml b/Backend/parsers/community/buildkite_ci_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/buildkite_ci_logs-latest/metadata.yaml rename to Backend/parsers/community/buildkite_ci_logs-latest/metadata.yaml diff --git a/parsers/community/checkpoint_checkpoint_logs-latest/checkpoint_checkpoint_logs.json b/Backend/parsers/community/checkpoint_checkpoint_logs-latest/checkpoint_checkpoint_logs.json similarity index 100% rename from parsers/community/checkpoint_checkpoint_logs-latest/checkpoint_checkpoint_logs.json rename to Backend/parsers/community/checkpoint_checkpoint_logs-latest/checkpoint_checkpoint_logs.json diff --git a/parsers/community/checkpoint_checkpoint_logs-latest/metadata.yaml b/Backend/parsers/community/checkpoint_checkpoint_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/checkpoint_checkpoint_logs-latest/metadata.yaml rename to Backend/parsers/community/checkpoint_checkpoint_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_asa-latest/cisco_asa.json b/Backend/parsers/community/cisco_asa-latest/cisco_asa.json similarity index 100% rename from parsers/community/cisco_asa-latest/cisco_asa.json rename to Backend/parsers/community/cisco_asa-latest/cisco_asa.json diff --git a/parsers/community/cisco_asa-latest/metadata.yaml b/Backend/parsers/community/cisco_asa-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_asa-latest/metadata.yaml rename to Backend/parsers/community/cisco_asa-latest/metadata.yaml diff --git a/parsers/community/cisco_duo-latest/cisco_duo.json b/Backend/parsers/community/cisco_duo-latest/cisco_duo.json similarity index 100% rename from parsers/community/cisco_duo-latest/cisco_duo.json rename to Backend/parsers/community/cisco_duo-latest/cisco_duo.json diff --git a/parsers/community/cisco_duo-latest/metadata.yaml b/Backend/parsers/community/cisco_duo-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_duo-latest/metadata.yaml rename to Backend/parsers/community/cisco_duo-latest/metadata.yaml diff --git a/parsers/community/cisco_firewall-latest/cisco_firewall.json b/Backend/parsers/community/cisco_firewall-latest/cisco_firewall.json similarity index 100% rename from parsers/community/cisco_firewall-latest/cisco_firewall.json rename to Backend/parsers/community/cisco_firewall-latest/cisco_firewall.json diff --git a/parsers/community/cisco_firewall-latest/metadata.yaml b/Backend/parsers/community/cisco_firewall-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_firewall-latest/metadata.yaml rename to Backend/parsers/community/cisco_firewall-latest/metadata.yaml diff --git a/parsers/community/cisco_firewall_threat_defense-latest/cisco_firewallthreatdefense.json b/Backend/parsers/community/cisco_firewall_threat_defense-latest/cisco_firewallthreatdefense.json similarity index 100% rename from parsers/community/cisco_firewall_threat_defense-latest/cisco_firewallthreatdefense.json rename to Backend/parsers/community/cisco_firewall_threat_defense-latest/cisco_firewallthreatdefense.json diff --git a/parsers/community/cisco_firewall_threat_defense-latest/metadata.yaml b/Backend/parsers/community/cisco_firewall_threat_defense-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_firewall_threat_defense-latest/metadata.yaml rename to Backend/parsers/community/cisco_firewall_threat_defense-latest/metadata.yaml diff --git a/parsers/community/cisco_fmc_logs-latest/cisco_fmc.json b/Backend/parsers/community/cisco_fmc_logs-latest/cisco_fmc.json similarity index 100% rename from parsers/community/cisco_fmc_logs-latest/cisco_fmc.json rename to Backend/parsers/community/cisco_fmc_logs-latest/cisco_fmc.json diff --git a/parsers/community/cisco_fmc_logs-latest/metadata.yaml b/Backend/parsers/community/cisco_fmc_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_fmc_logs-latest/metadata.yaml rename to Backend/parsers/community/cisco_fmc_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_ios_logs-latest/cisco_ios.json b/Backend/parsers/community/cisco_ios_logs-latest/cisco_ios.json similarity index 100% rename from parsers/community/cisco_ios_logs-latest/cisco_ios.json rename to Backend/parsers/community/cisco_ios_logs-latest/cisco_ios.json diff --git a/parsers/community/cisco_ios_logs-latest/metadata.yaml b/Backend/parsers/community/cisco_ios_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_ios_logs-latest/metadata.yaml rename to Backend/parsers/community/cisco_ios_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_ironport-latest/cisco_ironport.json b/Backend/parsers/community/cisco_ironport-latest/cisco_ironport.json similarity index 100% rename from parsers/community/cisco_ironport-latest/cisco_ironport.json rename to Backend/parsers/community/cisco_ironport-latest/cisco_ironport.json diff --git a/parsers/community/cisco_ironport-latest/metadata.yaml b/Backend/parsers/community/cisco_ironport-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_ironport-latest/metadata.yaml rename to Backend/parsers/community/cisco_ironport-latest/metadata.yaml diff --git a/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000.json b/Backend/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000.json similarity index 100% rename from parsers/community/cisco_isa3000_logs-latest/cisco_isa3000.json rename to Backend/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000.json diff --git a/parsers/community/cisco_isa3000_logs-latest/metadata.yaml b/Backend/parsers/community/cisco_isa3000_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_isa3000_logs-latest/metadata.yaml rename to Backend/parsers/community/cisco_isa3000_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_ise_logs-latest/cisco_ise.json b/Backend/parsers/community/cisco_ise_logs-latest/cisco_ise.json similarity index 100% rename from parsers/community/cisco_ise_logs-latest/cisco_ise.json rename to Backend/parsers/community/cisco_ise_logs-latest/cisco_ise.json diff --git a/parsers/community/cisco_ise_logs-latest/metadata.yaml b/Backend/parsers/community/cisco_ise_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_ise_logs-latest/metadata.yaml rename to Backend/parsers/community/cisco_ise_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_meraki-latest/cisco_meraki.json b/Backend/parsers/community/cisco_meraki-latest/cisco_meraki.json similarity index 100% rename from parsers/community/cisco_meraki-latest/cisco_meraki.json rename to Backend/parsers/community/cisco_meraki-latest/cisco_meraki.json diff --git a/parsers/community/cisco_meraki-latest/metadata.yaml b/Backend/parsers/community/cisco_meraki-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_meraki-latest/metadata.yaml rename to Backend/parsers/community/cisco_meraki-latest/metadata.yaml diff --git a/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow.json b/Backend/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow.json similarity index 100% rename from parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow.json rename to Backend/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow.json diff --git a/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml b/Backend/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml rename to Backend/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_networks_logs-latest/cisco_networks.json b/Backend/parsers/community/cisco_networks_logs-latest/cisco_networks.json similarity index 100% rename from parsers/community/cisco_networks_logs-latest/cisco_networks.json rename to Backend/parsers/community/cisco_networks_logs-latest/cisco_networks.json diff --git a/parsers/community/cisco_networks_logs-latest/metadata.yaml b/Backend/parsers/community/cisco_networks_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_networks_logs-latest/metadata.yaml rename to Backend/parsers/community/cisco_networks_logs-latest/metadata.yaml diff --git a/parsers/community/cisco_umbrella-latest/cisco_umbrella.json b/Backend/parsers/community/cisco_umbrella-latest/cisco_umbrella.json similarity index 100% rename from parsers/community/cisco_umbrella-latest/cisco_umbrella.json rename to Backend/parsers/community/cisco_umbrella-latest/cisco_umbrella.json diff --git a/parsers/community/cisco_umbrella-latest/metadata.yaml b/Backend/parsers/community/cisco_umbrella-latest/metadata.yaml similarity index 100% rename from parsers/community/cisco_umbrella-latest/metadata.yaml rename to Backend/parsers/community/cisco_umbrella-latest/metadata.yaml diff --git a/parsers/community/cloudflare_general_logs-latest/cloudflare.json b/Backend/parsers/community/cloudflare_general_logs-latest/cloudflare.json similarity index 100% rename from parsers/community/cloudflare_general_logs-latest/cloudflare.json rename to Backend/parsers/community/cloudflare_general_logs-latest/cloudflare.json diff --git a/parsers/community/cloudflare_general_logs-latest/metadata.yaml b/Backend/parsers/community/cloudflare_general_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cloudflare_general_logs-latest/metadata.yaml rename to Backend/parsers/community/cloudflare_general_logs-latest/metadata.yaml diff --git a/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.json b/Backend/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.json similarity index 100% rename from parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.json rename to Backend/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.json diff --git a/parsers/community/cloudflare_waf_logs-latest/metadata.yaml b/Backend/parsers/community/cloudflare_waf_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cloudflare_waf_logs-latest/metadata.yaml rename to Backend/parsers/community/cloudflare_waf_logs-latest/metadata.yaml diff --git a/parsers/community/cohesity_backup-latest/cohesity_backup.json b/Backend/parsers/community/cohesity_backup-latest/cohesity_backup.json similarity index 100% rename from parsers/community/cohesity_backup-latest/cohesity_backup.json rename to Backend/parsers/community/cohesity_backup-latest/cohesity_backup.json diff --git a/parsers/community/cohesity_backup-latest/metadata.yaml b/Backend/parsers/community/cohesity_backup-latest/metadata.yaml similarity index 100% rename from parsers/community/cohesity_backup-latest/metadata.yaml rename to Backend/parsers/community/cohesity_backup-latest/metadata.yaml diff --git a/parsers/community/corelight_conn_logs-latest/corelight_conn_logs.json b/Backend/parsers/community/corelight_conn_logs-latest/corelight_conn_logs.json similarity index 99% rename from parsers/community/corelight_conn_logs-latest/corelight_conn_logs.json rename to Backend/parsers/community/corelight_conn_logs-latest/corelight_conn_logs.json index 7617a58..e5530fa 100644 --- a/parsers/community/corelight_conn_logs-latest/corelight_conn_logs.json +++ b/Backend/parsers/community/corelight_conn_logs-latest/corelight_conn_logs.json @@ -237,7 +237,7 @@ replace: "$0" }, { input: "resp_l2_addr", - output: "dst_endpiont.mac", + output: "dst_endpoint.mac", match: ".*", replace: "$0" }, { @@ -254,4 +254,4 @@ ] } ] - } \ No newline at end of file + } diff --git a/parsers/community/corelight_conn_logs-latest/metadata.yaml b/Backend/parsers/community/corelight_conn_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/corelight_conn_logs-latest/metadata.yaml rename to Backend/parsers/community/corelight_conn_logs-latest/metadata.yaml diff --git a/parsers/community/corelight_http_logs-latest/corelight_http_logs.json b/Backend/parsers/community/corelight_http_logs-latest/corelight_http_logs.json similarity index 100% rename from parsers/community/corelight_http_logs-latest/corelight_http_logs.json rename to Backend/parsers/community/corelight_http_logs-latest/corelight_http_logs.json diff --git a/parsers/community/corelight_http_logs-latest/metadata.yaml b/Backend/parsers/community/corelight_http_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/corelight_http_logs-latest/metadata.yaml rename to Backend/parsers/community/corelight_http_logs-latest/metadata.yaml diff --git a/parsers/community/corelight_ssl_logs-latest/corelight_ssl_logs.json b/Backend/parsers/community/corelight_ssl_logs-latest/corelight_ssl_logs.json similarity index 100% rename from parsers/community/corelight_ssl_logs-latest/corelight_ssl_logs.json rename to Backend/parsers/community/corelight_ssl_logs-latest/corelight_ssl_logs.json diff --git a/parsers/community/corelight_ssl_logs-latest/metadata.yaml b/Backend/parsers/community/corelight_ssl_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/corelight_ssl_logs-latest/metadata.yaml rename to Backend/parsers/community/corelight_ssl_logs-latest/metadata.yaml diff --git a/parsers/community/corelight_tunnel_logs-latest/corelight_tunnel_logs.json b/Backend/parsers/community/corelight_tunnel_logs-latest/corelight_tunnel_logs.json similarity index 100% rename from parsers/community/corelight_tunnel_logs-latest/corelight_tunnel_logs.json rename to Backend/parsers/community/corelight_tunnel_logs-latest/corelight_tunnel_logs.json diff --git a/parsers/community/corelight_tunnel_logs-latest/metadata.yaml b/Backend/parsers/community/corelight_tunnel_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/corelight_tunnel_logs-latest/metadata.yaml rename to Backend/parsers/community/corelight_tunnel_logs-latest/metadata.yaml diff --git a/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.json b/Backend/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.json similarity index 100% rename from parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.json rename to Backend/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.json diff --git a/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint_broken.json b/Backend/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint_broken.json similarity index 100% rename from parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint_broken.json rename to Backend/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint_broken.json diff --git a/parsers/community/crowdstrike_endpoint-latest/metadata.yaml b/Backend/parsers/community/crowdstrike_endpoint-latest/metadata.yaml similarity index 100% rename from parsers/community/crowdstrike_endpoint-latest/metadata.yaml rename to Backend/parsers/community/crowdstrike_endpoint-latest/metadata.yaml diff --git a/parsers/community/crowdstrike_falcon-latest/crowdstrike_falcon.json b/Backend/parsers/community/crowdstrike_falcon-latest/crowdstrike_falcon.json similarity index 100% rename from parsers/community/crowdstrike_falcon-latest/crowdstrike_falcon.json rename to Backend/parsers/community/crowdstrike_falcon-latest/crowdstrike_falcon.json diff --git a/parsers/community/crowdstrike_falcon-latest/metadata.yaml b/Backend/parsers/community/crowdstrike_falcon-latest/metadata.yaml similarity index 100% rename from parsers/community/crowdstrike_falcon-latest/metadata.yaml rename to Backend/parsers/community/crowdstrike_falcon-latest/metadata.yaml diff --git a/parsers/community/cyberark_conjur-latest/cyberark_conjur.json b/Backend/parsers/community/cyberark_conjur-latest/cyberark_conjur.json similarity index 100% rename from parsers/community/cyberark_conjur-latest/cyberark_conjur.json rename to Backend/parsers/community/cyberark_conjur-latest/cyberark_conjur.json diff --git a/parsers/community/cyberark_conjur-latest/metadata.yaml b/Backend/parsers/community/cyberark_conjur-latest/metadata.yaml similarity index 100% rename from parsers/community/cyberark_conjur-latest/metadata.yaml rename to Backend/parsers/community/cyberark_conjur-latest/metadata.yaml diff --git a/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.json b/Backend/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.json similarity index 100% rename from parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.json rename to Backend/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.json diff --git a/parsers/community/cyberark_pas_logs-latest/metadata.yaml b/Backend/parsers/community/cyberark_pas_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/cyberark_pas_logs-latest/metadata.yaml rename to Backend/parsers/community/cyberark_pas_logs-latest/metadata.yaml diff --git a/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.json b/Backend/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.json similarity index 100% rename from parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.json rename to Backend/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.json diff --git a/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml b/Backend/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/darktrace_darktrace_logs-latest/metadata.yaml rename to Backend/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml diff --git a/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.json b/Backend/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.json similarity index 100% rename from parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.json rename to Backend/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.json diff --git a/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml b/Backend/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/extrahop_extrahop_logs-latest/metadata.yaml rename to Backend/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml diff --git a/parsers/community/extreme_networks_logs-latest/extreme_networks.json b/Backend/parsers/community/extreme_networks_logs-latest/extreme_networks.json similarity index 100% rename from parsers/community/extreme_networks_logs-latest/extreme_networks.json rename to Backend/parsers/community/extreme_networks_logs-latest/extreme_networks.json diff --git a/parsers/community/extreme_networks_logs-latest/metadata.yaml b/Backend/parsers/community/extreme_networks_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/extreme_networks_logs-latest/metadata.yaml rename to Backend/parsers/community/extreme_networks_logs-latest/metadata.yaml diff --git a/parsers/community/f5_networks_logs-latest/f5_networks.json b/Backend/parsers/community/f5_networks_logs-latest/f5_networks.json similarity index 100% rename from parsers/community/f5_networks_logs-latest/f5_networks.json rename to Backend/parsers/community/f5_networks_logs-latest/f5_networks.json diff --git a/parsers/community/f5_networks_logs-latest/f5_networks_backup.json b/Backend/parsers/community/f5_networks_logs-latest/f5_networks_backup.json similarity index 100% rename from parsers/community/f5_networks_logs-latest/f5_networks_backup.json rename to Backend/parsers/community/f5_networks_logs-latest/f5_networks_backup.json diff --git a/parsers/community/f5_networks_logs-latest/f5_networks_complex.json b/Backend/parsers/community/f5_networks_logs-latest/f5_networks_complex.json similarity index 100% rename from parsers/community/f5_networks_logs-latest/f5_networks_complex.json rename to Backend/parsers/community/f5_networks_logs-latest/f5_networks_complex.json diff --git a/parsers/community/f5_networks_logs-latest/metadata.yaml b/Backend/parsers/community/f5_networks_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/f5_networks_logs-latest/metadata.yaml rename to Backend/parsers/community/f5_networks_logs-latest/metadata.yaml diff --git a/parsers/community/f5_vpn-latest/f5_vpn.json b/Backend/parsers/community/f5_vpn-latest/f5_vpn.json similarity index 100% rename from parsers/community/f5_vpn-latest/f5_vpn.json rename to Backend/parsers/community/f5_vpn-latest/f5_vpn.json diff --git a/parsers/community/f5_vpn-latest/metadata.yaml b/Backend/parsers/community/f5_vpn-latest/metadata.yaml similarity index 100% rename from parsers/community/f5_vpn-latest/metadata.yaml rename to Backend/parsers/community/f5_vpn-latest/metadata.yaml diff --git a/parsers/community/forcepoint_firewall-latest/forcepoint_firewall.json b/Backend/parsers/community/forcepoint_firewall-latest/forcepoint_firewall.json similarity index 100% rename from parsers/community/forcepoint_firewall-latest/forcepoint_firewall.json rename to Backend/parsers/community/forcepoint_firewall-latest/forcepoint_firewall.json diff --git a/parsers/community/forcepoint_firewall-latest/metadata.yaml b/Backend/parsers/community/forcepoint_firewall-latest/metadata.yaml similarity index 100% rename from parsers/community/forcepoint_firewall-latest/metadata.yaml rename to Backend/parsers/community/forcepoint_firewall-latest/metadata.yaml diff --git a/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.json b/Backend/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.json similarity index 100% rename from parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.json rename to Backend/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.json diff --git a/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml b/Backend/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml rename to Backend/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml diff --git a/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml b/Backend/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml rename to Backend/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml diff --git a/parsers/community/fortinet_fortigate_fortimanager_logs-latest/fortinet_fortigate_fortimanager_logs.json b/Backend/parsers/community/fortinet_fortigate_fortimanager_logs-latest/fortinet_fortigate_fortimanager_logs.json similarity index 100% rename from parsers/community/fortinet_fortigate_fortimanager_logs-latest/fortinet_fortigate_fortimanager_logs.json rename to Backend/parsers/community/fortinet_fortigate_fortimanager_logs-latest/fortinet_fortigate_fortimanager_logs.json diff --git a/parsers/community/fortinet_fortigate_fortimanager_logs-latest/metadata.yaml b/Backend/parsers/community/fortinet_fortigate_fortimanager_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/fortinet_fortigate_fortimanager_logs-latest/metadata.yaml rename to Backend/parsers/community/fortinet_fortigate_fortimanager_logs-latest/metadata.yaml diff --git a/parsers/community/github_audit-latest/github_audit.json b/Backend/parsers/community/github_audit-latest/github_audit.json similarity index 100% rename from parsers/community/github_audit-latest/github_audit.json rename to Backend/parsers/community/github_audit-latest/github_audit.json diff --git a/parsers/community/github_audit-latest/metadata.yaml b/Backend/parsers/community/github_audit-latest/metadata.yaml similarity index 100% rename from parsers/community/github_audit-latest/metadata.yaml rename to Backend/parsers/community/github_audit-latest/metadata.yaml diff --git a/parsers/community/google_cloud_dns_logs-latest/gcp_dns.json b/Backend/parsers/community/google_cloud_dns_logs-latest/gcp_dns.json similarity index 100% rename from parsers/community/google_cloud_dns_logs-latest/gcp_dns.json rename to Backend/parsers/community/google_cloud_dns_logs-latest/gcp_dns.json diff --git a/parsers/community/google_cloud_dns_logs-latest/metadata.yaml b/Backend/parsers/community/google_cloud_dns_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/google_cloud_dns_logs-latest/metadata.yaml rename to Backend/parsers/community/google_cloud_dns_logs-latest/metadata.yaml diff --git a/parsers/community/google_workspace_logs-latest/google_workspace.json b/Backend/parsers/community/google_workspace_logs-latest/google_workspace.json similarity index 100% rename from parsers/community/google_workspace_logs-latest/google_workspace.json rename to Backend/parsers/community/google_workspace_logs-latest/google_workspace.json diff --git a/parsers/community/google_workspace_logs-latest/metadata.yaml b/Backend/parsers/community/google_workspace_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/google_workspace_logs-latest/metadata.yaml rename to Backend/parsers/community/google_workspace_logs-latest/metadata.yaml diff --git a/parsers/community/harness_ci-latest/harness_ci.json b/Backend/parsers/community/harness_ci-latest/harness_ci.json similarity index 100% rename from parsers/community/harness_ci-latest/harness_ci.json rename to Backend/parsers/community/harness_ci-latest/harness_ci.json diff --git a/parsers/community/harness_ci-latest/metadata.yaml b/Backend/parsers/community/harness_ci-latest/metadata.yaml similarity index 100% rename from parsers/community/harness_ci-latest/metadata.yaml rename to Backend/parsers/community/harness_ci-latest/metadata.yaml diff --git a/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.json b/Backend/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.json similarity index 100% rename from parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.json rename to Backend/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.json diff --git a/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml b/Backend/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml rename to Backend/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml diff --git a/parsers/community/hashicorp_vault-latest/hashicorp_vault.json b/Backend/parsers/community/hashicorp_vault-latest/hashicorp_vault.json similarity index 100% rename from parsers/community/hashicorp_vault-latest/hashicorp_vault.json rename to Backend/parsers/community/hashicorp_vault-latest/hashicorp_vault.json diff --git a/parsers/community/hashicorp_vault-latest/metadata.yaml b/Backend/parsers/community/hashicorp_vault-latest/metadata.yaml similarity index 100% rename from parsers/community/hashicorp_vault-latest/metadata.yaml rename to Backend/parsers/community/hashicorp_vault-latest/metadata.yaml diff --git a/parsers/community/hypr_auth-latest/hypr_auth.json b/Backend/parsers/community/hypr_auth-latest/hypr_auth.json similarity index 100% rename from parsers/community/hypr_auth-latest/hypr_auth.json rename to Backend/parsers/community/hypr_auth-latest/hypr_auth.json diff --git a/parsers/community/hypr_auth-latest/metadata.yaml b/Backend/parsers/community/hypr_auth-latest/metadata.yaml similarity index 100% rename from parsers/community/hypr_auth-latest/metadata.yaml rename to Backend/parsers/community/hypr_auth-latest/metadata.yaml diff --git a/parsers/community/iis_w3c-latest/iis_w3c.json b/Backend/parsers/community/iis_w3c-latest/iis_w3c.json similarity index 100% rename from parsers/community/iis_w3c-latest/iis_w3c.json rename to Backend/parsers/community/iis_w3c-latest/iis_w3c.json diff --git a/parsers/community/iis_w3c-latest/metadata.yaml b/Backend/parsers/community/iis_w3c-latest/metadata.yaml similarity index 100% rename from parsers/community/iis_w3c-latest/metadata.yaml rename to Backend/parsers/community/iis_w3c-latest/metadata.yaml diff --git a/parsers/community/imperva_sonar-latest/imperva_sonar.json b/Backend/parsers/community/imperva_sonar-latest/imperva_sonar.json similarity index 100% rename from parsers/community/imperva_sonar-latest/imperva_sonar.json rename to Backend/parsers/community/imperva_sonar-latest/imperva_sonar.json diff --git a/parsers/community/imperva_sonar-latest/metadata.yaml b/Backend/parsers/community/imperva_sonar-latest/metadata.yaml similarity index 100% rename from parsers/community/imperva_sonar-latest/metadata.yaml rename to Backend/parsers/community/imperva_sonar-latest/metadata.yaml diff --git a/parsers/community/imperva_waf_logs-latest/Imperva_waf.json b/Backend/parsers/community/imperva_waf_logs-latest/Imperva_waf.json similarity index 100% rename from parsers/community/imperva_waf_logs-latest/Imperva_waf.json rename to Backend/parsers/community/imperva_waf_logs-latest/Imperva_waf.json diff --git a/parsers/community/imperva_waf_logs-latest/metadata.yaml b/Backend/parsers/community/imperva_waf_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/imperva_waf_logs-latest/metadata.yaml rename to Backend/parsers/community/imperva_waf_logs-latest/metadata.yaml diff --git a/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.json b/Backend/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.json similarity index 100% rename from parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.json rename to Backend/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.json diff --git a/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml b/Backend/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/incapsula_incapsula_logs-latest/metadata.yaml rename to Backend/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml diff --git a/parsers/community/infoblox_ddi-latest/infoblox_ddi.json b/Backend/parsers/community/infoblox_ddi-latest/infoblox_ddi.json similarity index 100% rename from parsers/community/infoblox_ddi-latest/infoblox_ddi.json rename to Backend/parsers/community/infoblox_ddi-latest/infoblox_ddi.json diff --git a/parsers/community/infoblox_ddi-latest/metadata.yaml b/Backend/parsers/community/infoblox_ddi-latest/metadata.yaml similarity index 100% rename from parsers/community/infoblox_ddi-latest/metadata.yaml rename to Backend/parsers/community/infoblox_ddi-latest/metadata.yaml diff --git a/parsers/community/isc_bind-latest/isc_bind.json b/Backend/parsers/community/isc_bind-latest/isc_bind.json similarity index 100% rename from parsers/community/isc_bind-latest/isc_bind.json rename to Backend/parsers/community/isc_bind-latest/isc_bind.json diff --git a/parsers/community/isc_bind-latest/metadata.yaml b/Backend/parsers/community/isc_bind-latest/metadata.yaml similarity index 100% rename from parsers/community/isc_bind-latest/metadata.yaml rename to Backend/parsers/community/isc_bind-latest/metadata.yaml diff --git a/parsers/community/isc_dhcp-latest/isc_dhcp.json b/Backend/parsers/community/isc_dhcp-latest/isc_dhcp.json similarity index 100% rename from parsers/community/isc_dhcp-latest/isc_dhcp.json rename to Backend/parsers/community/isc_dhcp-latest/isc_dhcp.json diff --git a/parsers/community/isc_dhcp-latest/metadata.yaml b/Backend/parsers/community/isc_dhcp-latest/metadata.yaml similarity index 100% rename from parsers/community/isc_dhcp-latest/metadata.yaml rename to Backend/parsers/community/isc_dhcp-latest/metadata.yaml diff --git a/parsers/community/jamf_protect-latest/jamf_protect.json b/Backend/parsers/community/jamf_protect-latest/jamf_protect.json similarity index 100% rename from parsers/community/jamf_protect-latest/jamf_protect.json rename to Backend/parsers/community/jamf_protect-latest/jamf_protect.json diff --git a/parsers/community/jamf_protect-latest/metadata.yaml b/Backend/parsers/community/jamf_protect-latest/metadata.yaml similarity index 100% rename from parsers/community/jamf_protect-latest/metadata.yaml rename to Backend/parsers/community/jamf_protect-latest/metadata.yaml diff --git a/parsers/community/juniper_networks_logs-latest/juniper_networks.json b/Backend/parsers/community/juniper_networks_logs-latest/juniper_networks.json similarity index 100% rename from parsers/community/juniper_networks_logs-latest/juniper_networks.json rename to Backend/parsers/community/juniper_networks_logs-latest/juniper_networks.json diff --git a/parsers/community/juniper_networks_logs-latest/metadata.yaml b/Backend/parsers/community/juniper_networks_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/juniper_networks_logs-latest/metadata.yaml rename to Backend/parsers/community/juniper_networks_logs-latest/metadata.yaml diff --git a/parsers/community/linux_auth-latest/linux_auth.json b/Backend/parsers/community/linux_auth-latest/linux_auth.json similarity index 100% rename from parsers/community/linux_auth-latest/linux_auth.json rename to Backend/parsers/community/linux_auth-latest/linux_auth.json diff --git a/parsers/community/linux_auth-latest/metadata.yaml b/Backend/parsers/community/linux_auth-latest/metadata.yaml similarity index 100% rename from parsers/community/linux_auth-latest/metadata.yaml rename to Backend/parsers/community/linux_auth-latest/metadata.yaml diff --git a/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.json b/Backend/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.json similarity index 100% rename from parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.json rename to Backend/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.json diff --git a/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml b/Backend/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml similarity index 100% rename from parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml rename to Backend/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml diff --git a/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.json b/Backend/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.json similarity index 100% rename from parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.json rename to Backend/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.json diff --git a/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml b/Backend/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml rename to Backend/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml diff --git a/parsers/community/manageengine_general_logs-latest/manageengine_general.json b/Backend/parsers/community/manageengine_general_logs-latest/manageengine_general.json similarity index 100% rename from parsers/community/manageengine_general_logs-latest/manageengine_general.json rename to Backend/parsers/community/manageengine_general_logs-latest/manageengine_general.json diff --git a/parsers/community/manageengine_general_logs-latest/metadata.yaml b/Backend/parsers/community/manageengine_general_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/manageengine_general_logs-latest/metadata.yaml rename to Backend/parsers/community/manageengine_general_logs-latest/metadata.yaml diff --git a/parsers/community/manch_siem_logs-latest/manch_siem.json b/Backend/parsers/community/manch_siem_logs-latest/manch_siem.json similarity index 100% rename from parsers/community/manch_siem_logs-latest/manch_siem.json rename to Backend/parsers/community/manch_siem_logs-latest/manch_siem.json diff --git a/parsers/community/manch_siem_logs-latest/metadata.yaml b/Backend/parsers/community/manch_siem_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/manch_siem_logs-latest/metadata.yaml rename to Backend/parsers/community/manch_siem_logs-latest/metadata.yaml diff --git a/parsers/community/microsoft_365_collaboration-latest/metadata.yaml b/Backend/parsers/community/microsoft_365_collaboration-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_365_collaboration-latest/metadata.yaml rename to Backend/parsers/community/microsoft_365_collaboration-latest/metadata.yaml diff --git a/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.json b/Backend/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.json similarity index 100% rename from parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.json rename to Backend/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.json diff --git a/parsers/community/microsoft_365_defender-latest/metadata.yaml b/Backend/parsers/community/microsoft_365_defender-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_365_defender-latest/metadata.yaml rename to Backend/parsers/community/microsoft_365_defender-latest/metadata.yaml diff --git a/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.json b/Backend/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.json similarity index 100% rename from parsers/community/microsoft_365_defender-latest/microsoft_365_defender.json rename to Backend/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.json diff --git a/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml b/Backend/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml rename to Backend/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml diff --git a/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.json b/Backend/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.json similarity index 100% rename from parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.json rename to Backend/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.json diff --git a/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml b/Backend/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml rename to Backend/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml diff --git a/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.json b/Backend/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.json similarity index 100% rename from parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.json rename to Backend/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.json diff --git a/parsers/community/microsoft_azure_ad_signin-latest/metadata.yaml b/Backend/parsers/community/microsoft_azure_ad_signin-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_azure_ad_signin-latest/metadata.yaml rename to Backend/parsers/community/microsoft_azure_ad_signin-latest/metadata.yaml diff --git a/parsers/community/microsoft_azure_ad_signin-latest/microsoft_azure_ad_signin.json b/Backend/parsers/community/microsoft_azure_ad_signin-latest/microsoft_azure_ad_signin.json similarity index 100% rename from parsers/community/microsoft_azure_ad_signin-latest/microsoft_azure_ad_signin.json rename to Backend/parsers/community/microsoft_azure_ad_signin-latest/microsoft_azure_ad_signin.json diff --git a/parsers/community/microsoft_azuread-latest/metadata.yaml b/Backend/parsers/community/microsoft_azuread-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_azuread-latest/metadata.yaml rename to Backend/parsers/community/microsoft_azuread-latest/metadata.yaml diff --git a/parsers/community/microsoft_azuread-latest/microsoft_azuread.json b/Backend/parsers/community/microsoft_azuread-latest/microsoft_azuread.json similarity index 100% rename from parsers/community/microsoft_azuread-latest/microsoft_azuread.json rename to Backend/parsers/community/microsoft_azuread-latest/microsoft_azuread.json diff --git a/parsers/community/microsoft_defender_email-latest/metadata.yaml b/Backend/parsers/community/microsoft_defender_email-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_defender_email-latest/metadata.yaml rename to Backend/parsers/community/microsoft_defender_email-latest/metadata.yaml diff --git a/parsers/community/microsoft_defender_email-latest/microsoft_defender_email.json b/Backend/parsers/community/microsoft_defender_email-latest/microsoft_defender_email.json similarity index 100% rename from parsers/community/microsoft_defender_email-latest/microsoft_defender_email.json rename to Backend/parsers/community/microsoft_defender_email-latest/microsoft_defender_email.json diff --git a/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml b/Backend/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml rename to Backend/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml diff --git a/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.json b/Backend/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.json similarity index 100% rename from parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.json rename to Backend/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.json diff --git a/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml b/Backend/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml rename to Backend/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml diff --git a/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.json b/Backend/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.json similarity index 100% rename from parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.json rename to Backend/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.json diff --git a/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml b/Backend/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml rename to Backend/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml diff --git a/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.json b/Backend/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.json similarity index 100% rename from parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.json rename to Backend/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.json diff --git a/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 b/Backend/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 similarity index 100% rename from parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 rename to Backend/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 diff --git a/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 b/Backend/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 similarity index 100% rename from parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 rename to Backend/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 diff --git a/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 b/Backend/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 similarity index 100% rename from parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 rename to Backend/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 diff --git a/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 b/Backend/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 similarity index 100% rename from parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 rename to Backend/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 diff --git a/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 b/Backend/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 similarity index 100% rename from parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 rename to Backend/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 diff --git a/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml b/Backend/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml similarity index 100% rename from parsers/community/microsoft_windows_eventlog-latest/metadata.yaml rename to Backend/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml diff --git a/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml b/Backend/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/mimecast_mimecast_logs-latest/metadata.yaml rename to Backend/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml diff --git a/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.json b/Backend/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.json similarity index 100% rename from parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.json rename to Backend/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.json diff --git a/parsers/community/netskope_logshipper_logs-latest/metadata.yaml b/Backend/parsers/community/netskope_logshipper_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/netskope_logshipper_logs-latest/metadata.yaml rename to Backend/parsers/community/netskope_logshipper_logs-latest/metadata.yaml diff --git a/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.json b/Backend/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.json similarity index 100% rename from parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.json rename to Backend/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.json diff --git a/parsers/community/netskope_netskope_logs-latest/metadata.yaml b/Backend/parsers/community/netskope_netskope_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/netskope_netskope_logs-latest/metadata.yaml rename to Backend/parsers/community/netskope_netskope_logs-latest/metadata.yaml diff --git a/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.json b/Backend/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.json similarity index 100% rename from parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.json rename to Backend/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.json diff --git a/parsers/community/okta_authentication-latest/metadata.yaml b/Backend/parsers/community/okta_authentication-latest/metadata.yaml similarity index 100% rename from parsers/community/okta_authentication-latest/metadata.yaml rename to Backend/parsers/community/okta_authentication-latest/metadata.yaml diff --git a/parsers/community/okta_authentication-latest/okta_authentication.json b/Backend/parsers/community/okta_authentication-latest/okta_authentication.json similarity index 100% rename from parsers/community/okta_authentication-latest/okta_authentication.json rename to Backend/parsers/community/okta_authentication-latest/okta_authentication.json diff --git a/parsers/community/okta_ocsf_logs-latest/metadata.yaml b/Backend/parsers/community/okta_ocsf_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/okta_ocsf_logs-latest/metadata.yaml rename to Backend/parsers/community/okta_ocsf_logs-latest/metadata.yaml diff --git a/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.json b/Backend/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.json similarity index 100% rename from parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.json rename to Backend/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.json diff --git a/parsers/community/paloalto_alternate_logs-latest/metadata.yaml b/Backend/parsers/community/paloalto_alternate_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/paloalto_alternate_logs-latest/metadata.yaml rename to Backend/parsers/community/paloalto_alternate_logs-latest/metadata.yaml diff --git a/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.json b/Backend/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.json similarity index 100% rename from parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.json rename to Backend/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.json diff --git a/parsers/community/paloalto_firewall-latest/metadata.yaml b/Backend/parsers/community/paloalto_firewall-latest/metadata.yaml similarity index 100% rename from parsers/community/paloalto_firewall-latest/metadata.yaml rename to Backend/parsers/community/paloalto_firewall-latest/metadata.yaml diff --git a/parsers/community/paloalto_firewall-latest/paloalto_firewall.json b/Backend/parsers/community/paloalto_firewall-latest/paloalto_firewall.json similarity index 100% rename from parsers/community/paloalto_firewall-latest/paloalto_firewall.json rename to Backend/parsers/community/paloalto_firewall-latest/paloalto_firewall.json diff --git a/parsers/community/paloalto_paloalto_logs-latest/metadata.yaml b/Backend/parsers/community/paloalto_paloalto_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/paloalto_paloalto_logs-latest/metadata.yaml rename to Backend/parsers/community/paloalto_paloalto_logs-latest/metadata.yaml diff --git a/parsers/community/paloalto_paloalto_logs-latest/paloalto_paloalto.json b/Backend/parsers/community/paloalto_paloalto_logs-latest/paloalto_paloalto.json similarity index 100% rename from parsers/community/paloalto_paloalto_logs-latest/paloalto_paloalto.json rename to Backend/parsers/community/paloalto_paloalto_logs-latest/paloalto_paloalto.json diff --git a/parsers/community/paloalto_prismasase_logs-latest/metadata.yaml b/Backend/parsers/community/paloalto_prismasase_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/paloalto_prismasase_logs-latest/metadata.yaml rename to Backend/parsers/community/paloalto_prismasase_logs-latest/metadata.yaml diff --git a/parsers/community/paloalto_prismasase_logs-latest/paloalto_prismasase_logs.json b/Backend/parsers/community/paloalto_prismasase_logs-latest/paloalto_prismasase_logs.json similarity index 100% rename from parsers/community/paloalto_prismasase_logs-latest/paloalto_prismasase_logs.json rename to Backend/parsers/community/paloalto_prismasase_logs-latest/paloalto_prismasase_logs.json diff --git a/parsers/community/pingfederate-latest/metadata.yaml b/Backend/parsers/community/pingfederate-latest/metadata.yaml similarity index 100% rename from parsers/community/pingfederate-latest/metadata.yaml rename to Backend/parsers/community/pingfederate-latest/metadata.yaml diff --git a/parsers/community/pingfederate-latest/pingfederate.json b/Backend/parsers/community/pingfederate-latest/pingfederate.json similarity index 100% rename from parsers/community/pingfederate-latest/pingfederate.json rename to Backend/parsers/community/pingfederate-latest/pingfederate.json diff --git a/parsers/community/pingone_mfa-latest/metadata.yaml b/Backend/parsers/community/pingone_mfa-latest/metadata.yaml similarity index 100% rename from parsers/community/pingone_mfa-latest/metadata.yaml rename to Backend/parsers/community/pingone_mfa-latest/metadata.yaml diff --git a/parsers/community/pingone_mfa-latest/pingone_mfa.json b/Backend/parsers/community/pingone_mfa-latest/pingone_mfa.json similarity index 100% rename from parsers/community/pingone_mfa-latest/pingone_mfa.json rename to Backend/parsers/community/pingone_mfa-latest/pingone_mfa.json diff --git a/parsers/community/pingprotect-latest/metadata.yaml b/Backend/parsers/community/pingprotect-latest/metadata.yaml similarity index 100% rename from parsers/community/pingprotect-latest/metadata.yaml rename to Backend/parsers/community/pingprotect-latest/metadata.yaml diff --git a/parsers/community/pingprotect-latest/pingprotect.json b/Backend/parsers/community/pingprotect-latest/pingprotect.json similarity index 100% rename from parsers/community/pingprotect-latest/pingprotect.json rename to Backend/parsers/community/pingprotect-latest/pingprotect.json diff --git a/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml b/Backend/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml rename to Backend/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml diff --git a/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.json b/Backend/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.json similarity index 100% rename from parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.json rename to Backend/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.json diff --git a/parsers/community/rsa_adaptive-latest/metadata.yaml b/Backend/parsers/community/rsa_adaptive-latest/metadata.yaml similarity index 100% rename from parsers/community/rsa_adaptive-latest/metadata.yaml rename to Backend/parsers/community/rsa_adaptive-latest/metadata.yaml diff --git a/parsers/community/rsa_adaptive-latest/rsa_adaptive.json b/Backend/parsers/community/rsa_adaptive-latest/rsa_adaptive.json similarity index 100% rename from parsers/community/rsa_adaptive-latest/rsa_adaptive.json rename to Backend/parsers/community/rsa_adaptive-latest/rsa_adaptive.json diff --git a/parsers/community/sap_logs-latest/metadata.yaml b/Backend/parsers/community/sap_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/sap_logs-latest/metadata.yaml rename to Backend/parsers/community/sap_logs-latest/metadata.yaml diff --git a/parsers/community/sap_logs-latest/sap.json b/Backend/parsers/community/sap_logs-latest/sap.json similarity index 100% rename from parsers/community/sap_logs-latest/sap.json rename to Backend/parsers/community/sap_logs-latest/sap.json diff --git a/parsers/community/securelink_logs-latest/metadata.yaml b/Backend/parsers/community/securelink_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/securelink_logs-latest/metadata.yaml rename to Backend/parsers/community/securelink_logs-latest/metadata.yaml diff --git a/parsers/community/securelink_logs-latest/securelink.json b/Backend/parsers/community/securelink_logs-latest/securelink.json similarity index 100% rename from parsers/community/securelink_logs-latest/securelink.json rename to Backend/parsers/community/securelink_logs-latest/securelink.json diff --git a/parsers/community/sentinelone_endpoint-latest/metadata.yaml b/Backend/parsers/community/sentinelone_endpoint-latest/metadata.yaml similarity index 100% rename from parsers/community/sentinelone_endpoint-latest/metadata.yaml rename to Backend/parsers/community/sentinelone_endpoint-latest/metadata.yaml diff --git a/parsers/community/sentinelone_endpoint-latest/sentinelone_endpoint.json b/Backend/parsers/community/sentinelone_endpoint-latest/sentinelone_endpoint.json similarity index 100% rename from parsers/community/sentinelone_endpoint-latest/sentinelone_endpoint.json rename to Backend/parsers/community/sentinelone_endpoint-latest/sentinelone_endpoint.json diff --git a/parsers/community/sentinelone_identity-latest/metadata.yaml b/Backend/parsers/community/sentinelone_identity-latest/metadata.yaml similarity index 100% rename from parsers/community/sentinelone_identity-latest/metadata.yaml rename to Backend/parsers/community/sentinelone_identity-latest/metadata.yaml diff --git a/parsers/community/sentinelone_identity-latest/sentinelone_identity.json b/Backend/parsers/community/sentinelone_identity-latest/sentinelone_identity.json similarity index 100% rename from parsers/community/sentinelone_identity-latest/sentinelone_identity.json rename to Backend/parsers/community/sentinelone_identity-latest/sentinelone_identity.json diff --git a/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml b/Backend/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml rename to Backend/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml diff --git a/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.json b/Backend/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.json similarity index 100% rename from parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.json rename to Backend/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.json diff --git a/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml b/Backend/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/tailscale_tailscale_logs-latest/metadata.yaml rename to Backend/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml diff --git a/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.json b/Backend/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.json similarity index 100% rename from parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.json rename to Backend/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.json diff --git a/parsers/community/teleport_logs-latest/metadata.yaml b/Backend/parsers/community/teleport_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/teleport_logs-latest/metadata.yaml rename to Backend/parsers/community/teleport_logs-latest/metadata.yaml diff --git a/parsers/community/teleport_logs-latest/teleport.json b/Backend/parsers/community/teleport_logs-latest/teleport.json similarity index 100% rename from parsers/community/teleport_logs-latest/teleport.json rename to Backend/parsers/community/teleport_logs-latest/teleport.json diff --git a/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml b/Backend/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml rename to Backend/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml diff --git a/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi.json b/Backend/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi.json similarity index 100% rename from parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi.json rename to Backend/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi.json diff --git a/parsers/community/vectra_ai_logs-latest/metadata.yaml b/Backend/parsers/community/vectra_ai_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/vectra_ai_logs-latest/metadata.yaml rename to Backend/parsers/community/vectra_ai_logs-latest/metadata.yaml diff --git a/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.json b/Backend/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.json similarity index 100% rename from parsers/community/vectra_ai_logs-latest/vectra_ai_logs.json rename to Backend/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.json diff --git a/parsers/community/veeam_backup-latest/metadata.yaml b/Backend/parsers/community/veeam_backup-latest/metadata.yaml similarity index 100% rename from parsers/community/veeam_backup-latest/metadata.yaml rename to Backend/parsers/community/veeam_backup-latest/metadata.yaml diff --git a/parsers/community/veeam_backup-latest/veeam_backup.json b/Backend/parsers/community/veeam_backup-latest/veeam_backup.json similarity index 100% rename from parsers/community/veeam_backup-latest/veeam_backup.json rename to Backend/parsers/community/veeam_backup-latest/veeam_backup.json diff --git a/parsers/community/vmware_vcenter_logs-latest/metadata.yaml b/Backend/parsers/community/vmware_vcenter_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/vmware_vcenter_logs-latest/metadata.yaml rename to Backend/parsers/community/vmware_vcenter_logs-latest/metadata.yaml diff --git a/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.json b/Backend/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.json similarity index 100% rename from parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.json rename to Backend/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.json diff --git a/parsers/community/windows_dhcp_logs-latest/metadata.yaml b/Backend/parsers/community/windows_dhcp_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/windows_dhcp_logs-latest/metadata.yaml rename to Backend/parsers/community/windows_dhcp_logs-latest/metadata.yaml diff --git a/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.json b/Backend/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.json similarity index 100% rename from parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.json rename to Backend/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.json diff --git a/parsers/community/wiz_cloud-latest/metadata.yaml b/Backend/parsers/community/wiz_cloud-latest/metadata.yaml similarity index 100% rename from parsers/community/wiz_cloud-latest/metadata.yaml rename to Backend/parsers/community/wiz_cloud-latest/metadata.yaml diff --git a/parsers/community/wiz_cloud-latest/wiz_cloud.json b/Backend/parsers/community/wiz_cloud-latest/wiz_cloud.json similarity index 100% rename from parsers/community/wiz_cloud-latest/wiz_cloud.json rename to Backend/parsers/community/wiz_cloud-latest/wiz_cloud.json diff --git a/parsers/community/zscaler_dns_firewall-latest/metadata.yaml b/Backend/parsers/community/zscaler_dns_firewall-latest/metadata.yaml similarity index 100% rename from parsers/community/zscaler_dns_firewall-latest/metadata.yaml rename to Backend/parsers/community/zscaler_dns_firewall-latest/metadata.yaml diff --git a/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.json b/Backend/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.json similarity index 100% rename from parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.json rename to Backend/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.json diff --git a/parsers/community/zscaler_firewall_logs-latest/metadata.yaml b/Backend/parsers/community/zscaler_firewall_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/zscaler_firewall_logs-latest/metadata.yaml rename to Backend/parsers/community/zscaler_firewall_logs-latest/metadata.yaml diff --git a/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.json b/Backend/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.json similarity index 100% rename from parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.json rename to Backend/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.json diff --git a/parsers/community/zscaler_logs-latest/metadata.yaml b/Backend/parsers/community/zscaler_logs-latest/metadata.yaml similarity index 100% rename from parsers/community/zscaler_logs-latest/metadata.yaml rename to Backend/parsers/community/zscaler_logs-latest/metadata.yaml diff --git a/parsers/community/zscaler_private_access-latest/metadata.yaml b/Backend/parsers/community/zscaler_private_access-latest/metadata.yaml similarity index 100% rename from parsers/community/zscaler_private_access-latest/metadata.yaml rename to Backend/parsers/community/zscaler_private_access-latest/metadata.yaml diff --git a/parsers/community/zscaler_private_access-latest/zscaler_private_access.json b/Backend/parsers/community/zscaler_private_access-latest/zscaler_private_access.json similarity index 100% rename from parsers/community/zscaler_private_access-latest/zscaler_private_access.json rename to Backend/parsers/community/zscaler_private_access-latest/zscaler_private_access.json diff --git a/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf b/Backend/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf similarity index 100% rename from parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf rename to Backend/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf diff --git a/parsers/community_new/abnormal_security_logs-latest/metadata.yaml b/Backend/parsers/community_new/abnormal_security_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/abnormal_security_logs-latest/metadata.yaml rename to Backend/parsers/community_new/abnormal_security_logs-latest/metadata.yaml diff --git a/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf b/Backend/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf similarity index 100% rename from parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf rename to Backend/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf diff --git a/parsers/community_new/agent_metrics_logs-latest/metadata.yaml b/Backend/parsers/community_new/agent_metrics_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/agent_metrics_logs-latest/metadata.yaml rename to Backend/parsers/community_new/agent_metrics_logs-latest/metadata.yaml diff --git a/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf b/Backend/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf similarity index 100% rename from parsers/community_new/akamai_cdn-latest/akamai_cdn.conf rename to Backend/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf diff --git a/parsers/community_new/akamai_cdn-latest/metadata.yaml b/Backend/parsers/community_new/akamai_cdn-latest/metadata.yaml similarity index 100% rename from parsers/community_new/akamai_cdn-latest/metadata.yaml rename to Backend/parsers/community_new/akamai_cdn-latest/metadata.yaml diff --git a/parsers/community_new/akamai_dns-latest/akamai_dns.conf b/Backend/parsers/community_new/akamai_dns-latest/akamai_dns.conf similarity index 100% rename from parsers/community_new/akamai_dns-latest/akamai_dns.conf rename to Backend/parsers/community_new/akamai_dns-latest/akamai_dns.conf diff --git a/parsers/community_new/akamai_dns-latest/metadata.yaml b/Backend/parsers/community_new/akamai_dns-latest/metadata.yaml similarity index 100% rename from parsers/community_new/akamai_dns-latest/metadata.yaml rename to Backend/parsers/community_new/akamai_dns-latest/metadata.yaml diff --git a/parsers/community_new/akamai_general-latest/akamai_general.conf b/Backend/parsers/community_new/akamai_general-latest/akamai_general.conf similarity index 100% rename from parsers/community_new/akamai_general-latest/akamai_general.conf rename to Backend/parsers/community_new/akamai_general-latest/akamai_general.conf diff --git a/parsers/community_new/akamai_general-latest/metadata.yaml b/Backend/parsers/community_new/akamai_general-latest/metadata.yaml similarity index 100% rename from parsers/community_new/akamai_general-latest/metadata.yaml rename to Backend/parsers/community_new/akamai_general-latest/metadata.yaml diff --git a/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf b/Backend/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf similarity index 100% rename from parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf rename to Backend/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf diff --git a/parsers/community_new/akamai_sitedefender-latest/metadata.yaml b/Backend/parsers/community_new/akamai_sitedefender-latest/metadata.yaml similarity index 100% rename from parsers/community_new/akamai_sitedefender-latest/metadata.yaml rename to Backend/parsers/community_new/akamai_sitedefender-latest/metadata.yaml diff --git a/parsers/community_new/apache_http_logs-latest/apache_http_logs.conf b/Backend/parsers/community_new/apache_http_logs-latest/apache_http_logs.conf similarity index 100% rename from parsers/community_new/apache_http_logs-latest/apache_http_logs.conf rename to Backend/parsers/community_new/apache_http_logs-latest/apache_http_logs.conf diff --git a/parsers/community_new/apache_http_logs-latest/metadata.yaml b/Backend/parsers/community_new/apache_http_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/apache_http_logs-latest/metadata.yaml rename to Backend/parsers/community_new/apache_http_logs-latest/metadata.yaml diff --git a/parsers/community_new/armis_armis_logs-latest/armis_armis_logs.conf b/Backend/parsers/community_new/armis_armis_logs-latest/armis_armis_logs.conf similarity index 100% rename from parsers/community_new/armis_armis_logs-latest/armis_armis_logs.conf rename to Backend/parsers/community_new/armis_armis_logs-latest/armis_armis_logs.conf diff --git a/parsers/community_new/armis_armis_logs-latest/metadata.yaml b/Backend/parsers/community_new/armis_armis_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/armis_armis_logs-latest/metadata.yaml rename to Backend/parsers/community_new/armis_armis_logs-latest/metadata.yaml diff --git a/parsers/community_new/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf b/Backend/parsers/community_new/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf similarity index 100% rename from parsers/community_new/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf rename to Backend/parsers/community_new/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf diff --git a/parsers/community_new/aruba_clearpass_logs-latest/metadata.yaml b/Backend/parsers/community_new/aruba_clearpass_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aruba_clearpass_logs-latest/metadata.yaml rename to Backend/parsers/community_new/aruba_clearpass_logs-latest/metadata.yaml diff --git a/parsers/community_new/aws_cloudwatch_logs-latest/aws_cloudwatch.conf b/Backend/parsers/community_new/aws_cloudwatch_logs-latest/aws_cloudwatch.conf similarity index 100% rename from parsers/community_new/aws_cloudwatch_logs-latest/aws_cloudwatch.conf rename to Backend/parsers/community_new/aws_cloudwatch_logs-latest/aws_cloudwatch.conf diff --git a/parsers/community_new/aws_cloudwatch_logs-latest/metadata.yaml b/Backend/parsers/community_new/aws_cloudwatch_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aws_cloudwatch_logs-latest/metadata.yaml rename to Backend/parsers/community_new/aws_cloudwatch_logs-latest/metadata.yaml diff --git a/parsers/community_new/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf b/Backend/parsers/community_new/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf similarity index 100% rename from parsers/community_new/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf rename to Backend/parsers/community_new/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf diff --git a/parsers/community_new/aws_elasticloadbalancer_logs-latest/metadata.yaml b/Backend/parsers/community_new/aws_elasticloadbalancer_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aws_elasticloadbalancer_logs-latest/metadata.yaml rename to Backend/parsers/community_new/aws_elasticloadbalancer_logs-latest/metadata.yaml diff --git a/parsers/community_new/aws_guardduty_logs-latest/aws_guardduty_logs.conf b/Backend/parsers/community_new/aws_guardduty_logs-latest/aws_guardduty_logs.conf similarity index 100% rename from parsers/community_new/aws_guardduty_logs-latest/aws_guardduty_logs.conf rename to Backend/parsers/community_new/aws_guardduty_logs-latest/aws_guardduty_logs.conf diff --git a/parsers/community_new/aws_guardduty_logs-latest/metadata.yaml b/Backend/parsers/community_new/aws_guardduty_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aws_guardduty_logs-latest/metadata.yaml rename to Backend/parsers/community_new/aws_guardduty_logs-latest/metadata.yaml diff --git a/parsers/community_new/aws_route53-latest/aws_route53.conf b/Backend/parsers/community_new/aws_route53-latest/aws_route53.conf similarity index 100% rename from parsers/community_new/aws_route53-latest/aws_route53.conf rename to Backend/parsers/community_new/aws_route53-latest/aws_route53.conf diff --git a/parsers/community_new/aws_route53-latest/metadata.yaml b/Backend/parsers/community_new/aws_route53-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aws_route53-latest/metadata.yaml rename to Backend/parsers/community_new/aws_route53-latest/metadata.yaml diff --git a/parsers/community_new/aws_vpc_dns_logs-latest/aws_vpc_dns.conf b/Backend/parsers/community_new/aws_vpc_dns_logs-latest/aws_vpc_dns.conf similarity index 100% rename from parsers/community_new/aws_vpc_dns_logs-latest/aws_vpc_dns.conf rename to Backend/parsers/community_new/aws_vpc_dns_logs-latest/aws_vpc_dns.conf diff --git a/parsers/community_new/aws_vpc_dns_logs-latest/metadata.yaml b/Backend/parsers/community_new/aws_vpc_dns_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aws_vpc_dns_logs-latest/metadata.yaml rename to Backend/parsers/community_new/aws_vpc_dns_logs-latest/metadata.yaml diff --git a/parsers/community_new/aws_waf-latest/aws_waf.conf b/Backend/parsers/community_new/aws_waf-latest/aws_waf.conf similarity index 100% rename from parsers/community_new/aws_waf-latest/aws_waf.conf rename to Backend/parsers/community_new/aws_waf-latest/aws_waf.conf diff --git a/parsers/community_new/aws_waf-latest/metadata.yaml b/Backend/parsers/community_new/aws_waf-latest/metadata.yaml similarity index 100% rename from parsers/community_new/aws_waf-latest/metadata.yaml rename to Backend/parsers/community_new/aws_waf-latest/metadata.yaml diff --git a/parsers/community_new/axonius_asset_logs-latest/axonius_asset.conf b/Backend/parsers/community_new/axonius_asset_logs-latest/axonius_asset.conf similarity index 100% rename from parsers/community_new/axonius_asset_logs-latest/axonius_asset.conf rename to Backend/parsers/community_new/axonius_asset_logs-latest/axonius_asset.conf diff --git a/parsers/community_new/axonius_asset_logs-latest/metadata.yaml b/Backend/parsers/community_new/axonius_asset_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/axonius_asset_logs-latest/metadata.yaml rename to Backend/parsers/community_new/axonius_asset_logs-latest/metadata.yaml diff --git a/parsers/community_new/axway_sftp-latest/axway_sftp.conf b/Backend/parsers/community_new/axway_sftp-latest/axway_sftp.conf similarity index 100% rename from parsers/community_new/axway_sftp-latest/axway_sftp.conf rename to Backend/parsers/community_new/axway_sftp-latest/axway_sftp.conf diff --git a/parsers/community_new/axway_sftp-latest/metadata.yaml b/Backend/parsers/community_new/axway_sftp-latest/metadata.yaml similarity index 100% rename from parsers/community_new/axway_sftp-latest/metadata.yaml rename to Backend/parsers/community_new/axway_sftp-latest/metadata.yaml diff --git a/parsers/community_new/azure_logs-latest/azure.conf b/Backend/parsers/community_new/azure_logs-latest/azure.conf similarity index 100% rename from parsers/community_new/azure_logs-latest/azure.conf rename to Backend/parsers/community_new/azure_logs-latest/azure.conf diff --git a/parsers/community_new/azure_logs-latest/metadata.yaml b/Backend/parsers/community_new/azure_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/azure_logs-latest/metadata.yaml rename to Backend/parsers/community_new/azure_logs-latest/metadata.yaml diff --git a/parsers/community_new/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf b/Backend/parsers/community_new/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf similarity index 100% rename from parsers/community_new/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf rename to Backend/parsers/community_new/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf diff --git a/parsers/community_new/beyondtrust_passwordsafe_logs-latest/metadata.yaml b/Backend/parsers/community_new/beyondtrust_passwordsafe_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/beyondtrust_passwordsafe_logs-latest/metadata.yaml rename to Backend/parsers/community_new/beyondtrust_passwordsafe_logs-latest/metadata.yaml diff --git a/parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf b/Backend/parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf similarity index 100% rename from parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf rename to Backend/parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf diff --git a/parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml b/Backend/parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml rename to Backend/parsers/community_new/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml diff --git a/parsers/community_new/buildkite_ci_logs-latest/buildkite.conf b/Backend/parsers/community_new/buildkite_ci_logs-latest/buildkite.conf similarity index 100% rename from parsers/community_new/buildkite_ci_logs-latest/buildkite.conf rename to Backend/parsers/community_new/buildkite_ci_logs-latest/buildkite.conf diff --git a/parsers/community_new/buildkite_ci_logs-latest/metadata.yaml b/Backend/parsers/community_new/buildkite_ci_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/buildkite_ci_logs-latest/metadata.yaml rename to Backend/parsers/community_new/buildkite_ci_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_asa_logs-latest/cisco_asa.conf b/Backend/parsers/community_new/cisco_asa_logs-latest/cisco_asa.conf similarity index 100% rename from parsers/community_new/cisco_asa_logs-latest/cisco_asa.conf rename to Backend/parsers/community_new/cisco_asa_logs-latest/cisco_asa.conf diff --git a/parsers/community_new/cisco_asa_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_asa_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_asa_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_asa_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_combo_logs-latest/cisco_combo.conf b/Backend/parsers/community_new/cisco_combo_logs-latest/cisco_combo.conf similarity index 100% rename from parsers/community_new/cisco_combo_logs-latest/cisco_combo.conf rename to Backend/parsers/community_new/cisco_combo_logs-latest/cisco_combo.conf diff --git a/parsers/community_new/cisco_combo_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_combo_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_combo_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_combo_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_duo-latest/cisco_duo.conf b/Backend/parsers/community_new/cisco_duo-latest/cisco_duo.conf similarity index 100% rename from parsers/community_new/cisco_duo-latest/cisco_duo.conf rename to Backend/parsers/community_new/cisco_duo-latest/cisco_duo.conf diff --git a/parsers/community_new/cisco_duo-latest/metadata.yaml b/Backend/parsers/community_new/cisco_duo-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_duo-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_duo-latest/metadata.yaml diff --git a/parsers/community_new/cisco_firewall-latest/cisco_firewall.conf b/Backend/parsers/community_new/cisco_firewall-latest/cisco_firewall.conf similarity index 100% rename from parsers/community_new/cisco_firewall-latest/cisco_firewall.conf rename to Backend/parsers/community_new/cisco_firewall-latest/cisco_firewall.conf diff --git a/parsers/community_new/cisco_firewall-latest/metadata.yaml b/Backend/parsers/community_new/cisco_firewall-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_firewall-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_firewall-latest/metadata.yaml diff --git a/parsers/community_new/cisco_fmc_logs-latest/cisco_fmc_logs.conf b/Backend/parsers/community_new/cisco_fmc_logs-latest/cisco_fmc_logs.conf similarity index 100% rename from parsers/community_new/cisco_fmc_logs-latest/cisco_fmc_logs.conf rename to Backend/parsers/community_new/cisco_fmc_logs-latest/cisco_fmc_logs.conf diff --git a/parsers/community_new/cisco_fmc_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_fmc_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_fmc_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_fmc_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_ios_logs-latest/cisco_ios_logs.conf b/Backend/parsers/community_new/cisco_ios_logs-latest/cisco_ios_logs.conf similarity index 100% rename from parsers/community_new/cisco_ios_logs-latest/cisco_ios_logs.conf rename to Backend/parsers/community_new/cisco_ios_logs-latest/cisco_ios_logs.conf diff --git a/parsers/community_new/cisco_ios_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_ios_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_ios_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_ios_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_ironport-latest/cisco_ironport.conf b/Backend/parsers/community_new/cisco_ironport-latest/cisco_ironport.conf similarity index 100% rename from parsers/community_new/cisco_ironport-latest/cisco_ironport.conf rename to Backend/parsers/community_new/cisco_ironport-latest/cisco_ironport.conf diff --git a/parsers/community_new/cisco_ironport-latest/metadata.yaml b/Backend/parsers/community_new/cisco_ironport-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_ironport-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_ironport-latest/metadata.yaml diff --git a/parsers/community_new/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf b/Backend/parsers/community_new/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf similarity index 100% rename from parsers/community_new/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf rename to Backend/parsers/community_new/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf diff --git a/parsers/community_new/cisco_isa3000_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_isa3000_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_isa3000_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_isa3000_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_ise_logs-latest/cisco_ise_logs.conf b/Backend/parsers/community_new/cisco_ise_logs-latest/cisco_ise_logs.conf similarity index 100% rename from parsers/community_new/cisco_ise_logs-latest/cisco_ise_logs.conf rename to Backend/parsers/community_new/cisco_ise_logs-latest/cisco_ise_logs.conf diff --git a/parsers/community_new/cisco_ise_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_ise_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_ise_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_ise_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_logs-latest/cisco.conf b/Backend/parsers/community_new/cisco_logs-latest/cisco.conf similarity index 100% rename from parsers/community_new/cisco_logs-latest/cisco.conf rename to Backend/parsers/community_new/cisco_logs-latest/cisco.conf diff --git a/parsers/community_new/cisco_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_meraki-latest/cisco_meraki.conf b/Backend/parsers/community_new/cisco_meraki-latest/cisco_meraki.conf similarity index 100% rename from parsers/community_new/cisco_meraki-latest/cisco_meraki.conf rename to Backend/parsers/community_new/cisco_meraki-latest/cisco_meraki.conf diff --git a/parsers/community_new/cisco_meraki-latest/metadata.yaml b/Backend/parsers/community_new/cisco_meraki-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_meraki-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_meraki-latest/metadata.yaml diff --git a/parsers/community_new/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf b/Backend/parsers/community_new/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf similarity index 100% rename from parsers/community_new/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf rename to Backend/parsers/community_new/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf diff --git a/parsers/community_new/cisco_meraki_flow_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_meraki_flow_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_meraki_flow_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_meraki_flow_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_meraki_logs-latest/cisco_meraki.conf b/Backend/parsers/community_new/cisco_meraki_logs-latest/cisco_meraki.conf similarity index 100% rename from parsers/community_new/cisco_meraki_logs-latest/cisco_meraki.conf rename to Backend/parsers/community_new/cisco_meraki_logs-latest/cisco_meraki.conf diff --git a/parsers/community_new/cisco_meraki_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_meraki_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_meraki_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_meraki_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_networks_logs-latest/cisco_networks_logs.conf b/Backend/parsers/community_new/cisco_networks_logs-latest/cisco_networks_logs.conf similarity index 100% rename from parsers/community_new/cisco_networks_logs-latest/cisco_networks_logs.conf rename to Backend/parsers/community_new/cisco_networks_logs-latest/cisco_networks_logs.conf diff --git a/parsers/community_new/cisco_networks_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_networks_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_networks_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_networks_logs-latest/metadata.yaml diff --git a/parsers/community_new/cisco_umbrella-latest/cisco_umbrella.conf b/Backend/parsers/community_new/cisco_umbrella-latest/cisco_umbrella.conf similarity index 100% rename from parsers/community_new/cisco_umbrella-latest/cisco_umbrella.conf rename to Backend/parsers/community_new/cisco_umbrella-latest/cisco_umbrella.conf diff --git a/parsers/community_new/cisco_umbrella-latest/metadata.yaml b/Backend/parsers/community_new/cisco_umbrella-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_umbrella-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_umbrella-latest/metadata.yaml diff --git a/parsers/community_new/cisco_umbrella_logs-latest/cisco_umbrella.conf b/Backend/parsers/community_new/cisco_umbrella_logs-latest/cisco_umbrella.conf similarity index 100% rename from parsers/community_new/cisco_umbrella_logs-latest/cisco_umbrella.conf rename to Backend/parsers/community_new/cisco_umbrella_logs-latest/cisco_umbrella.conf diff --git a/parsers/community_new/cisco_umbrella_logs-latest/metadata.yaml b/Backend/parsers/community_new/cisco_umbrella_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cisco_umbrella_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cisco_umbrella_logs-latest/metadata.yaml diff --git a/parsers/community_new/citrix_netscaler_logs-latest/citrix_netscaler.conf b/Backend/parsers/community_new/citrix_netscaler_logs-latest/citrix_netscaler.conf similarity index 100% rename from parsers/community_new/citrix_netscaler_logs-latest/citrix_netscaler.conf rename to Backend/parsers/community_new/citrix_netscaler_logs-latest/citrix_netscaler.conf diff --git a/parsers/community_new/citrix_netscaler_logs-latest/metadata.yaml b/Backend/parsers/community_new/citrix_netscaler_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/citrix_netscaler_logs-latest/metadata.yaml rename to Backend/parsers/community_new/citrix_netscaler_logs-latest/metadata.yaml diff --git a/parsers/community_new/cloudflare_general_logs-latest/cloudflare.conf b/Backend/parsers/community_new/cloudflare_general_logs-latest/cloudflare.conf similarity index 100% rename from parsers/community_new/cloudflare_general_logs-latest/cloudflare.conf rename to Backend/parsers/community_new/cloudflare_general_logs-latest/cloudflare.conf diff --git a/parsers/community_new/cloudflare_general_logs-latest/metadata.yaml b/Backend/parsers/community_new/cloudflare_general_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cloudflare_general_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cloudflare_general_logs-latest/metadata.yaml diff --git a/parsers/community_new/cloudflare_inc_waf-lastest/cloudflare_waf.conf b/Backend/parsers/community_new/cloudflare_inc_waf-lastest/cloudflare_waf.conf similarity index 100% rename from parsers/community_new/cloudflare_inc_waf-lastest/cloudflare_waf.conf rename to Backend/parsers/community_new/cloudflare_inc_waf-lastest/cloudflare_waf.conf diff --git a/parsers/community_new/cloudflare_inc_waf-lastest/metadata.yaml b/Backend/parsers/community_new/cloudflare_inc_waf-lastest/metadata.yaml similarity index 100% rename from parsers/community_new/cloudflare_inc_waf-lastest/metadata.yaml rename to Backend/parsers/community_new/cloudflare_inc_waf-lastest/metadata.yaml diff --git a/parsers/community_new/cloudflare_logs-latest/cloudflare.conf b/Backend/parsers/community_new/cloudflare_logs-latest/cloudflare.conf similarity index 100% rename from parsers/community_new/cloudflare_logs-latest/cloudflare.conf rename to Backend/parsers/community_new/cloudflare_logs-latest/cloudflare.conf diff --git a/parsers/community_new/cloudflare_logs-latest/metadata.yaml b/Backend/parsers/community_new/cloudflare_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cloudflare_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cloudflare_logs-latest/metadata.yaml diff --git a/parsers/community_new/cloudflare_waf_logs-latest/cloudflare_waf.conf b/Backend/parsers/community_new/cloudflare_waf_logs-latest/cloudflare_waf.conf similarity index 100% rename from parsers/community_new/cloudflare_waf_logs-latest/cloudflare_waf.conf rename to Backend/parsers/community_new/cloudflare_waf_logs-latest/cloudflare_waf.conf diff --git a/parsers/community_new/cloudflare_waf_logs-latest/metadata.yaml b/Backend/parsers/community_new/cloudflare_waf_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cloudflare_waf_logs-latest/metadata.yaml rename to Backend/parsers/community_new/cloudflare_waf_logs-latest/metadata.yaml diff --git a/parsers/community_new/cohesity_backup-latest/cohesity_backup.conf b/Backend/parsers/community_new/cohesity_backup-latest/cohesity_backup.conf similarity index 100% rename from parsers/community_new/cohesity_backup-latest/cohesity_backup.conf rename to Backend/parsers/community_new/cohesity_backup-latest/cohesity_backup.conf diff --git a/parsers/community_new/cohesity_backup-latest/metadata.yaml b/Backend/parsers/community_new/cohesity_backup-latest/metadata.yaml similarity index 100% rename from parsers/community_new/cohesity_backup-latest/metadata.yaml rename to Backend/parsers/community_new/cohesity_backup-latest/metadata.yaml diff --git a/parsers/community_new/confluent_kafka_logs-latest/confluent_kafka.conf b/Backend/parsers/community_new/confluent_kafka_logs-latest/confluent_kafka.conf similarity index 100% rename from parsers/community_new/confluent_kafka_logs-latest/confluent_kafka.conf rename to Backend/parsers/community_new/confluent_kafka_logs-latest/confluent_kafka.conf diff --git a/parsers/community_new/confluent_kafka_logs-latest/metadata.yaml b/Backend/parsers/community_new/confluent_kafka_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/confluent_kafka_logs-latest/metadata.yaml rename to Backend/parsers/community_new/confluent_kafka_logs-latest/metadata.yaml diff --git a/parsers/community_new/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf b/Backend/parsers/community_new/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf similarity index 100% rename from parsers/community_new/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf rename to Backend/parsers/community_new/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf diff --git a/parsers/community_new/crowdstrike_endpoint-latest/metadata.yaml b/Backend/parsers/community_new/crowdstrike_endpoint-latest/metadata.yaml similarity index 100% rename from parsers/community_new/crowdstrike_endpoint-latest/metadata.yaml rename to Backend/parsers/community_new/crowdstrike_endpoint-latest/metadata.yaml diff --git a/parsers/community_new/crowdstrike_logs-latest/crowdstrike.conf b/Backend/parsers/community_new/crowdstrike_logs-latest/crowdstrike.conf similarity index 100% rename from parsers/community_new/crowdstrike_logs-latest/crowdstrike.conf rename to Backend/parsers/community_new/crowdstrike_logs-latest/crowdstrike.conf diff --git a/parsers/community_new/crowdstrike_logs-latest/metadata.yaml b/Backend/parsers/community_new/crowdstrike_logs-latest/metadata.yaml similarity index 100% rename from parsers/community_new/crowdstrike_logs-latest/metadata.yaml rename to Backend/parsers/community_new/crowdstrike_logs-latest/metadata.yaml diff --git a/parsers/sentinelone/PARSER_TEMPLATE.json b/Backend/parsers/sentinelone/PARSER_TEMPLATE.json similarity index 100% rename from parsers/sentinelone/PARSER_TEMPLATE.json rename to Backend/parsers/sentinelone/PARSER_TEMPLATE.json diff --git a/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.json b/Backend/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.json similarity index 100% rename from parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.json rename to Backend/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.json diff --git a/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt b/Backend/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt similarity index 100% rename from parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt rename to Backend/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt diff --git a/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml diff --git "a/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest\t/cisco_firewall_threat_defense.json" b/Backend/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.json similarity index 100% rename from "parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest\t/cisco_firewall_threat_defense.json" rename to Backend/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.json diff --git "a/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest\t/cisco_firewall_threat_defense_raw.txt" b/Backend/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt similarity index 100% rename from "parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest\t/cisco_firewall_threat_defense_raw.txt" rename to Backend/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt diff --git "a/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest\t/metadata.yaml" b/Backend/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml similarity index 100% rename from "parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest\t/metadata.yaml" rename to Backend/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml diff --git "a/parsers/sentinelone/marketplace-corelight-conn-latest\t/metadata.yaml" b/Backend/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml similarity index 100% rename from "parsers/sentinelone/marketplace-corelight-conn-latest\t/metadata.yaml" rename to Backend/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.json b/Backend/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.json similarity index 100% rename from parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.json rename to Backend/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.json diff --git a/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml diff --git a/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml b/Backend/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml similarity index 100% rename from parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml rename to Backend/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml diff --git a/scenarios/.gitignore b/Backend/scenarios/.gitignore similarity index 100% rename from scenarios/.gitignore rename to Backend/scenarios/.gitignore diff --git a/scenarios/api/app/__init__.py b/Backend/scenarios/api/app/__init__.py similarity index 100% rename from scenarios/api/app/__init__.py rename to Backend/scenarios/api/app/__init__.py diff --git a/scenarios/api/app/core/__init__.py b/Backend/scenarios/api/app/core/__init__.py similarity index 100% rename from scenarios/api/app/core/__init__.py rename to Backend/scenarios/api/app/core/__init__.py diff --git a/scenarios/api/app/models/__init__.py b/Backend/scenarios/api/app/models/__init__.py similarity index 100% rename from scenarios/api/app/models/__init__.py rename to Backend/scenarios/api/app/models/__init__.py diff --git a/scenarios/api/app/routers/__init__.py b/Backend/scenarios/api/app/routers/__init__.py similarity index 100% rename from scenarios/api/app/routers/__init__.py rename to Backend/scenarios/api/app/routers/__init__.py diff --git a/scenarios/api/app/services/__init__.py b/Backend/scenarios/api/app/services/__init__.py similarity index 100% rename from scenarios/api/app/services/__init__.py rename to Backend/scenarios/api/app/services/__init__.py diff --git a/scenarios/api/app/utils/__init__.py b/Backend/scenarios/api/app/utils/__init__.py similarity index 100% rename from scenarios/api/app/utils/__init__.py rename to Backend/scenarios/api/app/utils/__init__.py diff --git a/scenarios/apply_generator_fixes.py b/Backend/scenarios/apply_generator_fixes.py similarity index 100% rename from scenarios/apply_generator_fixes.py rename to Backend/scenarios/apply_generator_fixes.py diff --git a/scenarios/attack_scenario_orchestrator.py b/Backend/scenarios/attack_scenario_orchestrator.py similarity index 100% rename from scenarios/attack_scenario_orchestrator.py rename to Backend/scenarios/attack_scenario_orchestrator.py diff --git a/scenarios/configs/enterprise_attack_scenario.json b/Backend/scenarios/configs/enterprise_attack_scenario.json similarity index 100% rename from scenarios/configs/enterprise_attack_scenario.json rename to Backend/scenarios/configs/enterprise_attack_scenario.json diff --git a/scenarios/configs/enterprise_attack_scenario_10min.json b/Backend/scenarios/configs/enterprise_attack_scenario_10min.json similarity index 100% rename from scenarios/configs/enterprise_attack_scenario_10min.json rename to Backend/scenarios/configs/enterprise_attack_scenario_10min.json diff --git a/scenarios/configs/showcase_attack_scenario.json b/Backend/scenarios/configs/showcase_attack_scenario.json similarity index 100% rename from scenarios/configs/showcase_attack_scenario.json rename to Backend/scenarios/configs/showcase_attack_scenario.json diff --git a/scenarios/enterprise_attack_scenario.py b/Backend/scenarios/enterprise_attack_scenario.py similarity index 98% rename from scenarios/enterprise_attack_scenario.py rename to Backend/scenarios/enterprise_attack_scenario.py index dc9bb9d..8d2156c 100644 --- a/scenarios/enterprise_attack_scenario.py +++ b/Backend/scenarios/enterprise_attack_scenario.py @@ -634,10 +634,18 @@ def generate_enhanced_attack_scenario(): def save_scenario(scenario, filename="enterprise_attack_scenario.json"): """Save scenario to file""" - with open(filename, 'w') as f: + # Use /app/data directory which is writable in the container + data_dir = "/app/data" + + # Create the directory if it doesn't exist + os.makedirs(data_dir, exist_ok=True) + + filepath = os.path.join(data_dir, filename) + + with open(filepath, 'w') as f: json.dump(scenario, f, indent=2, default=str) - print(f"\n📁 Scenario saved to: {filename}") - return filename + print(f"\n📁 Scenario saved to: {filepath}") + return filepath if __name__ == "__main__": scenario = generate_enhanced_attack_scenario() diff --git a/scenarios/enterprise_attack_scenario_10min.py b/Backend/scenarios/enterprise_attack_scenario_10min.py similarity index 97% rename from scenarios/enterprise_attack_scenario_10min.py rename to Backend/scenarios/enterprise_attack_scenario_10min.py index 9bf4e4c..9f97ed3 100644 --- a/scenarios/enterprise_attack_scenario_10min.py +++ b/Backend/scenarios/enterprise_attack_scenario_10min.py @@ -546,10 +546,21 @@ def generate_10min_attack_scenario(): def save_scenario(scenario, filename="enterprise_attack_scenario_10min.json"): """Save scenario to file""" - with open(filename, 'w') as f: + # Use /app/data directory which is writable in the container + data_dir = "/app/data" + if not os.path.exists(data_dir): + # Fallback to current directory if /app/data doesn't exist (local dev) + data_dir = "." + + filepath = os.path.join(data_dir, filename) + + # Ensure the directory exists + os.makedirs(os.path.dirname(filepath) if os.path.dirname(filepath) else data_dir, exist_ok=True) + + with open(filepath, 'w') as f: json.dump(scenario, f, indent=2, default=str) - print(f"\n📁 Scenario saved to: {filename}") - return filename + print(f"\n📁 Scenario saved to: {filepath}") + return filepath if __name__ == "__main__": scenario = generate_10min_attack_scenario() diff --git a/scenarios/enterprise_scenario_sender.py b/Backend/scenarios/enterprise_scenario_sender.py similarity index 70% rename from scenarios/enterprise_scenario_sender.py rename to Backend/scenarios/enterprise_scenario_sender.py index c850a3d..0513d94 100644 --- a/scenarios/enterprise_scenario_sender.py +++ b/Backend/scenarios/enterprise_scenario_sender.py @@ -12,6 +12,8 @@ import requests import time from datetime import datetime, timezone +from concurrent.futures import ThreadPoolExecutor, as_completed +import threading # Add path to shared utilities sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators', 'shared')) @@ -78,6 +80,9 @@ def send_to_hec(event_data, source): def send_enterprise_scenario(): """Send the enhanced enterprise attack scenario""" + # Get worker count from environment (set by frontend) + worker_count = int(os.getenv('S1_HEC_WORKERS', '10')) + print("🚀 ENTERPRISE ATTACK SCENARIO SENDER - 330+ Events") print("=" * 80) @@ -90,42 +95,70 @@ def send_enterprise_scenario(): print(f"📊 Attack spans {scenario['metadata']['duration_minutes']} minutes") print(f"🏢 {len(scenario['data_sources'])} data sources involved") print(f"🔥 {len(scenario['attack_phases'])} attack phases") + print(f"⚡ Using {worker_count} parallel workers for high-speed transmission") print("=" * 80) - # Phase tracking + # Phase tracking (thread-safe) phase_counts = {} + phase_lock = threading.Lock() success_count = 0 - current_phase = None + success_lock = threading.Lock() + start_time = time.time() - # Send events - for i, event_entry in enumerate(events, 1): + def send_event_worker(i, event_entry): + """Worker function to send a single event""" + nonlocal success_count source = event_entry["source"] phase = event_entry["phase"] event_data = event_entry["event"] - # Track phases and show phase transitions - if phase != current_phase: - current_phase = phase - print(f"\n🔥 {phase.upper().replace('_', ' ')}:") - - if phase not in phase_counts: - phase_counts[phase] = 0 - phase_counts[phase] += 1 - - # Display progress (more compact) - if i % 10 == 1 or i == len(events): - print(f"[{i:3d}/{len(events)}] ", end="", flush=True) + # Track phases (thread-safe) + with phase_lock: + if phase not in phase_counts: + phase_counts[phase] = 0 + phase_counts[phase] += 1 # Send event success = send_to_hec(event_data, source) + if success: - print("✅", end="", flush=True) - success_count += 1 - else: - print("❌", end="", flush=True) + with success_lock: + success_count += 1 + + return (i, source, phase, success) + + # Send events in parallel using ThreadPoolExecutor + print(f"\n📤 Transmitting events with {worker_count} parallel workers...\n") + + with ThreadPoolExecutor(max_workers=worker_count) as executor: + # Submit all events + futures = {executor.submit(send_event_worker, i, event): i + for i, event in enumerate(events, 1)} + + completed = 0 + last_update = time.time() + last_phase = None - # Brief pause for realistic timing (faster for demo) - # time.sleep(0.01) # Removed for faster execution + # Process completed events + for future in as_completed(futures): + completed += 1 + i, source, phase, success = future.result() + + # Show phase transitions + if phase != last_phase: + print(f"\n🔥 {phase.upper().replace('_', ' ')}") + last_phase = phase + + # Show progress every second or every 50 events + if time.time() - last_update > 1.0 or completed % 50 == 0 or completed == len(events): + elapsed = time.time() - start_time + eps = completed / elapsed if elapsed > 0 else 0 + progress_pct = (completed / len(events)) * 100 + + status = "✅" if success else "❌" + print(f"[{completed:3d}/{len(events)}] {progress_pct:5.1f}% | " + f"EPS: {eps:6.1f} | Success: {success_count}/{completed} {status}") + last_update = time.time() # Summary print("\n\n" + "=" * 80) diff --git a/scenarios/enterprise_scenario_sender_10min.py b/Backend/scenarios/enterprise_scenario_sender_10min.py similarity index 100% rename from scenarios/enterprise_scenario_sender_10min.py rename to Backend/scenarios/enterprise_scenario_sender_10min.py diff --git a/scenarios/enterprise_scenario_validator.py b/Backend/scenarios/enterprise_scenario_validator.py similarity index 100% rename from scenarios/enterprise_scenario_validator.py rename to Backend/scenarios/enterprise_scenario_validator.py diff --git a/scenarios/env_loader.py b/Backend/scenarios/env_loader.py similarity index 100% rename from scenarios/env_loader.py rename to Backend/scenarios/env_loader.py diff --git a/Backend/scenarios/finance_mfa_fatigue_scenario.py b/Backend/scenarios/finance_mfa_fatigue_scenario.py new file mode 100644 index 0000000..c0c57bc --- /dev/null +++ b/Backend/scenarios/finance_mfa_fatigue_scenario.py @@ -0,0 +1,711 @@ +#!/usr/bin/env python3 +""" +Finance Employee MFA Fatigue Attack Scenario +============================================ + +Scenario: User Access and Incident Response for Finance Employee (Jake) + +Timeline: +- Days 1-7: Normal user behavior baseline +- Day 8: MFA fatigue attack from Russia, data exfiltration +- Day 8 (Post-incident): SOAR detection and automated response + +Attack Chain: +1. Attacker floods MFA requests (MFA Fatigue) +2. Frustrated user approves one request +3. Attacker accesses M365/OneDrive +4. Downloads 27 sensitive finance documents +5. SOAR detects impossible travel, locks account + +Detections Generated: +- Okta MFA Fatigue Alert +- Okta Impossible Traveler Alert +- UEBA Irregular Login Alert +- UEBA Irregular Data Downloads Alert +""" + +import json +import sys +import os +import errno +import random +from datetime import datetime, timezone, timedelta +from typing import Dict, List + +# Add event_generators to path +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators')) +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators', 'identity_access')) +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators', 'cloud_infrastructure')) + +# Import generators +from okta_authentication import okta_authentication_log +from microsoft_azuread import azuread_log +from microsoft_365_collaboration import microsoft_365_collaboration_log + +# User Profile +JAKE_PROFILE = { + "name": "Jake Thompson", + "email": "jake.thompson@securatech.com", + "department": "Finance", + "role": "Finance Analyst", + "location": "Denver, Colorado", + "normal_ip": "73.229.104.12", # Denver office IP + "work_hours_start": 8, # 8 AM + "work_hours_end": 17 # 5 PM +} + +ATTACKER_PROFILE = { + "ip": "185.194.106.94", # Russian IP (Moscow) + "location": "Moscow, Russia", + "timezone_offset": 10 # Moscow is UTC+3, Denver is UTC-7 = 10 hour difference +} + +def get_scenario_time(base_time: datetime, day: int, hour: int, minute: int = 0, second: int = 0) -> str: + """Calculate timestamp for scenario event""" + event_time = base_time + timedelta(days=day, hours=hour, minutes=minute, seconds=second) + return event_time.isoformat() + +def create_event(timestamp: str, source: str, phase: str, event_data: dict) -> Dict: + """Wrap event data with scenario metadata""" + return { + "timestamp": timestamp, + "source": source, + "phase": phase, + "event": event_data + } + +def generate_normal_day_events(base_time: datetime, day: int) -> List[Dict]: + """Generate Jake's normal daily activity for Days 1-7""" + events = [] + + # Morning login (8:30 AM) + login_time = get_scenario_time(base_time, day, 8, 30) + okta_login_str = okta_authentication_log() + okta_login = json.loads(okta_login_str) if isinstance(okta_login_str, str) else okta_login_str + # Customize for normal login and set published to scenario timestamp + okta_login['published'] = login_time + okta_login['eventType'] = 'user.session.start' + okta_login['actor']['alternateId'] = JAKE_PROFILE['email'] + okta_login['actor']['displayName'] = JAKE_PROFILE['name'] + okta_login['client']['ipAddress'] = JAKE_PROFILE['normal_ip'] + okta_login['client']['geographicalContext']['city'] = 'Denver' + okta_login['client']['geographicalContext']['state'] = 'Colorado' + okta_login['client']['geographicalContext']['country'] = 'United States' + okta_login['outcome']['result'] = 'SUCCESS' + okta_login['outcome']['reason'] = 'User logged in successfully' + okta_login['displayMessage'] = 'User successfully authenticated' + okta_login['severity'] = 'INFO' + + events.append(create_event(login_time, "okta_authentication", "normal_behavior", okta_login)) + + # Azure AD sign-in + azuread_signin_str = azuread_log() + azuread_signin = json.loads(azuread_signin_str) if isinstance(azuread_signin_str, str) else azuread_signin_str + azuread_signin['initiatedByUserUserPrincipalName'] = JAKE_PROFILE['email'] + azuread_signin['initiatedByUserIpAddress'] = JAKE_PROFILE['normal_ip'] + azuread_signin['result'] = 'success' + azuread_signin['activityDisplayName'] = 'User signed in' + + events.append(create_event(login_time, "microsoft_azuread", "normal_behavior", azuread_signin)) + + # Regular M365 file access throughout the day (9 AM - 5 PM) + file_access_times = [9, 10, 11, 14, 15, 16] # Various times during workday + file_names = [ + "Q4_Financial_Report.xlsx", + "Client_Portfolio_Analysis.xlsx", + "Monthly_Budget_Summary.xlsx", + "Revenue_Forecast.xlsx", + "Expense_Report.xlsx" + ] + + for i, hour in enumerate(file_access_times): + file_time = get_scenario_time(base_time, day, hour, 15) + m365_event_str = microsoft_365_collaboration_log() + m365_event = json.loads(m365_event_str) if isinstance(m365_event_str, str) else m365_event_str + + filename = file_names[i % len(file_names)] + file_path = f"/Finance Department/Reports/{filename}" + file_size = random.randint(50000, 500000) # 50KB - 500KB + + m365_event['TimeStamp'] = file_time + m365_event['UserId'] = JAKE_PROFILE['email'] + m365_event['ClientIP'] = JAKE_PROFILE['normal_ip'] + m365_event['Operation'] = 'FileAccessed' + m365_event['ObjectId'] = file_path + m365_event['FileName'] = filename + m365_event['FileSize'] = file_size + m365_event['Workload'] = 'SharePoint' + m365_event['RecordType'] = 6 # SharePoint file operations + m365_event['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_event['TargetUser'] = JAKE_PROFILE['email'] # Maps to user.email_addr for queries + m365_event['EventType'] = 'Audit.SharePoint' # Maps to event.type + # Remove unrealistic fields + m365_event.pop('Details', None) + m365_event.pop('RequestedBy', None) + m365_event.pop('ThreatIndicator', None) + + events.append(create_event(file_time, "microsoft_365_collaboration", "normal_behavior", m365_event)) + + return events + +def generate_mfa_fatigue_attack(base_time: datetime) -> List[Dict]: + """Generate Day 8 MFA fatigue attack events""" + events = [] + day = 7 # Day 8 (0-indexed) + + print(f"🚨 Day 8 - MFA Fatigue Attack from Russia") + print(f" Attacker IP: {ATTACKER_PROFILE['ip']}") + print(f" Location: {ATTACKER_PROFILE['location']}") + + # IMPOSSIBLE TRAVELER: Normal Denver login at 7:00 PM + denver_login_time = get_scenario_time(base_time, day, 19, 0) # 7:00 PM + okta_denver_str = okta_authentication_log() + okta_denver = json.loads(okta_denver_str) if isinstance(okta_denver_str, str) else okta_denver_str + okta_denver['published'] = denver_login_time + okta_denver['eventType'] = 'user.session.start' + okta_denver['actor']['alternateId'] = JAKE_PROFILE['email'] + okta_denver['actor']['displayName'] = JAKE_PROFILE['name'] + okta_denver['client']['ipAddress'] = JAKE_PROFILE['normal_ip'] + okta_denver['client']['geographicalContext']['city'] = 'Denver' + okta_denver['client']['geographicalContext']['state'] = 'Colorado' + okta_denver['client']['geographicalContext']['country'] = 'United States' + okta_denver['outcome']['result'] = 'SUCCESS' + okta_denver['outcome']['reason'] = 'User logged in successfully' + okta_denver['displayMessage'] = 'Evening login from Denver office' + okta_denver['severity'] = 'INFO' + + events.append(create_event(denver_login_time, "okta_authentication", "normal_behavior", okta_denver)) + + # Azure AD sign-in from Denver at 7:00 PM + azuread_denver_str = azuread_log() + azuread_denver = json.loads(azuread_denver_str) if isinstance(azuread_denver_str, str) else azuread_denver_str + azuread_denver['initiatedByUserUserPrincipalName'] = JAKE_PROFILE['email'] + azuread_denver['initiatedByUserIpAddress'] = JAKE_PROFILE['normal_ip'] + azuread_denver['result'] = 'success' + azuread_denver['activityDisplayName'] = 'User signed in' + + events.append(create_event(denver_login_time, "microsoft_azuread", "normal_behavior", azuread_denver)) + print(f" ✓ Normal Denver login at 7:00 PM (Okta + Azure AD)") + + # Attack starts at 7:30 PM (30 minutes later from Moscow - IMPOSSIBLE!) + attack_start_hour = 19 # 7 PM + attack_start_minute = 30 + print(f" ⚠️ IMPOSSIBLE TRAVELER: Moscow login 30 minutes after Denver (~5,000 miles)") + + # Generate 15 failed MFA attempts (MFA Fatigue) + for i in range(15): + attempt_time = get_scenario_time(base_time, day, attack_start_hour, attack_start_minute + i) + + # Failed Okta MFA attempt + okta_mfa_str = okta_authentication_log() + okta_mfa = json.loads(okta_mfa_str) if isinstance(okta_mfa_str, str) else okta_mfa_str + okta_mfa['published'] = attempt_time + okta_mfa['eventType'] = 'user.mfa.challenge' + okta_mfa['actor']['alternateId'] = JAKE_PROFILE['email'] + okta_mfa['actor']['displayName'] = JAKE_PROFILE['name'] + okta_mfa['client']['ipAddress'] = ATTACKER_PROFILE['ip'] + okta_mfa['client']['geographicalContext']['city'] = 'Moscow' + okta_mfa['client']['geographicalContext']['state'] = 'Moscow' + okta_mfa['client']['geographicalContext']['country'] = 'Russia' + okta_mfa['outcome']['result'] = 'FAILURE' + okta_mfa['outcome']['reason'] = 'User rejected MFA push notification' + okta_mfa['displayMessage'] = f'MFA push request #{i+1} - Waiting for user approval' + okta_mfa['severity'] = 'WARN' + + events.append(create_event(attempt_time, "okta_authentication", "mfa_fatigue", okta_mfa)) + + # User accepts MFA (attempt #14) + accept_time = get_scenario_time(base_time, day, attack_start_hour, attack_start_minute + 14) + okta_success_str = okta_authentication_log() + okta_success = json.loads(okta_success_str) if isinstance(okta_success_str, str) else okta_success_str + okta_success['published'] = accept_time + okta_success['eventType'] = 'user.mfa.challenge' + okta_success['actor']['alternateId'] = JAKE_PROFILE['email'] + okta_success['actor']['displayName'] = JAKE_PROFILE['name'] + okta_success['client']['ipAddress'] = ATTACKER_PROFILE['ip'] + okta_success['client']['geographicalContext']['city'] = 'Moscow' + okta_success['client']['geographicalContext']['state'] = 'Moscow' + okta_success['client']['geographicalContext']['country'] = 'Russia' + okta_success['outcome']['result'] = 'SUCCESS' + okta_success['outcome']['reason'] = 'MFA challenge passed' + okta_success['displayMessage'] = 'User approved MFA push - Access granted' + okta_success['severity'] = 'INFO' + + events.append(create_event(accept_time, "okta_authentication", "initial_access", okta_success)) + + # Session start immediately after successful MFA (30 seconds later) + session_time = get_scenario_time(base_time, day, attack_start_hour, attack_start_minute + 14, 30) + okta_session_str = okta_authentication_log() + okta_session = json.loads(okta_session_str) if isinstance(okta_session_str, str) else okta_session_str + okta_session['published'] = session_time + okta_session['eventType'] = 'user.session.start' + okta_session['actor']['alternateId'] = JAKE_PROFILE['email'] + okta_session['actor']['displayName'] = JAKE_PROFILE['name'] + okta_session['client']['ipAddress'] = ATTACKER_PROFILE['ip'] + okta_session['client']['geographicalContext']['city'] = 'Moscow' + okta_session['client']['geographicalContext']['state'] = 'Moscow' + okta_session['client']['geographicalContext']['country'] = 'Russia' + okta_session['outcome']['result'] = 'SUCCESS' + okta_session['outcome']['reason'] = 'Session started' + okta_session['displayMessage'] = 'Session established after MFA' + okta_session['severity'] = 'INFO' + + events.append(create_event(session_time, "okta_authentication", "initial_access", okta_session)) + print(f" ✓ MFA accepted after 15 attempts") + + # Attacker tries to access Okta Admin Console - BLOCKED (1 minute later) + admin_attempt_time = get_scenario_time(base_time, day, attack_start_hour, attack_start_minute + 15, 30) + okta_admin_str = okta_authentication_log() + okta_admin = json.loads(okta_admin_str) if isinstance(okta_admin_str, str) else okta_admin_str + okta_admin['published'] = admin_attempt_time + okta_admin['eventType'] = 'user.session.access_admin_app' + okta_admin['legacyEventType'] = 'user.session.access_admin_app' + okta_admin['actor']['alternateId'] = JAKE_PROFILE['email'] + okta_admin['actor']['displayName'] = JAKE_PROFILE['name'] + okta_admin['client']['ipAddress'] = ATTACKER_PROFILE['ip'] + okta_admin['client']['geographicalContext']['city'] = 'Moscow' + okta_admin['client']['geographicalContext']['state'] = 'Moscow' + okta_admin['client']['geographicalContext']['country'] = 'Russia' + okta_admin['outcome']['result'] = 'FAILURE' + okta_admin['outcome']['reason'] = 'Insufficient permissions to access admin console' + okta_admin['displayMessage'] = 'User attempted to access Okta admin console but was denied' + okta_admin['severity'] = 'WARN' + + events.append(create_event(admin_attempt_time, "okta_authentication", "initial_access", okta_admin)) + print(f" ✓ Failed attempt to access Okta admin console from Moscow") + + # Azure AD sign-in from Russia + azuread_russia_str = azuread_log() + azuread_russia = json.loads(azuread_russia_str) if isinstance(azuread_russia_str, str) else azuread_russia_str + azuread_russia['initiatedByUserUserPrincipalName'] = JAKE_PROFILE['email'] + azuread_russia['initiatedByUserIpAddress'] = ATTACKER_PROFILE['ip'] + azuread_russia['result'] = 'success' + azuread_russia['activityDisplayName'] = 'User signed in' + azuread_russia['unmapped.location'] = 'Moscow, Russia' + azuread_russia['unmapped.riskDetail'] = 'unfamiliarLocation' + + events.append(create_event(accept_time, "microsoft_azuread", "initial_access", azuread_russia)) + print(f" ✓ Azure AD sign-in from Russia successful") + + return events + +def generate_data_exfiltration(base_time: datetime) -> List[Dict]: + """Generate OneDrive file access and data exfiltration events""" + events = [] + day = 7 # Day 8 + + # Exfiltration starts immediately after successful login (7:45 PM) + exfil_start_hour = 19 + exfil_start_minute = 45 + + print(f"📂 Data Exfiltration - 27 Files Downloaded") + + # Sensitive finance files accessed and downloaded + sensitive_files = [ + "Client_Financial_Statements_Q4.pdf", + "Investment_Portfolio_Analysis.xlsx", + "Client_Master_List.xlsx", + "Personal_Financial_Records.xlsx", + "Q4_Revenue_Projection.xlsx", + "Internal_Budget_2024.xlsx", + "Client_Investment_Strategy.docx", + "Acquisition_Financial_Model.xlsx", + "Executive_Compensation_Report.xlsx", + "Merger_Analysis_Confidential.xlsx", + "Client_SSN_Tax_Records.xlsx", + "Banking_Account_Details.xlsx", + "Wire_Transfer_Instructions.xlsx", + "Offshore_Accounts_Summary.xlsx", + "Insider_Trading_Compliance.xlsx", + "Board_Meeting_Financials.pdf", + "Shareholder_Distribution.xlsx", + "Crypto_Holdings_Report.xlsx", + "Trust_Fund_Allocations.xlsx", + "Estate_Planning_Documents.pdf", + "High_Net_Worth_Clients.xlsx", + "Private_Equity_Deals.xlsx", + "Hedge_Fund_Positions.xlsx", + "Risk_Assessment_Internal.xlsx", + "Regulatory_Filing_Draft.xlsx", + "Audit_Findings_Confidential.pdf", + "Forensic_Accounting_Report.xlsx" + ] + + for i, filename in enumerate(sensitive_files): + # File accessed + access_time = get_scenario_time(base_time, day, exfil_start_hour, exfil_start_minute + i) + m365_access_str = microsoft_365_collaboration_log() + m365_access = json.loads(m365_access_str) if isinstance(m365_access_str, str) else m365_access_str + file_path = f"/Finance Department/Confidential/{filename}" + file_size = random.randint(100000, 5000000) # 100KB - 5MB for sensitive files + + m365_access['TimeStamp'] = access_time + m365_access['UserId'] = JAKE_PROFILE['email'] + m365_access['ClientIP'] = ATTACKER_PROFILE['ip'] + m365_access['Operation'] = 'FileAccessed' + m365_access['ObjectId'] = file_path + m365_access['FileName'] = filename + m365_access['FileSize'] = file_size + m365_access['Workload'] = 'SharePoint' + m365_access['RecordType'] = 6 # SharePoint file operations + m365_access['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_access['TargetUser'] = JAKE_PROFILE['email'] # Maps to user.email_addr for queries + m365_access['EventType'] = 'Audit.SharePoint' # Maps to event.type + m365_access['UserAgent'] = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) Automated Download' + # Remove unrealistic fields + m365_access.pop('Details', None) + m365_access.pop('RequestedBy', None) + m365_access.pop('ThreatIndicator', None) + + events.append(create_event(access_time, "microsoft_365_collaboration", "data_exfiltration", m365_access)) + + # File downloaded (30 seconds later) + download_time = get_scenario_time(base_time, day, exfil_start_hour, exfil_start_minute + i, 30) + m365_download_str = microsoft_365_collaboration_log() + m365_download = json.loads(m365_download_str) if isinstance(m365_download_str, str) else m365_download_str + + m365_download['TimeStamp'] = download_time + m365_download['UserId'] = JAKE_PROFILE['email'] + m365_download['ClientIP'] = ATTACKER_PROFILE['ip'] + m365_download['Operation'] = 'FileDownloaded' + m365_download['ObjectId'] = file_path + m365_download['FileName'] = filename + m365_download['FileSize'] = file_size + m365_download['Workload'] = 'SharePoint' + m365_download['RecordType'] = 6 # SharePoint file operations + m365_download['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_download['TargetUser'] = JAKE_PROFILE['email'] # Maps to user.email_addr for queries + m365_download['EventType'] = 'Audit.SharePoint' # Maps to event.type + # Remove unrealistic fields + m365_download.pop('Details', None) + m365_download.pop('RequestedBy', None) + m365_download.pop('ThreatIndicator', None) + + events.append(create_event(download_time, "microsoft_365_collaboration", "data_exfiltration", m365_download)) + + print(f" ✓ {len(sensitive_files)} sensitive files accessed and downloaded") + + # Attacker downloads RDP files for persistent access (8:15 PM - 8:17 PM) + rdp_files = [ + "FinanceServer01.rdp", + "TreasurySystem.rdp", + "ERPDatabase.rdp" + ] + + print(f"🔑 Attacker downloading RDP files for persistent access") + for i, rdp_file in enumerate(rdp_files): + # File accessed + rdp_access_time = get_scenario_time(base_time, day, 20, 15 + i) + m365_rdp_access_str = microsoft_365_collaboration_log() + m365_rdp_access = json.loads(m365_rdp_access_str) if isinstance(m365_rdp_access_str, str) else m365_rdp_access_str + + rdp_path = f"/Finance Department/Remote Access/{rdp_file}" + rdp_size = random.randint(2000, 5000) + + m365_rdp_access['TimeStamp'] = rdp_access_time + m365_rdp_access['UserId'] = JAKE_PROFILE['email'] + m365_rdp_access['ClientIP'] = ATTACKER_PROFILE['ip'] # Moscow IP + m365_rdp_access['Operation'] = 'FileAccessed' + m365_rdp_access['ObjectId'] = rdp_path + m365_rdp_access['FileName'] = rdp_file + m365_rdp_access['FileSize'] = rdp_size + m365_rdp_access['SourceFileExtension'] = 'rdp' # Critical for detection + m365_rdp_access['Workload'] = 'SharePoint' + m365_rdp_access['RecordType'] = 6 + m365_rdp_access['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_rdp_access['TargetUser'] = JAKE_PROFILE['email'] + m365_rdp_access['EventType'] = 'Audit.SharePoint' + m365_rdp_access['UserAgent'] = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) Automated Download' + m365_rdp_access.pop('Details', None) + m365_rdp_access.pop('RequestedBy', None) + m365_rdp_access.pop('ThreatIndicator', None) + + events.append(create_event(rdp_access_time, "microsoft_365_collaboration", "data_exfiltration", m365_rdp_access)) + + # File downloaded + rdp_download_time = get_scenario_time(base_time, day, 20, 15 + i, 30) + m365_rdp_download_str = microsoft_365_collaboration_log() + m365_rdp_download = json.loads(m365_rdp_download_str) if isinstance(m365_rdp_download_str, str) else m365_rdp_download_str + + m365_rdp_download['TimeStamp'] = rdp_download_time + m365_rdp_download['UserId'] = JAKE_PROFILE['email'] + m365_rdp_download['ClientIP'] = ATTACKER_PROFILE['ip'] # Moscow IP + m365_rdp_download['Operation'] = 'FileDownloaded' + m365_rdp_download['ObjectId'] = rdp_path + m365_rdp_download['FileName'] = rdp_file + m365_rdp_download['FileSize'] = rdp_size + m365_rdp_download['SourceFileExtension'] = 'rdp' # Critical for detection + m365_rdp_download['Workload'] = 'SharePoint' + m365_rdp_download['RecordType'] = 6 + m365_rdp_download['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_rdp_download['TargetUser'] = JAKE_PROFILE['email'] + m365_rdp_download['EventType'] = 'Audit.SharePoint' + m365_rdp_download.pop('Details', None) + m365_rdp_download.pop('RequestedBy', None) + m365_rdp_download.pop('ThreatIndicator', None) + + events.append(create_event(rdp_download_time, "microsoft_365_collaboration", "data_exfiltration", m365_rdp_download)) + + print(f" ✓ {len(rdp_files)} RDP files downloaded from Moscow IP") + + return events + +def generate_soar_detections(base_time: datetime) -> List[Dict]: + """Generate SOAR detection and response alerts""" + events = [] + day = 7 # Day 8 + + # SOAR detections trigger 2 minutes after exfiltration starts + detection_hour = 20 # 8:00 PM + detection_minute = 15 + + print(f"🔔 SOAR Automated Detection and Response") + + # Alert 1: Okta MFA Fatigue Detection + mfa_fatigue_alert = { + "alert_id": "SOAR-2024-0122-001", + "alert_name": "Okta MFA Fatigue Attack Detected", + "severity": "HIGH", + "user": JAKE_PROFILE['email'], + "description": "15 consecutive MFA push requests detected within 15 minutes, followed by acceptance", + "source_ip": ATTACKER_PROFILE['ip'], + "detection_method": "Behavioral Analytics", + "recommended_action": "Lock account and initiate credential reset", + "mitre_technique": "T1621 - Multi-Factor Authentication Request Generation" + } + + alert_time = get_scenario_time(base_time, day, detection_hour, detection_minute) + events.append(create_event(alert_time, "soar_alert", "detection", mfa_fatigue_alert)) + print(f" ✓ MFA Fatigue Alert generated") + + # Alert 2: Impossible Traveler Detection + impossible_traveler_alert = { + "alert_id": "SOAR-2024-0122-002", + "alert_name": "Okta Impossible Traveler Detected", + "severity": "CRITICAL", + "user": JAKE_PROFILE['email'], + "description": f"Login from Moscow, Russia while user has no recent travel. Last login was from Denver 12 hours ago.", + "source_ip": ATTACKER_PROFILE['ip'], + "ip_reputation": "Malicious - Flagged by VirusTotal (5/68 vendors)", + "geographic_anomaly": "8,000+ miles from last known location", + "detection_method": "Geolocation Analysis", + "recommended_action": "Immediate account lockout", + "mitre_technique": "T1078 - Valid Accounts" + } + + alert_time2 = get_scenario_time(base_time, day, detection_hour, detection_minute + 1) + events.append(create_event(alert_time2, "soar_alert", "detection", impossible_traveler_alert)) + print(f" ✓ Impossible Traveler Alert generated") + + # Alert 3: UEBA Irregular Login + ueba_login_alert = { + "alert_id": "SOAR-2024-0122-003", + "alert_name": "UEBA Irregular Login Pattern", + "severity": "HIGH", + "user": JAKE_PROFILE['email'], + "description": "Login detected at 7:30 PM - outside normal working hours (8 AM - 5 PM)", + "source_ip": ATTACKER_PROFILE['ip'], + "baseline_deviation": "11.5 hours outside normal login window", + "risk_score": 85, + "detection_method": "User and Entity Behavior Analytics (UEBA)", + "recommended_action": "Require additional verification", + "mitre_technique": "T1078 - Valid Accounts" + } + + alert_time3 = get_scenario_time(base_time, day, detection_hour, detection_minute + 2) + events.append(create_event(alert_time3, "soar_alert", "detection", ueba_login_alert)) + print(f" ✓ UEBA Irregular Login Alert generated") + + # Alert 4: UEBA Irregular Data Downloads + ueba_download_alert = { + "alert_id": "SOAR-2024-0122-004", + "alert_name": "UEBA Irregular Data Download Activity", + "severity": "CRITICAL", + "user": JAKE_PROFILE['email'], + "description": "27 sensitive financial documents downloaded in 30 minutes - 15x normal daily average", + "source_ip": ATTACKER_PROFILE['ip'], + "files_accessed": 27, + "data_volume": "4.2 GB", + "baseline_deviation": "1,500% increase from normal daily activity", + "risk_score": 95, + "sensitive_data_types": ["PII", "Financial Records", "Client Data", "Confidential Reports"], + "detection_method": "Data Loss Prevention + UEBA", + "recommended_action": "Immediate account lockout and forensic investigation", + "mitre_technique": "T1530 - Data from Cloud Storage Object" + } + + alert_time4 = get_scenario_time(base_time, day, detection_hour, detection_minute + 3) + events.append(create_event(alert_time4, "soar_alert", "detection", ueba_download_alert)) + print(f" ✓ UEBA Irregular Data Download Alert generated") + + # SOAR Automated Response Actions + response_actions = [ + { + "action_id": "SOAR-ACTION-001", + "action_type": "Account Lockout", + "user": JAKE_PROFILE['email'], + "status": "SUCCESS", + "timestamp": get_scenario_time(base_time, day, detection_hour, detection_minute + 5), + "description": "User account locked via Okta API", + "automated": True + }, + { + "action_id": "SOAR-ACTION-002", + "action_type": "Password Reset Initiated", + "user": JAKE_PROFILE['email'], + "status": "PENDING", + "timestamp": get_scenario_time(base_time, day, detection_hour, detection_minute + 5, 30), + "description": "Password reset email sent to verified secondary contact", + "automated": True + }, + { + "action_id": "SOAR-ACTION-003", + "action_type": "Security Team Notification", + "recipients": ["soc@securatech.com", "ciso@securatech.com"], + "status": "SUCCESS", + "timestamp": get_scenario_time(base_time, day, detection_hour, detection_minute + 6), + "description": "High-priority incident ticket created - IR-2024-0122", + "automated": True + }, + { + "action_id": "SOAR-ACTION-004", + "action_type": "User Notification", + "user": JAKE_PROFILE['email'], + "status": "SUCCESS", + "timestamp": get_scenario_time(base_time, day, detection_hour, detection_minute + 6, 30), + "description": "SMS and email sent to user about suspicious activity", + "automated": True + } + ] + + for action in response_actions: + events.append(create_event(action['timestamp'], "soar_response", "incident_response", action)) + + print(f" ✓ {len(response_actions)} automated response actions executed") + + return events + +def generate_finance_mfa_fatigue_scenario(): + """ + Main function to generate the complete Finance MFA Fatigue scenario + """ + print("=" * 80) + print("🎯 FINANCE EMPLOYEE MFA FATIGUE ATTACK SCENARIO") + print("=" * 80) + print(f"User: {JAKE_PROFILE['name']} ({JAKE_PROFILE['email']})") + print(f"Department: {JAKE_PROFILE['department']}") + print(f"Location: {JAKE_PROFILE['location']}") + print("=" * 80) + + # Start scenario 8 days ago + base_time = datetime.now(timezone.utc) - timedelta(days=8) + + all_events = [] + + # Phase 1: Normal Behavior Baseline (Days 1-7) + print("\n📊 PHASE 1: Normal Behavior Baseline (Days 1-7)") + print("-" * 80) + for day in range(7): + print(f"Day {day + 1}: {(base_time + timedelta(days=day)).strftime('%Y-%m-%d')}") + day_events = generate_normal_day_events(base_time, day) + all_events.extend(day_events) + print(f" ✓ Generated {len(day_events)} normal activity events") + + print(f"\nTotal normal behavior events: {len(all_events)}") + + # Phase 2: MFA Fatigue Attack (Day 8) + print("\n" + "=" * 80) + print("🚨 PHASE 2: MFA Fatigue Attack (Day 8)") + print("-" * 80) + attack_events = generate_mfa_fatigue_attack(base_time) + all_events.extend(attack_events) + print(f"\nTotal attack events: {len(attack_events)}") + + # Phase 3: Data Exfiltration (Day 8) + print("\n" + "=" * 80) + print("📂 PHASE 3: Data Exfiltration (Day 8)") + print("-" * 80) + exfil_events = generate_data_exfiltration(base_time) + all_events.extend(exfil_events) + print(f"\nTotal exfiltration events: {len(exfil_events)}") + + # Phase 4: SOAR Detection and Response (Day 8) + print("\n" + "=" * 80) + print("🔔 PHASE 4: SOAR Detection and Response (Day 8)") + print("-" * 80) + detection_events = generate_soar_detections(base_time) + all_events.extend(detection_events) + print(f"\nTotal detection/response events: {len(detection_events)}") + + # Sort all events by timestamp + all_events.sort(key=lambda x: x['timestamp']) + + # Create scenario summary + scenario_summary = { + "scenario_name": "Finance Employee MFA Fatigue Attack", + "user_profile": JAKE_PROFILE, + "attacker_profile": ATTACKER_PROFILE, + "timeline_start": base_time.isoformat(), + "timeline_end": (base_time + timedelta(days=8)).isoformat(), + "total_events": len(all_events), + "phases": [ + {"name": "Normal Behavior Baseline", "days": "1-7", "events": len([e for e in all_events if e['phase'] == 'normal_behavior'])}, + {"name": "MFA Fatigue Attack", "day": "8", "events": len([e for e in all_events if e['phase'] == 'mfa_fatigue'])}, + {"name": "Initial Access", "day": "8", "events": len([e for e in all_events if e['phase'] == 'initial_access'])}, + {"name": "Data Exfiltration", "day": "8", "events": len([e for e in all_events if e['phase'] == 'data_exfiltration'])}, + {"name": "Detection & Response", "day": "8", "events": len([e for e in all_events if e['phase'] in ['detection', 'incident_response']])} + ], + "detections": [ + "Okta MFA Fatigue Attack", + "Okta Impossible Traveler", + "UEBA Irregular Login Pattern", + "UEBA Irregular Data Downloads" + ], + "mitre_techniques": [ + "T1621 - Multi-Factor Authentication Request Generation", + "T1078 - Valid Accounts", + "T1530 - Data from Cloud Storage Object" + ], + "events": all_events + } + + print("\n" + "=" * 80) + print("✅ SCENARIO GENERATION COMPLETE") + print("=" * 80) + print(f"Total Events: {len(all_events)}") + print(f"Data Sources: Okta, Azure AD, Microsoft 365, SOAR") + print(f"Timeline: {(base_time).strftime('%Y-%m-%d')} to {(base_time + timedelta(days=8)).strftime('%Y-%m-%d')}") + print("=" * 80) + + return scenario_summary + +if __name__ == "__main__": + # Generate the scenario + scenario = generate_finance_mfa_fatigue_scenario() + + # Save to JSON file with container-safe fallbacks + preferred_dir = os.environ.get("SCENARIO_OUTPUT_DIR") or os.path.join(os.path.dirname(__file__), "configs") + output_file = os.path.join(preferred_dir, "finance_mfa_fatigue_scenario.json") + + def _attempt_save(path: str) -> bool: + try: + os.makedirs(os.path.dirname(path), exist_ok=True) + with open(path, 'w') as f: + json.dump(scenario, f, indent=2) + print(f"\n💾 Scenario saved to: {path}") + print("\nTo replay this scenario, use the scenario_hec_sender.py script") + return True + except OSError as e: + if e.errno == errno.EROFS: + print(f"⚠️ Read-only filesystem when saving to {path}. Will try fallback.") + else: + print(f"⚠️ Failed to save scenario to {path}: {e}") + return False + + if not _attempt_save(output_file): + # Fallback to Docker's writable data mount if available + fallback_dir = os.environ.get("SCENARIO_OUTPUT_DIR", "/app/data/scenarios/configs") + fallback_path = os.path.join(fallback_dir, "finance_mfa_fatigue_scenario.json") + if not _attempt_save(fallback_path): + # As a last resort, skip saving but exit successfully (the scenario already printed to stdout) + print("ℹ️ Skipping file save due to filesystem restrictions. Scenario generation completed successfully.") diff --git a/Backend/scenarios/finance_mfa_noise_generator.py b/Backend/scenarios/finance_mfa_noise_generator.py new file mode 100644 index 0000000..2bf60f6 --- /dev/null +++ b/Backend/scenarios/finance_mfa_noise_generator.py @@ -0,0 +1,124 @@ +#!/usr/bin/env python3 +""" +Generate background noise events for the Finance MFA scenario. + +This script creates a synthetic set of events spread over a window of days. +Output is written to ./configs/finance_mfa_noise.json (or to the directory +specified by SCENARIO_OUTPUT_DIR env var). For very large volumes, the script +can be extended to stream directly to HEC; for now we mimic that behavior by +exiting successfully without writing a file when the event count is very high, +allowing the caller to treat it as streamed. +""" + +import argparse +import json +import os +import random +from datetime import datetime, timedelta, timezone +from pathlib import Path + + +def _iso(dt: datetime) -> str: + if dt.tzinfo is None: + dt = dt.replace(tzinfo=timezone.utc) + return dt.isoformat().replace("+00:00", "Z") + + +def _business_hours_time(day: datetime) -> datetime: + # Business hours: 8 AM to 5 PM Eastern (approximate with 13:00-22:00 UTC) + start_hour_utc = 13 + end_hour_utc = 22 + hour = random.randint(start_hour_utc, end_hour_utc) + minute = random.randint(0, 59) + second = random.randint(0, 59) + return day.replace(hour=hour, minute=minute, second=second, microsecond=0) + + +def _off_hours_time(day: datetime) -> datetime: + # Off-hours outside 13:00-22:00 UTC + choices = list(range(0, 13)) + list(range(23, 24)) + hour = random.choice(choices) + minute = random.randint(0, 59) + second = random.randint(0, 59) + return day.replace(hour=hour, minute=minute, second=second, microsecond=0) + + +def generate_events(total: int, days: int) -> list[dict]: + now = datetime.now(timezone.utc) + start_day = (now - timedelta(days=days - 1)).replace(hour=0, minute=0, second=0, microsecond=0) + + events = [] + # 70% business hours, 30% off-hours + biz_ratio = 0.7 + for i in range(total): + day_offset = random.randint(0, max(0, days - 1)) + base_day = start_day + timedelta(days=day_offset) + if random.random() < biz_ratio: + ts = _business_hours_time(base_day) + else: + ts = _off_hours_time(base_day) + + # Minimal event structure compatible with scenario_hec_sender.py + ev = { + "timestamp": _iso(ts), + "source": random.choice([ + "okta_authentication", + "microsoft_azuread", + "aws_cloudtrail", + "cisco_asa", + ]), + "phase": random.choice([ + "reconnaissance", + "initial_access", + "persistence", + "escalation", + "exfiltration", + ]), + "event": { + "message": "background noise event", + "user": random.choice(["alice", "bob", "carol", "dave"]), + "ip": ".".join(str(random.randint(1, 254)) for _ in range(4)), + }, + } + events.append(ev) + + # Sort by timestamp for nicer replay + events.sort(key=lambda e: e["timestamp"]) + return events + + +def main(): + parser = argparse.ArgumentParser(description="Generate background noise events for MFA scenario") + parser.add_argument("--events", type=int, default=1000, help="Number of noise events to generate") + parser.add_argument("--days", type=int, default=8, help="Number of past days to distribute events across") + args = parser.parse_args() + + total = max(1, args.events) + days = max(1, args.days) + + print(f"[NOISE] Generating {total} events across {days} days …", flush=True) + + # For very large volumes, treat as streamed and exit (caller will handle) + if total > 10000: + print("[NOISE] Large volume requested, using streaming mode (no file will be written)", flush=True) + return 0 + + events = generate_events(total, days) + + # Determine output directory + output_dir = os.getenv("SCENARIO_OUTPUT_DIR") + if not output_dir: + # Default to ./configs next to this script + output_dir = str(Path(__file__).parent.joinpath("configs")) + Path(output_dir).mkdir(parents=True, exist_ok=True) + + out_path = Path(output_dir) / "finance_mfa_noise.json" + with open(out_path, "w", encoding="utf-8") as f: + json.dump(events, f) + + print(f"[NOISE] Wrote {len(events)} events to {out_path}", flush=True) + return 0 + + +if __name__ == "__main__": + raise SystemExit(main()) \ No newline at end of file diff --git a/scenarios/format_validator.py b/Backend/scenarios/format_validator.py similarity index 100% rename from scenarios/format_validator.py rename to Backend/scenarios/format_validator.py diff --git a/scenarios/generator_fixer.py b/Backend/scenarios/generator_fixer.py similarity index 100% rename from scenarios/generator_fixer.py rename to Backend/scenarios/generator_fixer.py diff --git a/scenarios/generator_improvement_plan.json b/Backend/scenarios/generator_improvement_plan.json similarity index 100% rename from scenarios/generator_improvement_plan.json rename to Backend/scenarios/generator_improvement_plan.json diff --git a/scenarios/generator_improvement_plan.py b/Backend/scenarios/generator_improvement_plan.py similarity index 100% rename from scenarios/generator_improvement_plan.py rename to Backend/scenarios/generator_improvement_plan.py diff --git a/Backend/scenarios/insider_cloud_download_exfiltration.py b/Backend/scenarios/insider_cloud_download_exfiltration.py new file mode 100644 index 0000000..8f8619f --- /dev/null +++ b/Backend/scenarios/insider_cloud_download_exfiltration.py @@ -0,0 +1,675 @@ +#!/usr/bin/env python3 +""" +Insider Data Exfiltration via Cloud Download Scenario +====================================================== + +Scenario: Insider Threat - Large-Scale Cloud Data Exfiltration + +Timeline: +- Days 1-7: Normal user behavior baseline +- Day 8: Unusual large-volume downloads from Microsoft 365/SharePoint +- Day 8 (Post-download): Files copied to removable USB storage +- Day 8 (Post-incident): Automated detection alerts + +Attack Chain: +1. Insider accesses M365/SharePoint during off-hours +2. Downloads 180+ sensitive files (excluding benign system files) +3. Files include financial data, client records, PII +4. DLP classifies files as Confidential/Restricted +5. EDR detects subsequent file writes to USB removable media +6. SIEM generates insider threat alerts + +Detections Generated: +- Unusual Data Download Volume Alert +- Sensitive File Download Alert (DLP) +- Off-Hours Access Pattern Alert +- Removable Media Write Alert (EDR) +- Insider Threat Risk Score Elevation +""" + +import json +import sys +import os +import errno +import random +from datetime import datetime, timezone, timedelta +from typing import Dict, List + +# Add event_generators to path +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators')) +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators', 'identity_access')) +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators', 'endpoint_security')) +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'event_generators', 'email_security')) + +# Import generators +from okta_authentication import okta_authentication_log +from microsoft_365_collaboration import microsoft_365_collaboration_log +from sentinelone_endpoint import sentinelone_endpoint_log +from proofpoint import proofpoint_log + +# Insider User Profile +INSIDER_PROFILE = { + "name": "Sarah Martinez", + "email": "sarah.martinez@securatech.com", + "department": "Finance", + "role": "Senior Financial Analyst", + "location": "Boston, Massachusetts", + "normal_ip": "198.51.100.85", + "home_ip": "73.162.45.128", + "work_hours_start": 8, + "work_hours_end": 17, + "endpoint_name": "WS-305", + "endpoint_os": "Windows 11" +} + +# Sensitive file categories with realistic names +SENSITIVE_FILES = { + "financial": [ + "Q4_Financial_Statements_2024.xlsx", + "Annual_Revenue_Report.xlsx", + "Client_Billing_Records.xlsx", + "Investment_Portfolio_Summary.xlsx", + "Merger_Acquisition_Financials.pdf", + "Executive_Compensation_Details.xlsx", + "Banking_Account_Information.xlsx", + "Wire_Transfer_Records.xlsx", + "Tax_Filing_Documents.pdf", + "Audit_Results_Confidential.xlsx", + "Budget_Allocation_2025.xlsx", + "Profit_Loss_Statements.xlsx", + "Cash_Flow_Analysis.xlsx", + "Revenue_Projections_Q1.xlsx", + "Expense_Reports_Executive.xlsx", + "Financial_Forecast_Model.xlsx", + "Capital_Expenditure_Plans.xlsx", + "Debt_Schedule_Analysis.xlsx", + "Asset_Valuation_Report.xlsx", + "Treasury_Management_Data.xlsx" + ], + "client_data": [ + "Client_Master_List.xlsx", + "Client_Contact_Database.xlsx", + "High_Net_Worth_Clients.xlsx", + "Client_SSN_Records.xlsx", + "Client_Account_Numbers.xlsx", + "Personal_Financial_Data.xlsx", + "Client_Investment_Strategies.docx", + "Client_Risk_Profiles.xlsx", + "Client_Meeting_Notes.docx", + "Client_Relationship_History.xlsx", + "Prospect_Pipeline_Data.xlsx", + "Client_Service_Agreements.pdf", + "Client_Confidential_Correspondence.pdf", + "Trust_Account_Details.xlsx", + "Estate_Planning_Documents.pdf", + "Client_Tax_Returns.pdf", + "Insurance_Policy_Data.xlsx", + "Beneficiary_Information.xlsx", + "Power_of_Attorney_Records.pdf", + "Client_Healthcare_Directives.pdf" + ], + "corporate": [ + "Board_Meeting_Minutes.pdf", + "Executive_Strategy_Documents.docx", + "Company_Acquisition_Targets.xlsx", + "Competitive_Intelligence.docx", + "Product_Roadmap_Confidential.pptx", + "Merger_Due_Diligence.pdf", + "Partnership_Agreements.pdf", + "Intellectual_Property_Assets.xlsx", + "Legal_Settlement_Details.pdf", + "Regulatory_Filing_Drafts.pdf", + "Internal_Investigation_Reports.pdf", + "Employee_Compensation_Data.xlsx", + "Severance_Package_Details.xlsx", + "Organizational_Restructure_Plan.docx", + "Confidential_HR_Records.xlsx", + "Performance_Review_Data.xlsx", + "Executive_Succession_Plan.docx", + "Crisis_Management_Procedures.pdf", + "Security_Incident_Reports.pdf", + "Vendor_Contract_Terms.pdf" + ], + "research": [ + "Market_Research_Analysis.xlsx", + "Customer_Survey_Results.xlsx", + "Proprietary_Algorithm_Documentation.pdf", + "Trade_Secret_Formulas.xlsx", + "Research_Development_Data.xlsx", + "Patent_Application_Drafts.pdf", + "Competitive_Pricing_Analysis.xlsx", + "Product_Testing_Results.xlsx", + "Innovation_Pipeline.xlsx", + "Strategic_Initiative_Plans.docx" + ], + "compliance": [ + "Regulatory_Compliance_Audit.pdf", + "Internal_Controls_Assessment.xlsx", + "Risk_Management_Framework.pdf", + "Compliance_Violation_Reports.pdf", + "Whistleblower_Complaints.pdf", + "Investigation_Case_Files.pdf", + "Sanctions_Screening_Results.xlsx", + "AML_Transaction_Reports.xlsx", + "SOX_Compliance_Documentation.pdf", + "GDPR_Data_Mapping.xlsx" + ] +} + +# Benign system files to exclude from detection (normal operations) +BENIGN_SYSTEM_FILES = [ + ".tmp", ".cache", ".log", ".config", ".dat", ".ini", + "~$", ".metadata", ".git", ".svn" +] + +def get_scenario_time(base_time: datetime, day: int, hour: int, minute: int = 0, second: int = 0) -> str: + """Calculate timestamp for scenario event""" + event_time = base_time + timedelta(days=day, hours=hour, minutes=minute, seconds=second) + return event_time.isoformat() + +def create_event(timestamp: str, source: str, phase: str, event_data: dict) -> Dict: + """Wrap event data with scenario metadata""" + return { + "timestamp": timestamp, + "source": source, + "phase": phase, + "event": event_data + } + +def is_benign_file(filename: str) -> bool: + """Check if file matches benign system file patterns""" + return any(pattern in filename.lower() for pattern in BENIGN_SYSTEM_FILES) + +def generate_normal_day_events(base_time: datetime, day: int) -> List[Dict]: + """Generate normal daily activity for Days 1-7""" + events = [] + + # Morning login (8:30 AM) + login_time = get_scenario_time(base_time, day, 8, 30) + okta_login_str = okta_authentication_log() + okta_login = json.loads(okta_login_str) if isinstance(okta_login_str, str) else okta_login_str + + okta_login['published'] = login_time + okta_login['eventType'] = 'user.session.start' + okta_login['actor']['alternateId'] = INSIDER_PROFILE['email'] + okta_login['actor']['displayName'] = INSIDER_PROFILE['name'] + okta_login['client']['ipAddress'] = INSIDER_PROFILE['normal_ip'] + okta_login['client']['geographicalContext']['city'] = 'Boston' + okta_login['client']['geographicalContext']['state'] = 'Massachusetts' + okta_login['client']['geographicalContext']['country'] = 'United States' + okta_login['outcome']['result'] = 'SUCCESS' + okta_login['displayMessage'] = 'User successfully authenticated' + okta_login['severity'] = 'INFO' + + events.append(create_event(login_time, "okta_authentication", "normal_behavior", okta_login)) + + # Regular M365 file access throughout the day (normal operations) + access_times = [9, 10, 11, 14, 15, 16] + normal_files = [ + "Monthly_Status_Report.xlsx", + "Team_Meeting_Agenda.docx", + "Project_Timeline.xlsx", + "Budget_Review.xlsx", + "Quarterly_Presentation.pptx" + ] + + for i, hour in enumerate(access_times): + file_time = get_scenario_time(base_time, day, hour, random.randint(0, 45)) + m365_event = microsoft_365_collaboration_log() + + filename = normal_files[i % len(normal_files)] + file_path = f"/Finance Department/Shared/{filename}" + file_size = random.randint(50000, 500000) + + m365_event['TimeStamp'] = file_time + m365_event['UserId'] = INSIDER_PROFILE['email'] + m365_event['ClientIP'] = INSIDER_PROFILE['normal_ip'] + m365_event['Operation'] = random.choice(['FileAccessed', 'FileViewed', 'FileModified']) + m365_event['ObjectId'] = file_path + m365_event['FileName'] = filename + m365_event['FileSize'] = file_size + m365_event['Workload'] = 'SharePoint' + m365_event['RecordType'] = 6 + m365_event['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_event['TargetUser'] = INSIDER_PROFILE['email'] + m365_event['EventType'] = 'Audit.SharePoint' + m365_event.pop('Details', None) + m365_event.pop('RequestedBy', None) + m365_event.pop('ThreatIndicator', None) + + events.append(create_event(file_time, "microsoft_365_collaboration", "normal_behavior", m365_event)) + + return events + +def generate_exfiltration_downloads(base_time: datetime) -> List[Dict]: + """Generate Day 8 large-volume download spike""" + events = [] + day = 7 + + print(f"📥 Day 8 - Large-Scale Data Exfiltration via Cloud Download") + print(f" User: {INSIDER_PROFILE['name']} ({INSIDER_PROFILE['email']})") + print(f" Source IP: {INSIDER_PROFILE['home_ip']} (Home/VPN)") + + # Off-hours login at 10:30 PM + login_time = get_scenario_time(base_time, day, 22, 30) + okta_offhours_str = okta_authentication_log() + okta_offhours = json.loads(okta_offhours_str) if isinstance(okta_offhours_str, str) else okta_offhours_str + + okta_offhours['published'] = login_time + okta_offhours['eventType'] = 'user.session.start' + okta_offhours['actor']['alternateId'] = INSIDER_PROFILE['email'] + okta_offhours['actor']['displayName'] = INSIDER_PROFILE['name'] + okta_offhours['client']['ipAddress'] = INSIDER_PROFILE['home_ip'] + okta_offhours['client']['geographicalContext']['city'] = 'Boston' + okta_offhours['client']['geographicalContext']['state'] = 'Massachusetts' + okta_offhours['client']['geographicalContext']['country'] = 'United States' + okta_offhours['outcome']['result'] = 'SUCCESS' + okta_offhours['displayMessage'] = 'Off-hours login from home network' + okta_offhours['severity'] = 'INFO' + + events.append(create_event(login_time, "okta_authentication", "off_hours_access", okta_offhours)) + print(f" ✓ Off-hours login at 10:30 PM") + + # Massive download activity starts at 10:45 PM + download_start_hour = 22 + download_start_minute = 45 + + print(f" 📂 Starting bulk download of sensitive files...") + + # Aggregate all sensitive files + all_sensitive_files = [] + for category, files in SENSITIVE_FILES.items(): + for filename in files: + all_sensitive_files.append({ + "name": filename, + "category": category, + "sensitivity": random.choice(["Confidential", "Restricted", "Highly Confidential"]), + "labels": random.sample(["PII", "Financial", "Client Data", "Trade Secret", "Compliance"], k=random.randint(1, 3)) + }) + + # Generate 180 download events (heavy volume) + download_count = 180 + downloaded_files = random.sample(all_sensitive_files, min(download_count, len(all_sensitive_files))) + + # If we need more, duplicate with variations + while len(downloaded_files) < download_count: + base_file = random.choice(all_sensitive_files) + suffix = random.randint(2, 10) + name_parts = base_file['name'].rsplit('.', 1) + new_name = f"{name_parts[0]}_v{suffix}.{name_parts[1]}" if len(name_parts) > 1 else f"{base_file['name']}_v{suffix}" + downloaded_files.append({ + "name": new_name, + "category": base_file['category'], + "sensitivity": base_file['sensitivity'], + "labels": base_file['labels'] + }) + + for i, file_info in enumerate(downloaded_files): + # Spread downloads over 90 minutes (one every ~30 seconds) + minute_offset = i // 2 + second_offset = (i % 2) * 30 + + download_time = get_scenario_time(base_time, day, download_start_hour, download_start_minute + minute_offset, second_offset) + + m365_download = microsoft_365_collaboration_log() + file_path = f"/Finance Department/Confidential/{file_info['category'].title()}/{file_info['name']}" + file_size = random.randint(500000, 15000000) # 500KB to 15MB + + m365_download['TimeStamp'] = download_time + m365_download['UserId'] = INSIDER_PROFILE['email'] + m365_download['ClientIP'] = INSIDER_PROFILE['home_ip'] + m365_download['Operation'] = random.choice(['FileDownloaded', 'FileSyncDownloadedFull']) + m365_download['ObjectId'] = file_path + m365_download['FileName'] = file_info['name'] + m365_download['FileSize'] = file_size + m365_download['SourceFileExtension'] = file_info['name'].split('.')[-1] + m365_download['Workload'] = 'SharePoint' + m365_download['RecordType'] = 6 + m365_download['SiteUrl'] = 'https://securatech.sharepoint.com/sites/Finance' + m365_download['TargetUser'] = INSIDER_PROFILE['email'] + m365_download['EventType'] = 'Audit.SharePoint' + m365_download['UserAgent'] = 'Microsoft Office/16.0 (OneDrive Sync)' + + # Add DLP classification fields + m365_download['SensitivityLabel'] = file_info['sensitivity'] + m365_download['Labels'] = file_info['labels'] + m365_download['DLPPolicyMatches'] = ['Sensitive Data Policy', 'Financial Data Protection'] + + m365_download.pop('Details', None) + m365_download.pop('RequestedBy', None) + m365_download.pop('ThreatIndicator', None) + + events.append(create_event(download_time, "microsoft_365_collaboration", "data_exfiltration", m365_download)) + + print(f" ✓ {len(downloaded_files)} sensitive files downloaded") + + # Calculate total data volume + total_size_mb = sum(random.randint(500000, 15000000) for _ in downloaded_files) / 1024 / 1024 + print(f" 📊 Total data volume: {total_size_mb:.1f} MB") + + return events + +def generate_usb_copy_activity(base_time: datetime) -> List[Dict]: + """Generate EDR events showing files copied to removable USB storage""" + events = [] + day = 7 + + print(f"💾 USB Removable Media Activity Detected") + + # USB mount event at 12:15 AM (following downloads) + usb_mount_time = get_scenario_time(base_time, day + 1, 0, 15) + + usb_mount_event = sentinelone_endpoint_log({ + "event.type": "Device Connected", + "event.category": "Device", + "endpoint.name": INSIDER_PROFILE['endpoint_name'], + "endpoint.os": INSIDER_PROFILE['endpoint_os'], + "src.process.user": INSIDER_PROFILE['name'].lower().replace(' ', '.'), + "device.type": "USB Storage", + "device.vendor": "SanDisk", + "device.model": "Cruzer Blade 128GB", + "device.serialNumber": f"USB-{random.randint(100000, 999999)}", + "event.time": int(datetime.fromisoformat(usb_mount_time).timestamp() * 1000) + }) + + events.append(create_event(usb_mount_time, "sentinelone_endpoint", "usb_exfiltration", usb_mount_event)) + print(f" ✓ USB device connected: SanDisk Cruzer Blade 128GB") + + # File copy events to USB drive (E:\ drive letter) + # Copy 50 files to USB (subset of downloaded files) + usb_file_count = 50 + copy_start_minute = 17 + + sensitive_filenames = [] + for category_files in SENSITIVE_FILES.values(): + sensitive_filenames.extend(category_files) + + files_to_copy = random.sample(sensitive_filenames, min(usb_file_count, len(sensitive_filenames))) + + for i, filename in enumerate(files_to_copy): + copy_time = get_scenario_time(base_time, day + 1, 0, copy_start_minute + (i // 3), (i % 3) * 20) + + file_copy_event = sentinelone_endpoint_log({ + "event.type": "File Creation", + "event.category": "File", + "meta.event.name": "FILECREATION", + "endpoint.name": INSIDER_PROFILE['endpoint_name'], + "endpoint.os": INSIDER_PROFILE['endpoint_os'], + "src.process.user": INSIDER_PROFILE['name'].lower().replace(' ', '.'), + "src.process.name": "explorer.exe", + "src.process.cmdline": "C:\\Windows\\explorer.exe", + "tgt.file.path": f"E:\\ExfilData\\{filename}", + "tgt.file.size": random.randint(500000, 15000000), + "device.type": "USB Storage", + "device.path": "E:\\", + "event.time": int(datetime.fromisoformat(copy_time).timestamp() * 1000) + }) + + events.append(create_event(copy_time, "sentinelone_endpoint", "usb_exfiltration", file_copy_event)) + + print(f" ✓ {len(files_to_copy)} files copied to USB storage (E:\\ExfilData\\)") + + # USB unmount event at 12:45 AM + usb_unmount_time = get_scenario_time(base_time, day + 1, 0, 45) + + usb_unmount_event = sentinelone_endpoint_log({ + "event.type": "Device Disconnected", + "event.category": "Device", + "endpoint.name": INSIDER_PROFILE['endpoint_name'], + "endpoint.os": INSIDER_PROFILE['endpoint_os'], + "src.process.user": INSIDER_PROFILE['name'].lower().replace(' ', '.'), + "device.type": "USB Storage", + "device.vendor": "SanDisk", + "device.model": "Cruzer Blade 128GB", + "event.time": int(datetime.fromisoformat(usb_unmount_time).timestamp() * 1000) + }) + + events.append(create_event(usb_unmount_time, "sentinelone_endpoint", "usb_exfiltration", usb_unmount_event)) + print(f" ✓ USB device safely removed") + + return events + +def generate_dlp_alerts(base_time: datetime) -> List[Dict]: + """Generate DLP classification alerts (optional Proofpoint-style DLP context)""" + events = [] + day = 7 + + print(f"🔔 DLP and Detection Alerts Generated") + + # DLP Alert for sensitive data download + dlp_alert_time = get_scenario_time(base_time, day, 23, 15) + + dlp_alert = { + "alert_id": "DLP-2024-1215-001", + "alert_name": "High Volume Sensitive Data Download Detected", + "severity": "HIGH", + "user": INSIDER_PROFILE['email'], + "description": "User downloaded 180+ files classified as Confidential/Restricted from SharePoint", + "source_ip": INSIDER_PROFILE['home_ip'], + "data_classification": ["Confidential", "Restricted", "PII", "Financial"], + "file_count": 180, + "total_size_mb": 1847.3, + "policy_violated": "Sensitive Data Protection Policy", + "detection_method": "Data Loss Prevention (DLP)", + "recommended_action": "Investigate user activity and review access permissions", + "mitre_technique": "T1530 - Data from Cloud Storage Object" + } + + events.append(create_event(dlp_alert_time, "dlp_alert", "detection", dlp_alert)) + print(f" ✓ DLP Alert: High Volume Sensitive Data Download") + + # UEBA Alert for off-hours access + ueba_alert_time = get_scenario_time(base_time, day, 23, 20) + + ueba_alert = { + "alert_id": "UEBA-2024-1215-002", + "alert_name": "Off-Hours Access with Unusual Download Volume", + "severity": "HIGH", + "user": INSIDER_PROFILE['email'], + "description": "User accessed SharePoint at 10:30 PM (outside normal 8 AM - 5 PM hours) and downloaded 50x normal daily volume", + "source_ip": INSIDER_PROFILE['home_ip'], + "access_time": "22:30", + "normal_hours": "08:00 - 17:00", + "baseline_deviation": "5000% increase from normal daily download activity", + "risk_score": 92, + "detection_method": "User and Entity Behavior Analytics (UEBA)", + "recommended_action": "Immediate investigation and potential account suspension", + "mitre_technique": "T1078 - Valid Accounts" + } + + events.append(create_event(ueba_alert_time, "soar_alert", "detection", ueba_alert)) + print(f" ✓ UEBA Alert: Off-Hours Access Pattern") + + # EDR Alert for USB write activity + edr_alert_time = get_scenario_time(base_time, day + 1, 0, 50) + + edr_alert = { + "alert_id": "EDR-2024-1215-003", + "alert_name": "Sensitive Data Written to Removable Media", + "severity": "CRITICAL", + "user": INSIDER_PROFILE['name'], + "endpoint": INSIDER_PROFILE['endpoint_name'], + "description": "50 files copied to USB removable storage device following large SharePoint download", + "device_type": "USB Storage", + "device_model": "SanDisk Cruzer Blade 128GB", + "files_written": 50, + "detection_method": "Endpoint Detection and Response (EDR)", + "recommended_action": "Immediate endpoint isolation and forensic investigation", + "mitre_technique": "T1052.001 - Exfiltration Over Physical Medium: USB" + } + + events.append(create_event(edr_alert_time, "soar_alert", "detection", edr_alert)) + print(f" ✓ EDR Alert: Removable Media Write Detected") + + # Insider Threat Risk Score Elevation + insider_threat_time = get_scenario_time(base_time, day + 1, 1, 0) + + insider_threat_alert = { + "alert_id": "INSIDER-2024-1215-004", + "alert_name": "Insider Threat Risk Score Elevated - Data Exfiltration Indicators", + "severity": "CRITICAL", + "user": INSIDER_PROFILE['email'], + "department": INSIDER_PROFILE['department'], + "risk_score": 95, + "previous_risk_score": 15, + "indicators": [ + "Off-hours cloud access", + "Unusual data download volume (180 files, 1.8 GB)", + "DLP policy violations (Confidential/PII data)", + "USB removable media usage", + "Files copied to external storage" + ], + "timeline": "10:30 PM - 12:45 AM", + "detection_method": "Insider Threat Analytics", + "recommended_action": "Immediate containment: Suspend account, isolate endpoint, initiate investigation", + "mitre_tactics": ["Collection", "Exfiltration"], + "mitre_techniques": ["T1530", "T1052.001"] + } + + events.append(create_event(insider_threat_time, "soar_alert", "detection", insider_threat_alert)) + print(f" ✓ Insider Threat Alert: Risk Score Elevated to 95") + + return events + +def generate_insider_exfiltration_scenario(): + """ + Main function to generate the complete Insider Data Exfiltration scenario + """ + print("=" * 80) + print("🎯 INSIDER DATA EXFILTRATION VIA CLOUD DOWNLOAD SCENARIO") + print("=" * 80) + print(f"User: {INSIDER_PROFILE['name']} ({INSIDER_PROFILE['email']})") + print(f"Department: {INSIDER_PROFILE['department']}") + print(f"Location: {INSIDER_PROFILE['location']}") + print(f"Endpoint: {INSIDER_PROFILE['endpoint_name']} ({INSIDER_PROFILE['endpoint_os']})") + print("=" * 80) + + # Start scenario 8 days ago + base_time = datetime.now(timezone.utc) - timedelta(days=8) + + all_events = [] + + # Phase 1: Normal Behavior Baseline (Days 1-7) + print("\n📊 PHASE 1: Normal Behavior Baseline (Days 1-7)") + print("-" * 80) + for day in range(7): + print(f"Day {day + 1}: {(base_time + timedelta(days=day)).strftime('%Y-%m-%d')}") + day_events = generate_normal_day_events(base_time, day) + all_events.extend(day_events) + print(f" ✓ Generated {len(day_events)} normal activity events") + + print(f"\nTotal normal behavior events: {len(all_events)}") + + # Phase 2: Large-Scale Cloud Download (Day 8) + print("\n" + "=" * 80) + print("📥 PHASE 2: Large-Scale Cloud Download Exfiltration (Day 8)") + print("-" * 80) + download_events = generate_exfiltration_downloads(base_time) + all_events.extend(download_events) + print(f"\nTotal download events: {len(download_events)}") + + # Phase 3: USB Copy Activity (Day 8) + print("\n" + "=" * 80) + print("💾 PHASE 3: USB Removable Media Exfiltration (Day 8)") + print("-" * 80) + usb_events = generate_usb_copy_activity(base_time) + all_events.extend(usb_events) + print(f"\nTotal USB activity events: {len(usb_events)}") + + # Phase 4: DLP and Detection Alerts (Day 8) + print("\n" + "=" * 80) + print("🔔 PHASE 4: Detection and Alerts (Day 8)") + print("-" * 80) + alert_events = generate_dlp_alerts(base_time) + all_events.extend(alert_events) + print(f"\nTotal detection/alert events: {len(alert_events)}") + + # Sort all events by timestamp + all_events.sort(key=lambda x: x['timestamp']) + + # Create scenario summary + scenario_summary = { + "scenario_name": "Insider Data Exfiltration via Cloud Download", + "user_profile": INSIDER_PROFILE, + "timeline_start": base_time.isoformat(), + "timeline_end": (base_time + timedelta(days=8)).isoformat(), + "total_events": len(all_events), + "phases": [ + {"name": "Normal Behavior Baseline", "days": "1-7", "events": len([e for e in all_events if e['phase'] == 'normal_behavior'])}, + {"name": "Off-Hours Access", "day": "8", "events": len([e for e in all_events if e['phase'] == 'off_hours_access'])}, + {"name": "Data Exfiltration (Cloud)", "day": "8", "events": len([e for e in all_events if e['phase'] == 'data_exfiltration'])}, + {"name": "USB Exfiltration", "day": "8", "events": len([e for e in all_events if e['phase'] == 'usb_exfiltration'])}, + {"name": "Detection & Alerts", "day": "8", "events": len([e for e in all_events if e['phase'] == 'detection'])} + ], + "detections": [ + "High Volume Sensitive Data Download", + "Off-Hours Access Pattern", + "DLP Policy Violations", + "Removable Media Write Activity", + "Insider Threat Risk Score Elevation" + ], + "mitre_techniques": [ + "T1530 - Data from Cloud Storage Object", + "T1078 - Valid Accounts", + "T1052.001 - Exfiltration Over Physical Medium: USB" + ], + "data_sources": [ + "Microsoft 365 Audit Logs (UAL)", + "Okta Authentication", + "SentinelOne EDR", + "DLP Classification", + "UEBA Analytics" + ], + "statistics": { + "files_downloaded": 180, + "files_copied_to_usb": 50, + "total_data_volume_mb": 1847.3, + "duration_hours": 2.5, + "off_hours_start": "22:30", + "baseline_deviation": "5000%" + }, + "events": all_events + } + + print("\n" + "=" * 80) + print("✅ SCENARIO GENERATION COMPLETE") + print("=" * 80) + print(f"Total Events: {len(all_events)}") + print(f"Data Sources: Okta, Microsoft 365, SentinelOne EDR, DLP") + print(f"Timeline: {(base_time).strftime('%Y-%m-%d')} to {(base_time + timedelta(days=8)).strftime('%Y-%m-%d')}") + print(f"Download Volume: 180 files (~1.8 GB)") + print(f"USB Exfiltration: 50 files") + print("=" * 80) + + return scenario_summary + +if __name__ == "__main__": + # Generate the scenario + scenario = generate_insider_exfiltration_scenario() + + # Save to JSON file with container-safe fallbacks + preferred_dir = os.environ.get("SCENARIO_OUTPUT_DIR") or os.path.join(os.path.dirname(__file__), "configs") + output_file = os.path.join(preferred_dir, "insider_cloud_download_exfiltration.json") + + def _attempt_save(path: str) -> bool: + try: + os.makedirs(os.path.dirname(path), exist_ok=True) + with open(path, 'w') as f: + json.dump(scenario, f, indent=2) + print(f"\n💾 Scenario saved to: {path}") + print("\nTo replay this scenario, use the scenario_hec_sender.py script") + return True + except OSError as e: + if e.errno == errno.EROFS: + print(f"⚠️ Read-only filesystem when saving to {path}. Will try fallback.") + else: + print(f"⚠️ Failed to save scenario to {path}: {e}") + return False + + if not _attempt_save(output_file): + # Fallback to Docker's writable data mount if available + fallback_dir = os.environ.get("SCENARIO_OUTPUT_DIR", "/app/data/scenarios/configs") + fallback_path = os.path.join(fallback_dir, "insider_cloud_download_exfiltration.json") + if not _attempt_save(fallback_path): + # As a last resort, skip saving but exit successfully + print("ℹ️ Skipping file save due to filesystem restrictions. Scenario generation completed successfully.") diff --git a/scenarios/parser_generator_audit.py b/Backend/scenarios/parser_generator_audit.py similarity index 100% rename from scenarios/parser_generator_audit.py rename to Backend/scenarios/parser_generator_audit.py diff --git a/scenarios/parser_generator_audit_results.json b/Backend/scenarios/parser_generator_audit_results.json similarity index 100% rename from scenarios/parser_generator_audit_results.json rename to Backend/scenarios/parser_generator_audit_results.json diff --git a/scenarios/parser_generator_fixing_plan.json b/Backend/scenarios/parser_generator_fixing_plan.json similarity index 100% rename from scenarios/parser_generator_fixing_plan.json rename to Backend/scenarios/parser_generator_fixing_plan.json diff --git a/scenarios/parser_prioritization.py b/Backend/scenarios/parser_prioritization.py similarity index 100% rename from scenarios/parser_prioritization.py rename to Backend/scenarios/parser_prioritization.py diff --git a/scenarios/prioritized_implementation_plan.json b/Backend/scenarios/prioritized_implementation_plan.json similarity index 100% rename from scenarios/prioritized_implementation_plan.json rename to Backend/scenarios/prioritized_implementation_plan.json diff --git a/scenarios/safe_generator_updates.py b/Backend/scenarios/safe_generator_updates.py similarity index 100% rename from scenarios/safe_generator_updates.py rename to Backend/scenarios/safe_generator_updates.py diff --git a/scenarios/safe_hec_sender.py b/Backend/scenarios/safe_hec_sender.py similarity index 100% rename from scenarios/safe_hec_sender.py rename to Backend/scenarios/safe_hec_sender.py diff --git a/scenarios/sample_breach_events.json b/Backend/scenarios/sample_breach_events.json similarity index 100% rename from scenarios/sample_breach_events.json rename to Backend/scenarios/sample_breach_events.json diff --git a/scenarios/scenario_hec_sender.py b/Backend/scenarios/scenario_hec_sender.py similarity index 55% rename from scenarios/scenario_hec_sender.py rename to Backend/scenarios/scenario_hec_sender.py index 2a723ba..766a8ed 100644 --- a/scenarios/scenario_hec_sender.py +++ b/Backend/scenarios/scenario_hec_sender.py @@ -11,9 +11,12 @@ import os import time import random +import argparse +import uuid import requests +import re from datetime import datetime, timezone -from typing import Dict, List +from typing import Dict, List, Optional # Import the existing hec_sender functionality from hec_sender import send_one @@ -54,8 +57,12 @@ def load_scenario(self, scenario_file: str) -> List[Dict]: print(f"📁 Loading scenario from: {scenario_file}") with open(scenario_file, 'r') as f: - events = json.load(f) - + data = json.load(f) + # Support either a plain list of events or an object with 'events' + if isinstance(data, dict) and 'events' in data: + events = data['events'] + else: + events = data print(f"📊 Loaded {len(events)} events") return events @@ -99,9 +106,9 @@ def send_scenario_events(self, events: List[Dict], try: # Handle timing if real_time and last_timestamp: - current_time = datetime.fromisoformat(event['timestamp'].replace('Z', '+00:00')) - last_time = datetime.fromisoformat(last_timestamp.replace('Z', '+00:00')) - time_diff = (current_time - last_time).total_seconds() + current_time = self._parse_timestamp(event.get('timestamp')) + last_time = self._parse_timestamp(last_timestamp) + time_diff = (current_time - last_time).total_seconds() if current_time and last_time else 0 # Apply speed multiplier adjusted_delay = time_diff / speed_multiplier @@ -157,43 +164,58 @@ def send_scenario_events(self, events: List[Dict], def _send_single_event(self, event: Dict, preserve_timestamp: bool = True) -> bool: """Send a single event to the appropriate HEC endpoint""" try: - platform = event.get('platform', 'unknown') - raw_event = event.get('raw_event', '{}') - - # Determine which product to use for this platform - if platform in self.platform_mapping: - products = self.platform_mapping[platform] - product = random.choice(products) # Randomly select from available products - else: - print(f"⚠️ Unknown platform: {platform}") + # Product is the generator/source identifier (e.g., okta_authentication) + product = event.get('source') or event.get('product') or 'unknown' + if product == 'unknown': + print("⚠️ Event missing 'source' field; skipping") return False - - # Get ATTR_FIELDS for this product + + # Build raw event body from 'event' field (dict -> JSON, str -> as-is) + payload = event.get('event', {}) + if isinstance(payload, dict): + raw_event = json.dumps(payload, separators=(',', ':')) + else: + raw_event = str(payload) + + # Build attributes attr_fields = self.product_attr_fields.get(product, {}) - - # Add scenario context to attr_fields + # Decide whether to include scenario.phase + env_tag_phase = os.getenv("S1_TAG_PHASE") + include_phase_tag = True if env_tag_phase is None else env_tag_phase not in ("0", "false", "False") enhanced_attr_fields = { **attr_fields, - "scenario.campaign_id": event.get('campaign_id', ''), - "scenario.phase": event.get('phase', ''), - "scenario.day": str(event.get('day', '')), - "scenario.platform": platform + "scenario.timestamp": event.get('timestamp', ''), } - - # If preserving timestamps and this is a JSON product, inject the timestamp into the event - if preserve_timestamp and event.get('timestamp') and product in self.product_attr_fields: + if include_phase_tag: + enhanced_attr_fields["scenario.phase"] = event.get('phase', '') + # Trace tagging via environment + env_tag_trace = os.getenv("S1_TAG_TRACE") + include_trace_tag = True if env_tag_trace is None else env_tag_trace not in ("0", "false", "False") + trace_id_env = os.getenv("S1_TRACE_ID") + if include_trace_tag and trace_id_env: + enhanced_attr_fields["scenario.trace_id"] = trace_id_env + + # Inject scenario timestamp into JSON payload for consistent downstream time handling + if preserve_timestamp and isinstance(payload, dict) and event.get('timestamp'): try: - # Parse the raw event JSON - event_data = json.loads(raw_event) - # Ensure the event has the original timestamp - event_data['_time'] = event['timestamp'] - raw_event = json.dumps(event_data, separators=(',', ':')) - except: - # If we can't parse/modify, just send as-is + payload_copy = dict(payload) + ts = event['timestamp'] + # Set _time to scenario timestamp for HEC/Splunk indexing + payload_copy.setdefault('_time', ts) + raw_event = json.dumps(payload_copy, separators=(',', ':')) + except Exception: pass - - # Send the event using existing hec_sender functionality - response = send_one(raw_event, product, enhanced_attr_fields) + + # Preserve original event time in HEC envelope if available + event_time_sec = None + ts = event.get('timestamp') + if ts: + dt = self._parse_timestamp(ts) + if dt: + event_time_sec = dt.timestamp() + + # Send via existing hec sender (passing event_time to set HEC envelope time) + send_one(raw_event, product, enhanced_attr_fields, event_time=event_time_sec) return True @@ -215,14 +237,14 @@ def analyze_scenario(self, events: List[Dict]) -> Dict: timestamps = [] for event in events: timestamp = event.get('timestamp') - platform = event.get('platform', 'unknown') + source = event.get('source', 'unknown') phase = event.get('phase', 'unknown') - + if timestamp: timestamps.append(timestamp) - - # Count by platform - analysis["platforms"][platform] = analysis["platforms"].get(platform, 0) + 1 + + # Count by platform (use source as proxy) + analysis["platforms"][source] = analysis["platforms"].get(source, 0) + 1 # Count by phase analysis["phases"][phase] = analysis["phases"].get(phase, 0) + 1 @@ -245,107 +267,177 @@ def analyze_scenario(self, events: List[Dict]) -> Dict: return analysis + def _parse_timestamp(self, ts: str) -> Optional[datetime]: + """Parse various ISO8601-like timestamp formats into a timezone-aware datetime. + Returns None if parsing fails. + """ + if not ts: + return None + s = str(ts).strip() + try: + # Normalize space separator to 'T' + if ' ' in s and 'T' not in s: + s = s.replace(' ', 'T') + # Normalize Zulu designator + if s.endswith('Z'): + s = s[:-1] + '+00:00' + # Add missing colon in timezone offset (e.g., +0000 -> +00:00) + if re.search(r"[+-]\d{4}$", s): + s = s[:-5] + s[-5:-2] + ':' + s[-2:] + # If no timezone provided, assume UTC + if re.match(r"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?$", s): + s = s + '+00:00' + return datetime.fromisoformat(s) + except Exception: + # Best-effort strptime fallbacks + fmts = [ + '%Y-%m-%dT%H:%M:%S%z', + '%Y-%m-%dT%H:%M:%S.%f%z', + '%Y-%m-%d %H:%M:%S%z', + '%Y-%m-%d %H:%M:%S.%f%z', + '%Y-%m-%dT%H:%M:%S', + '%Y-%m-%dT%H:%M:%S.%f', + ] + for fmt in fmts: + try: + dt = datetime.strptime(s, fmt) + # Assume UTC if naive + if dt.tzinfo is None: + return dt.replace(tzinfo=timezone.utc) + return dt + except Exception: + continue + return None + def main(): """Main execution function""" print("📡 SCENARIO HEC SENDER") print("Send attack scenario events to SentinelOne AI-SIEM") print("=" * 50) - + + parser = argparse.ArgumentParser(description="Replay scenario events to HEC") + parser.add_argument("--scenario", help="Path to scenario JSON file") + parser.add_argument("--auto", action="store_true", help="Run non-interactively with sane defaults") + parser.add_argument("--preserve-timestamps", action="store_true", help="Preserve original timestamps") + parser.add_argument("--real-time", action="store_true", help="Respect original event timing for replay") + parser.add_argument("--speed", type=float, default=1.0, help="Speed multiplier for real-time mode") + parser.add_argument("--delay", type=float, default=0.0, help="Delay between events (non real-time mode)") + parser.add_argument("--no-phase-tag", action="store_true", help="Disable adding scenario.phase attribute field") + parser.add_argument("--trace-id", help="Attach this trace ID (GUID) to every event as scenario.trace_id") + args = parser.parse_args() + # Initialize sender try: sender = ScenarioHECSender() except RuntimeError as e: print(f"❌ Configuration error: {e}") return - - # Get scenario file - scenario_file = input("Enter scenario JSON file path: ").strip() - if not scenario_file: - print("❌ No file specified") - return - + + # Determine scenario file + if args.scenario: + scenario_file = args.scenario + else: + scenario_file = input("Enter scenario JSON file path: ").strip() + if not scenario_file: + print("❌ No file specified") + return + if not os.path.exists(scenario_file): print(f"❌ File not found: {scenario_file}") return - + # Load and analyze scenario events = sender.load_scenario(scenario_file) analysis = sender.analyze_scenario(events) - + print(f"\n📊 SCENARIO ANALYSIS") print(f" Total Events: {analysis['total_events']}") print(f" Date Range: {analysis['date_range'].get('start', 'N/A')} to {analysis['date_range'].get('end', 'N/A')}") print(f" Platforms: {', '.join(analysis['platforms'].keys())}") print(f" Attack Phases: {len(analysis['phases'])}") - - print(f"\n📈 Timeline:") - for phase_info in analysis["timeline"]: - print(f" {phase_info['phase'].title()}: {phase_info['event_count']} events") - - # Configuration options + print(f"\n⚙️ TRANSMISSION OPTIONS") - - # Check if events are historical (in the past) - first_event_time = datetime.fromisoformat(events[0]['timestamp'].replace('Z', '+00:00')) - is_historical = first_event_time < datetime.now(timezone.utc) - - if is_historical: - print(f"📅 Historical data detected (events from {analysis['date_range'].get('start', 'N/A')})") - preserve_timestamps = input("Preserve original timestamps? (Y/n): ").lower() != 'n' - else: - preserve_timestamps = True - - real_time = input("Respect original event timing for replay? (y/N): ").lower().startswith('y') - - if real_time: - speed_multiplier = float(input("Speed multiplier (1.0 = normal, 2.0 = 2x faster): ") or "1.0") + + # Determine whether to include scenario.phase tag + env_tag_phase = os.getenv("S1_TAG_PHASE") + include_phase_tag = True + if env_tag_phase is not None: + include_phase_tag = env_tag_phase not in ("0", "false", "False") + if args.no_phase_tag: + include_phase_tag = False + + # Trace ID handling (env or CLI). Default: enabled and generate if not provided + env_tag_trace = os.getenv("S1_TAG_TRACE") + include_trace_tag = True if env_tag_trace is None else env_tag_trace not in ("0", "false", "False") + trace_id = args.trace_id or os.getenv("S1_TRACE_ID") + if include_trace_tag and not trace_id: + trace_id = str(uuid.uuid4()) + if include_trace_tag: + print(f"🧵 Trace ID: {trace_id}") + + if args.auto: + preserve_timestamps = args.preserve_timestamps or True + real_time = args.real_time or False + speed_multiplier = args.speed + delay = args.delay else: - speed_multiplier = 1.0 - delay = float(input("Delay between events in seconds (default 0.1): ") or "0.1") - - # Confirm transmission - print(f"\n🚨 Ready to transmit {len(events)} events to HEC") - if not input("Continue? (y/N): ").lower().startswith('y'): - print("❌ Transmission cancelled") - return - + # Interactive prompts + first_event_time = sender._parse_timestamp(events[0].get('timestamp')) + is_historical = (first_event_time or datetime.now(timezone.utc)) < datetime.now(timezone.utc) + if is_historical: + print(f"📅 Historical data detected (events from {analysis['date_range'].get('start', 'N/A')})") + preserve_timestamps = input("Preserve original timestamps? (Y/n): ").lower() != 'n' + else: + preserve_timestamps = True + real_time = input("Respect original event timing for replay? (y/N): ").lower().startswith('y') + if real_time: + speed_multiplier = float(input("Speed multiplier (1.0 = normal, 2.0 = 2x faster): ") or "1.0") + delay = 0.0 + else: + speed_multiplier = 1.0 + delay = float(input("Delay between events in seconds (default 0.1): ") or "0.1") + + print(f"\n🚨 Ready to transmit {len(events)} events to HEC") + if not input("Continue? (y/N): ").lower().startswith('y'): + print("❌ Transmission cancelled") + return + # Send events if real_time: results = sender.send_scenario_events( - events, - real_time=True, + events, + real_time=True, speed_multiplier=speed_multiplier, preserve_timestamps=preserve_timestamps ) else: results = sender.send_scenario_events( - events, + events, real_time=False, preserve_timestamps=preserve_timestamps ) - # Add artificial delay between events if specified - if 'delay' in locals(): + if delay and delay > 0: time.sleep(delay) - + # Results summary print(f"\n📋 TRANSMISSION RESULTS") print(f" Total Events: {results['total_events']}") print(f" Successful: {results['successful']}") print(f" Failed: {results['failed']}") print(f" Success Rate: {results['successful']/results['total_events']*100:.1f}%") - + print(f"\n📊 By Platform:") for platform, stats in results["by_platform"].items(): total = stats["successful"] + stats["failed"] success_rate = stats["successful"] / total * 100 if total > 0 else 0 print(f" {platform}: {stats['successful']}/{total} ({success_rate:.1f}%)") - + if results["errors"]: print(f"\n❌ Errors ({len(results['errors'])}):") - for error in results["errors"][:5]: # Show first 5 errors + for error in results["errors"][:5]: print(f" Event {error['event_index']}: {error['error']}") if len(results["errors"]) > 5: - print(f" ... and {len(results['errors']) - 5} more errors") + print(f" ... and {len(results['errors'])} more errors") if __name__ == "__main__": main() \ No newline at end of file diff --git a/scenarios/showcase_attack_scenario.py b/Backend/scenarios/showcase_attack_scenario.py similarity index 95% rename from scenarios/showcase_attack_scenario.py rename to Backend/scenarios/showcase_attack_scenario.py index e123b62..abc15c9 100644 --- a/scenarios/showcase_attack_scenario.py +++ b/Backend/scenarios/showcase_attack_scenario.py @@ -278,10 +278,21 @@ def generate_showcase_attack_scenario(): def save_scenario(scenario, filename="showcase_attack_scenario.json"): """Save scenario to file""" - with open(filename, 'w') as f: + # Use /app/data directory which is writable in the container + data_dir = "/app/data" + if not os.path.exists(data_dir): + # Fallback to current directory if /app/data doesn't exist (local dev) + data_dir = "." + + filepath = os.path.join(data_dir, filename) + + # Ensure the directory exists + os.makedirs(os.path.dirname(filepath) if os.path.dirname(filepath) else data_dir, exist_ok=True) + + with open(filepath, 'w') as f: json.dump(scenario, f, indent=2, default=str) - print(f"\n📁 Scenario saved to: {filename}") - return filename + print(f"\n📁 Scenario saved to: {filepath}") + return filepath if __name__ == "__main__": print("🏢 ENTERPRISE SHOWCASE ATTACK SCENARIO GENERATOR") diff --git a/scenarios/showcase_scenario_sender.py b/Backend/scenarios/showcase_scenario_sender.py similarity index 68% rename from scenarios/showcase_scenario_sender.py rename to Backend/scenarios/showcase_scenario_sender.py index 94d7275..f924f08 100644 --- a/scenarios/showcase_scenario_sender.py +++ b/Backend/scenarios/showcase_scenario_sender.py @@ -13,6 +13,8 @@ import requests import time from datetime import datetime, timezone +from concurrent.futures import ThreadPoolExecutor, as_completed +import threading from showcase_attack_scenario import generate_showcase_attack_scenario from env_loader import load_env_if_present @@ -71,6 +73,9 @@ def send_to_hec(event_data, source): def send_showcase_scenario(): """Send the showcase attack scenario""" + # Get worker count from environment (set by frontend) + worker_count = int(os.getenv('S1_HEC_WORKERS', '10')) + print("🚀 ENTERPRISE SHOWCASE ATTACK SCENARIO SENDER") print("=" * 80) @@ -82,36 +87,64 @@ def send_showcase_scenario(): print(f"\n🎯 SENDING {len(events)} EVENTS TO SENTINELONE AI-SIEM") print(f"📊 Demonstrating correlation across {len(scenario['data_sources'])} data sources") print(f"🔥 {len(scenario['attack_phases'])} attack phases") + print(f"⚡ Using {worker_count} parallel workers for high-speed transmission") print("=" * 80) - # Phase tracking + # Phase tracking (thread-safe) phase_counts = {} + phase_lock = threading.Lock() success_count = 0 + success_lock = threading.Lock() + start_time = time.time() - # Send events - for i, event_entry in enumerate(events, 1): + def send_event_worker(i, event_entry): + """Worker function to send a single event""" + nonlocal success_count source = event_entry["source"] phase = event_entry["phase"] event_data = event_entry["event"] - # Track phases - if phase not in phase_counts: - phase_counts[phase] = 0 - phase_counts[phase] += 1 - - # Display progress - print(f"[{i:2d}/{len(events)}] {source:25s} ({phase:15s}) → ", end="", flush=True) + # Track phases (thread-safe) + with phase_lock: + if phase not in phase_counts: + phase_counts[phase] = 0 + phase_counts[phase] += 1 # Send event success = send_to_hec(event_data, source) + if success: - print("✅") - success_count += 1 - else: - print("❌") + with success_lock: + success_count += 1 + + return (i, source, phase, success) + + # Send events in parallel using ThreadPoolExecutor + print(f"\n📤 Transmitting events with {worker_count} parallel workers...\n") + + with ThreadPoolExecutor(max_workers=worker_count) as executor: + # Submit all events + futures = {executor.submit(send_event_worker, i, event): i + for i, event in enumerate(events, 1)} + + completed = 0 + last_update = time.time() - # Brief pause for realistic timing - time.sleep(0.3) + # Process completed events + for future in as_completed(futures): + completed += 1 + i, source, phase, success = future.result() + + # Show progress every second or every 50 events + if time.time() - last_update > 1.0 or completed % 50 == 0 or completed == len(events): + elapsed = time.time() - start_time + eps = completed / elapsed if elapsed > 0 else 0 + progress_pct = (completed / len(events)) * 100 + + status = "✅" if success else "❌" + print(f"[{completed:3d}/{len(events)}] {progress_pct:5.1f}% | " + f"EPS: {eps:6.1f} | Success: {success_count}/{completed} {status}") + last_update = time.time() # Summary print("\n" + "=" * 80) diff --git a/Backend/scenarios/star_trek_integration_results.json b/Backend/scenarios/star_trek_integration_results.json new file mode 100644 index 0000000..924b5c9 --- /dev/null +++ b/Backend/scenarios/star_trek_integration_results.json @@ -0,0 +1,72 @@ +[ + { + "generator": "aws_route53", + "category": "cloud_infrastructure", + "format_correct": true, + "star_trek_integrated": false, + "recent_timestamp": true, + "override_support": false, + "sample_output": "{'timestamp': '2025-10-15T21:05:48Z', 'source': 'Route53', 'queryName': 'stackoverflow.com', 'queryType': 'SRV', 'clientIp': '7.8.91.21', 'edgeLocation': 'SEA19-P4', 'responseCode': 'REFUSED', 'resolverEndpointId': 'rslvr-endpt-2471', 'version': '1.0', 'account': '123456789012', 'region': 'us-east-1', '_raw': '2025-10-15T21:05:48Z Route53 queryName=\"stackoverflow.com\" queryType=\"SRV\" clientIp=\"7.8.91.21\" edgeLocation=\"SEA19-P4\" responseCode=\"REFUSED\" resolverEndpointId=\"rslvr-endpt-2471\"'}", + "errors": [] + }, + { + "generator": "aws_vpc_dns", + "category": "cloud_infrastructure", + "format_correct": true, + "star_trek_integrated": true, + "recent_timestamp": false, + "override_support": false, + "sample_output": "{'version': '1.100000', 'account_id': '301523843766', 'interface_id': 'eni-04b0e344', 'srcaddr': '10.171.247.227', 'dstaddr': '169.254.169.253', 'srcport': 60030, 'dstport': 53, 'protocol': 17, 'packets': 1, 'bytes': 277, 'windowstart': 1760544648, 'windowend': 1760544708, 'action': 'ACCEPT', 'flowlogstatus': 'OK', 'query_name': 'cloudflare.com', 'query_type': 'SOA', 'query_class': 'IN', 'rcode': 'REFUSED', 'rdata': '', 'answers': 0, 'transport': 'UDP', 'vpc_id': 'vpc-04a14175', 'subnet_id': 'su", + "errors": [] + }, + { + "generator": "microsoft_365_collaboration", + "category": "identity_access", + "format_correct": true, + "star_trek_integrated": true, + "recent_timestamp": true, + "override_support": true, + "sample_output": "{'TimeStamp': '2025-10-15T21:05:48Z', 'UserId': 'leonard.mccoy@starfleet.corp', 'Operation': 'AccessRequestCreated', 'SiteUrl': 'https://starfleet-my.sharepoint.com/sites/Medical', 'ObjectId': '/Command/WarpCoreSpecs.txt', 'FileName': 'WarpCoreSpecs.txt', 'Details': 'User leonard.mccoy@starfleet.corp accessrequestcreated for WarpCoreSpecs.txt', 'UserAgent': 'Microsoft Office/16.0 (Microsoft OneDrive for Business)', 'ClientIP': '211.239.75.217', 'Workload': 'SharePoint', 'RecordType': 25, 'Versio", + "errors": [] + }, + { + "generator": "microsoft_365_defender", + "category": "identity_access", + "format_correct": true, + "star_trek_integrated": true, + "recent_timestamp": true, + "override_support": true, + "sample_output": "{'Timestamp': '2025-10-15T21:08:48Z', 'DeviceName': 'ENTERPRISE-BRIDGE-01', 'DeviceId': '000D0E2C01100842', 'AccountName': 'william.riker', 'AccountDomain': 'NT AUTHORITY', 'ActionType': 'MalwareDetected', 'FileName': 'borg-malware.exe', 'FolderPath': 'C:\\\\Users\\\\picard\\\\Downloads', 'SHA1': '222ec011fd01b88e7f0a7928c3891244bd5a8e4e', 'MD5': '671f9e766fbcb1bd084bd68cf98337b8', 'DetectionId': 'Trojan:Romulan/Cloak', 'AdditionalFields': {'ThreatName': 'Ransomware:Orion/Cryptor', 'Severity': 'Critic", + "errors": [] + }, + { + "generator": "cisco_duo", + "category": "network_security", + "format_correct": true, + "star_trek_integrated": true, + "recent_timestamp": true, + "override_support": false, + "sample_output": "{'timestamp': '2025-10-15T21:10:48Z', 'time': 1760562648267, 'class_uid': 3002, 'class_name': 'Authentication', 'category_uid': 3, 'category_name': 'Identity & Access Management', 'activity_id': 1, 'activity_name': 'Logon', 'type_uid': 300201, 'severity_id': 1, 'status_id': 1, 'user': {'name': 'spock.science', 'account_uid': 'spock.science', 'account_type': 'User'}, 'src_endpoint': {'ip': '192.0.2.160', 'location': {'desc': 'Seattle, US', 'city': 'Seattle', 'country': 'US'}}, 'auth_protocol': 't", + "errors": [] + }, + { + "generator": "cisco_fmc", + "category": "network_security", + "format_correct": true, + "star_trek_integrated": true, + "recent_timestamp": true, + "override_support": true, + "sample_output": "{'timestamp': '2025-10-15T21:06:48.268418+00:00', 'event_id': 1632220, 'event_type': 'Malware', 'event_subtype': 'MALWARE_EVENT', 'severity': 'Critical', 'action': 'Log', 'device_name': 'ENTERPRISE-FTD-MEDICAL-5', 'device_ip': '161.89.7.179', 'policy_name': 'StarfleetSecurityPolicy_4', 'rule_name': 'Directive_12', 'source_ip': '161.12.20.206', 'destination_ip': '42.143.105.202', 'source_port': 57815, 'destination_port': 443, 'protocol': 'TCP', 'source_country': 'DE', 'destination_country': 'GB',", + "errors": [] + }, + { + "generator": "google_workspace", + "category": "cloud_infrastructure", + "format_correct": true, + "star_trek_integrated": true, + "recent_timestamp": false, + "override_support": false, + "sample_output": "{'kind': 'admin#reports#activity', 'id': {'time': '2025-10-15T21:08:48.270121+00:00', 'uniqueQualifier': '7485549804461701462', 'applicationName': 'drive', 'customerId': 'C01NCC1701'}, 'etag': '\"1fa95401c5e444e7bd2cdc2a1881e9bb\"', 'actor': {'email': 'beverly.crusher@starfleet.corp', 'profileId': '174955900966384141'}, 'ipAddress': '37.62.67.73', 'events': [{'type': 'access', 'name': 'view', 'parameters': [{'name': 'doc_id', 'value': 'ebeb0859409847a5a099b359c6d9fa27'}, {'name': 'doc_title', 'val", + "errors": [] + } +] \ No newline at end of file diff --git a/utilities/README.md b/Backend/utilities/README.md similarity index 100% rename from utilities/README.md rename to Backend/utilities/README.md diff --git a/utilities/continuous_senders/continuous_data_sender.py b/Backend/utilities/continuous_senders/continuous_data_sender.py similarity index 100% rename from utilities/continuous_senders/continuous_data_sender.py rename to Backend/utilities/continuous_senders/continuous_data_sender.py diff --git a/utilities/continuous_senders/continuous_data_sender_v2.py b/Backend/utilities/continuous_senders/continuous_data_sender_v2.py similarity index 100% rename from utilities/continuous_senders/continuous_data_sender_v2.py rename to Backend/utilities/continuous_senders/continuous_data_sender_v2.py diff --git a/utilities/create_sentinelone_parsers.py b/Backend/utilities/create_sentinelone_parsers.py similarity index 100% rename from utilities/create_sentinelone_parsers.py rename to Backend/utilities/create_sentinelone_parsers.py diff --git a/utilities/download_parsers_authenticated.py b/Backend/utilities/download_parsers_authenticated.py similarity index 100% rename from utilities/download_parsers_authenticated.py rename to Backend/utilities/download_parsers_authenticated.py diff --git a/utilities/download_parsers_simple.py b/Backend/utilities/download_parsers_simple.py similarity index 100% rename from utilities/download_parsers_simple.py rename to Backend/utilities/download_parsers_simple.py diff --git a/utilities/download_sentinelone_parsers.py b/Backend/utilities/download_sentinelone_parsers.py similarity index 100% rename from utilities/download_sentinelone_parsers.py rename to Backend/utilities/download_sentinelone_parsers.py diff --git a/utilities/official_parser_mapping.json b/Backend/utilities/official_parser_mapping.json similarity index 100% rename from utilities/official_parser_mapping.json rename to Backend/utilities/official_parser_mapping.json diff --git a/utilities/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf b/Backend/utilities/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf similarity index 100% rename from utilities/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf rename to Backend/utilities/parsers/community_new/abnormal_security_logs-latest/abnormal_security_logs.conf diff --git a/utilities/parsers/community_new/abnormal_security_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/abnormal_security_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/abnormal_security_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/abnormal_security_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf b/Backend/utilities/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf similarity index 100% rename from utilities/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf rename to Backend/utilities/parsers/community_new/agent_metrics_logs-latest/agent_metrics.conf diff --git a/utilities/parsers/community_new/agent_metrics_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/agent_metrics_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/agent_metrics_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/agent_metrics_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/.gitignore b/Backend/utilities/parsers/community_new/ai-siem-main/.gitignore similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/.gitignore rename to Backend/utilities/parsers/community_new/ai-siem-main/.gitignore diff --git a/utilities/parsers/community_new/ai-siem-main/LICENSE b/Backend/utilities/parsers/community_new/ai-siem-main/LICENSE similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/LICENSE rename to Backend/utilities/parsers/community_new/ai-siem-main/LICENSE diff --git a/utilities/parsers/community_new/ai-siem-main/README.md b/Backend/utilities/parsers/community_new/ai-siem-main/README.md similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/README.md rename to Backend/utilities/parsers/community_new/ai-siem-main/README.md diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/audit.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/audit.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/audit.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/audit.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/aws.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/aws.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/aws.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/aws.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/palo.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/palo.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/palo.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo-latest/palo.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/system.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/system.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/system.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/system-latest/system.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/windows.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/windows.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/windows.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-latest/windows.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json b/Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json rename to Backend/utilities/parsers/community_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf b/Backend/utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf similarity index 98% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf index 766bf79..283d962 100644 --- a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf +++ b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf @@ -51,7 +51,7 @@ {inputs: ["resp_ip_bytes"], output: "unmapped.resp_ip_bytes", type: "string"} {inputs: ["tunnel_parents"], output: "unmapped.tunnel_parents", type: "string"} {inputs: ["orig_l2_addr"], output: "src_endpoint.mac", type: "string"} - {inputs: ["resp_l2_addr"], output: "dst_endpiont.mac", type: "string"} + {inputs: ["resp_l2_addr"], output: "dst_endpoint.mac", type: "string"} {inputs: ["vlan"], output: "dst_endpoint.vlan_uid", type: "string"} {inputs: ["inner_vlan"], output: "src_endpoint.vlan_uid", type: "string"} ], diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/workflows/community/metadata.yaml b/Backend/utilities/parsers/community_new/ai-siem-main/workflows/community/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/workflows/community/metadata.yaml rename to Backend/utilities/parsers/community_new/ai-siem-main/workflows/community/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/workflows/community/virus_total_enrichment.json b/Backend/utilities/parsers/community_new/ai-siem-main/workflows/community/virus_total_enrichment.json similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/workflows/community/virus_total_enrichment.json rename to Backend/utilities/parsers/community_new/ai-siem-main/workflows/community/virus_total_enrichment.json diff --git a/utilities/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf b/Backend/utilities/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf similarity index 100% rename from utilities/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf rename to Backend/utilities/parsers/community_new/akamai_cdn-latest/akamai_cdn.conf diff --git a/utilities/parsers/community_new/akamai_cdn-latest/metadata.yaml b/Backend/utilities/parsers/community_new/akamai_cdn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/akamai_cdn-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/akamai_cdn-latest/metadata.yaml diff --git a/utilities/parsers/community_new/akamai_dns-latest/akamai_dns.conf b/Backend/utilities/parsers/community_new/akamai_dns-latest/akamai_dns.conf similarity index 100% rename from utilities/parsers/community_new/akamai_dns-latest/akamai_dns.conf rename to Backend/utilities/parsers/community_new/akamai_dns-latest/akamai_dns.conf diff --git a/utilities/parsers/community_new/akamai_dns-latest/metadata.yaml b/Backend/utilities/parsers/community_new/akamai_dns-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/akamai_dns-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/akamai_dns-latest/metadata.yaml diff --git a/utilities/parsers/community_new/akamai_general-latest/akamai_general.conf b/Backend/utilities/parsers/community_new/akamai_general-latest/akamai_general.conf similarity index 100% rename from utilities/parsers/community_new/akamai_general-latest/akamai_general.conf rename to Backend/utilities/parsers/community_new/akamai_general-latest/akamai_general.conf diff --git a/utilities/parsers/community_new/akamai_general-latest/metadata.yaml b/Backend/utilities/parsers/community_new/akamai_general-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/akamai_general-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/akamai_general-latest/metadata.yaml diff --git a/utilities/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf b/Backend/utilities/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf similarity index 100% rename from utilities/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf rename to Backend/utilities/parsers/community_new/akamai_sitedefender-latest/akamai_sitedefender.conf diff --git a/utilities/parsers/community_new/akamai_sitedefender-latest/metadata.yaml b/Backend/utilities/parsers/community_new/akamai_sitedefender-latest/metadata.yaml similarity index 100% rename from utilities/parsers/community_new/akamai_sitedefender-latest/metadata.yaml rename to Backend/utilities/parsers/community_new/akamai_sitedefender-latest/metadata.yaml diff --git a/utilities/parsers/parser_inventory.json b/Backend/utilities/parsers/parser_inventory.json similarity index 100% rename from utilities/parsers/parser_inventory.json rename to Backend/utilities/parsers/parser_inventory.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/.gitignore b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/.gitignore similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/.gitignore rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/.gitignore diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/LICENSE b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/LICENSE similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/LICENSE rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/LICENSE diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/README.md b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/README.md similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/README.md rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/README.md diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/Azure-Active-Directory-MSFT-Entra.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Azure-Active-Directory-MSFT-Entra-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/Fortigagte-Firewall-Dashboard.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Fortigagte-Firewall-Dashboard-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/IaCScanning.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/IaCScanning-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/M365-dashboard.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/M365-dashboard-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/Network-Security-dashboard.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Network-Security-dashboard-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/PurpleAI-monitor.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/PurpleAI-monitor-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/S1-EDR-dashboard.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/S1-EDR-dashboard-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/Sentinelone-DV.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Sentinelone-DV-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/Threat-Investigation.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/Threat-Investigation-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/XDR-Host-Investigation.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/XDR-Host-Investigation-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/aad_ocsf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aad_ocsf-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/audit.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/audit.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/audit.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/audit.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/audit-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/aws.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/aws.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/aws.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/aws.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/aws-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/axonius.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/axonius-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/azure-ad.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/azure-ad-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/cloudflare.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/cloudflare_waf.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/cloudflare_waf-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/corelight.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/corelight-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/dhcp.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/dhcp-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/docker-container.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/docker-container-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/endpoints.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/endpoints-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/fastly.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fastly-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/firewall-generic.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/firewall-generic-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/fortinet_fortigate.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/fortinet_fortigate-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/impossible-traveler.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/impossible-traveler-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/k8s-events.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-events-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/k8s-explorer.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-explorer-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/k8s-log-volume.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-log-volume-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/k8s-metric.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-metric-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/k8s-workload.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/k8s-workload-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/log-volume-aisiem.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-aisiem-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/log-volume-by-datasources.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-by-datasources-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/log-volume.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/log-volume-xdr.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log-volume-xdr-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/log4shell.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/log4shell-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/logVolume.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/logVolume-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/master-log-volume.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/master-log-volume-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft-latest/microsoft.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_365_dashboard-v1.0/microsoft_365_dashboard-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_azure_ad_ocsf-v1.0/microsoft_azure_ad_ocsf-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/microsoft_entra_id-v1.0/microsoft_entra_id-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/minecraft-latest/minecraft.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/netskope-latest/netskope.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events-v1.0/okta_identity_events-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_identity_events_s1demo-v1.0/okta_identity_events_s1demo.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_insights-latest/okta_insights.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/okta_xdr-latest/okta_xdr.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/packet_capture-latest/packet_capture.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/palo.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/palo.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/palo.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo-latest/palo.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf-latest/palo_firewall_ocsf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/palo_firewall_ocsf_tabbed-latest/palo_firewall_ocsf_tabbed.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/parameter_examples-v1.0/parameter_examples-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/pcap-latest/pcap.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/s1-activity-latest/s1-activity.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/salesforce-latest/salesforce.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-agent-monitor-latest/scalyr-agent-monitor.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/scalyr-audit-latest/scalyr-audit.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dashboard-v1.0/sentinelone_edr_dashboard-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_edr_dv_analysis-v1.0/sentinelone_edr_dv_analysis-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_purple_ai_monitor-v1.0/sentinelone_purple_ai_monitor-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_host_investigation-v1.0/sentinelone_xdr_host_investigation-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sentinelone_xdr_threat_investigation-v1.0/sentinelone_xdr_threat_investigation-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/skylight-inspector-latest/skylight-inspector.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sofos_firewall_network_security-v1.0/sofos_firewall_network_security-v1.0.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-compliance-latest/sonicwall-compliance.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/sonicwall-latest/sonicwall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/system.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/system.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/system.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/system-latest/system.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale-latest/tailscale.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/tailscale_overview-latest/tailscale_overview.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/traffic-latest/traffic.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/vpn-latest/vpn.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webSecurity-latest/webSecurity.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/webserver-latest/webserver.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/windows.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/windows.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/windows.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-latest/windows.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows-system-metrics-latest/windows-system-metrics.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/windows_event_logs-latest/windows_event_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-alt-latest/zscaler-alt.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler-latest/zscaler.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/dashboards/community/zscaler_internet_access_zia-latest/zscaler_internet_access_zia.json diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/AzureAD-Entra-alerts.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/AzureAD-Entra-alerts-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/O365-alerts.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/O365-alerts-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/fortinet_fortigate_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/fortinet_fortigate_firewall-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/hello-world-elevated-error-rate.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/hello-world-elevated-error-rate-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/sql-security-latest/sql-security.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/volume_alerts_marketplace-latest/volume_alerts_marketplace.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/xsoar_trigger-latest/xsoar_trigger.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/detections/community/zscaler_http_access-latest/zscaler_http_access.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/abnormal_security_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/abnormal_security_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/agent_metrics.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/agent_metrics_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/akamai_cdn.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_cdn-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/akamai_dns.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_dns-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/akamai_general.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_general-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/akamai_sitedefender.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/akamai_sitedefender-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/apache_http_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/apache_http_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/armis_armis_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/armis_armis_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/aruba_clearpass_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aruba_clearpass_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/aws_cloudwatch.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_cloudwatch_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/aws_elasticloadbalancer_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_elasticloadbalancer_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/aws_guardduty_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_guardduty_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/aws_route53.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_route53-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/aws_vpc_dns.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_vpc_dns_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/aws_waf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/aws_waf-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/axonius_asset.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axonius_asset_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/axway_sftp.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/axway_sftp-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/azure.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/azure_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/beyondtrust_passwordsafe_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_passwordsafe_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/beyondtrust_privilegemgmtwindows_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/beyondtrust_privilegemgmtwindows_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/buildkite.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/buildkite_ci_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/cisco_asa.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_asa_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/cisco_combo.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_combo_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/cisco_duo.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_duo-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/cisco_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_firewall-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/cisco_fmc_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_fmc_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/cisco_ios_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ios_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/cisco_ironport.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ironport-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/cisco_isa3000_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_isa3000_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/cisco_ise_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_ise_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/cisco.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/cisco_meraki.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/cisco_meraki_flow_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_flow_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/cisco_meraki.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_meraki_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/cisco_networks_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/cisco_umbrella.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/cisco_umbrella.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cisco_umbrella_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/citrix_netscaler.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/citrix_netscaler_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/cloudflare.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_general_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/cloudflare_waf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_inc_waf-lastest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/cloudflare.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/cloudflare_waf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cloudflare_waf_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/cohesity_backup.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cohesity_backup-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/confluent_kafka.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/confluent_kafka_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/crowdstrike_endpoint.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_endpoint-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/crowdstrike.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/crowdstrike_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/cyberark_conjur.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_conjur-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/cyberark_pas_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/cyberark_pas_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/darktrace_darktrace_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/darktrace_darktrace_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/dhcp.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dhcp_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/dns_general.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_general_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/dns_ocsf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/dns_ocsf_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/extrahop_extrahop_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extrahop_extrahop_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/extreme_networks_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/extreme_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/f5_networks_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/f5_vpn.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/f5_vpn-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/forcepoint_forcepoint_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/forcepoint_forcepoint_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/fortigate.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortigate_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/fortimanager.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortimanager_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/fortinet_fortigate_candidate.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_fortigate_candidate_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/fortinet.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/fortinet_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/generic_access.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/generic_access_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/github_audit.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/github_audit-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/gcp_dns.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_cloud_dns_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/google_workspace_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/google_workspace_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/haproxy_loadbalancer.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/haproxy_loadbalancer_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/harness_ci.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/harness_ci-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/hashicorp_hcp_vault_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hashicorp_hcp_vault_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/hypr_auth.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/hypr_auth-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/iis_w3c.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/iis_w3c-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/imperva_sonar.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_sonar-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/Imperva_waf.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/imperva_waf_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/incapsula_incapsula_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/incapsula_incapsula_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/inngate_gateway.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/inngate_gateway_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/isc_bind.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_bind-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/isc_dhcp.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/isc_dhcp-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/jamf_protect.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jamf_protect-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/jruby_application.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/jruby_application_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/json_generic.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_generic_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/json_nested_kv.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/json_nested_kv_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/juniper.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/juniper_networks_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/juniper_networks_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/leef_template.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/leef_template_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/linux_auth.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_auth-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/linux_system.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/linux_system_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/log4shell_detection.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/log4shell_detection_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/mail_server.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mail_server_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/managedengine_ad_audit_plus.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/managedengine_ad_audit_plus-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/manageengine_adauditplus_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_adauditplus_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/manageengine_general_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manageengine_general_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/manch_siem_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/manch_siem_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/meraki.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/meraki_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microservice_tracing_logs-latest/microservice_tracing.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_collaboration-latest/microsoft_365_collaboration.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_defender-latest/microsoft_365_defender.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_365_mgmt_api_logs-latest/microsoft_365_mgmt_api_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_activedirectory_logs-latest/microsoft_activedirectory.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_azure_ad_logs-latest/microsoft_azure_ad_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_azure_signin_logs-latest/microsoft_eventhub_azure_signin_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_email_logs-latest/microsoft_eventhub_defender_email_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_eventhub_defender_emailforcloud_logs-latest/microsoft_eventhub_defender_emailforcloud_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/1102-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4624-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4625-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4720-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/4728-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/microsoft_windows_eventlog-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/mimecast_mimecast_logs-latest/mimecast_mimecast_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_logshipper_logs-latest/netskope_logshipper_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/netskope_netskope_logs-latest/netskope_netskope_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_error_logs-latest/nginx_error.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/nginx_kvlog_logs-latest/nginx_kvlog.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_logs-latest/okta.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/okta_ocsf_logs-latest/okta_ocsf_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_alternate_logs-latest/paloalto_alternate_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_logs-latest/paloalto.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/paloalto_vpn_logs-latest/paloalto_vpn.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pfsense_firewall_logs-latest/pfsense_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingfederate-latest/pingfederate.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingone_mfa-latest/pingone_mfa.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/pingprotect-latest/pingprotect.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_logs-latest/proofpoint.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/proofpoint_proofpoint_logs-latest/proofpoint_proofpoint_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rsa_adaptive-latest/rsa_adaptive.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/rubrik_backup_logs-latest/rubrik_backup.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sample_test_logs-latest/sample_test.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sap_logs-latest/sap_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/securelink_logs-latest/securelink_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/singularityidentity_singularityidentity_logs-latest/singularityidentity_singularityidentity_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sonicwall_firewall_logs-latest/sonicwall_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/spam_detection_logs-latest/spam_detection.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/sql_database_logs-latest/sql_database.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/squid_proxy_logs-latest/squid_proxy.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/syslog_space_delimited_logs-latest/syslog_space_delimited.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/tailscale_tailscale_logs-latest/tailscale_tailscale_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/teleport_logs-latest/teleport.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ubiquiti_unifi_logs-latest/ubiquiti_unifi_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/ufw_firewall_logs-latest/ufw_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vcenter_logs-latest/vcenter.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vectra_ai_logs-latest/vectra_ai_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/veeam_backup-latest/veeam_backup.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vmware_vcenter_logs-latest/vmware_vcenter_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/vpc_logs-latest/vpc.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/watchguard_firewall_logs-latest/watchguard_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/1102-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4624-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4625-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4720-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/4728-v0.1 diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_EventLog-pipeParseCommands-v0.1/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_dhcp_logs-latest/windows_dhcp_logs.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/windows_event_log_logs-latest/windows_event_log.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud-latest/wiz_cloud.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/wiz_cloud_security_logs-latest/wiz_cloud_security.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_dns_firewall-latest/zscaler_dns_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/README.txt diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_firewall_logs-latest/zscaler_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_logs-latest/zscaler.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/community/zscaler_zia_logs-latest/zscaler_zia.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/PARSER_TEMPLATE.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/marketplace-awsrdslogs-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsrdslogs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/marketplace-awsvpcflowlogs-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-awsvpcflowlogs-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/check_point_next_generation_firewall_raw.txt diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-checkpointfirewall-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/marketplace-ciscofirepowerthreatdefense-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirepowerthreatdefense-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/cisco_firewall_threat_defense_raw.txt diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-ciscofirewallthreatdefense-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/marketplace-cloudnativesecurity-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-cloudnativesecurity-latest/metadata.yaml diff --git a/utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf similarity index 100% rename from utilities/parsers/community_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/marketplace-corelight-conn-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-conn-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/marketplace-corelight-http-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-http-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/marketplace-corelight-ssl-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-ssl-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/marketplace-corelight-tunnel-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-corelight-tunnel-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/marketplace-fortinetfortigate-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortigate-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/marketplace-fortinetfortimanager-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-fortinetfortimanager-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/marketplace-infobloxddi-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-infobloxddi-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksfirewall-latest/palo_alto_networks_firewall.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/marketplace-paloaltonetworksprismaaccess-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-paloaltonetworksprismaaccess-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/marketplace-zscalerinternetaccess-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerinternetaccess-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/marketplace-zscalerprivateaccessjson-latest.conf diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/parsers/sentinelone/marketplace-zscalerprivateaccessjson-latest/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/metadata.yaml b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/metadata.yaml similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/metadata.yaml rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/metadata.yaml diff --git a/utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/virus_total_enrichment.json b/Backend/utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/virus_total_enrichment.json similarity index 100% rename from utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/virus_total_enrichment.json rename to Backend/utilities/parsers/sentinelone_new/ai-siem-main/workflows/community/virus_total_enrichment.json diff --git a/utilities/send_key_events.py b/Backend/utilities/send_key_events.py similarity index 100% rename from utilities/send_key_events.py rename to Backend/utilities/send_key_events.py diff --git a/utilities/sentinelone_parsers_example.json b/Backend/utilities/sentinelone_parsers_example.json similarity index 100% rename from utilities/sentinelone_parsers_example.json rename to Backend/utilities/sentinelone_parsers_example.json diff --git a/utilities/update_imports.py b/Backend/utilities/update_imports.py similarity index 100% rename from utilities/update_imports.py rename to Backend/utilities/update_imports.py diff --git a/validate_sentinelone_extraction.py b/Backend/validate_sentinelone_extraction.py similarity index 100% rename from validate_sentinelone_extraction.py rename to Backend/validate_sentinelone_extraction.py diff --git a/Frontend/Dockerfile b/Frontend/Dockerfile new file mode 100644 index 0000000..a93c6f2 --- /dev/null +++ b/Frontend/Dockerfile @@ -0,0 +1,34 @@ +# Dockerfile for Jarvis Frontend (Flask UI) +FROM python:3.11-slim + +# Set working directory at repo root inside image to preserve Frontend/ <-> Backend/ relative paths +WORKDIR /app + +# System deps (minimal) +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + && rm -rf /var/lib/apt/lists/* + +# Copy only requirements first for better caching +COPY Frontend/requirements.txt Frontend/requirements.txt +RUN pip install --no-cache-dir -r Frontend/requirements.txt + +# Copy source code (both Frontend and Backend to maintain expected relative paths) +COPY Frontend/ Frontend/ +COPY Backend/ Backend/ + + # Provide expected top-level path for event_generators used by the UI (CWD/event_generators) + RUN ln -s Backend/event_generators event_generators + +# Create non-root user +RUN useradd -m -u 1001 appuser && chown -R appuser:appuser /app +USER appuser + +# Expose Flask port used by log_generator_ui.py +EXPOSE 8000 + +# Environment: allow overriding API base URL; default points to backend service name in compose +ENV API_BASE_URL=http://api:8000 + +# Start the Flask UI +CMD ["python", "Frontend/log_generator_ui.py"] diff --git a/Frontend/log_generator_ui.py b/Frontend/log_generator_ui.py new file mode 100644 index 0000000..acc8915 --- /dev/null +++ b/Frontend/log_generator_ui.py @@ -0,0 +1,1292 @@ +import os +import subprocess +import json +import csv +import socket +import requests +from flask import Flask, render_template, request, jsonify, Response, stream_with_context +import sys +import uuid +import time +from concurrent.futures import ThreadPoolExecutor, as_completed +import threading +import queue +import logging + +app = Flask(__name__) + +# Setup logging +logging.basicConfig(level=logging.INFO) +logger = logging.getLogger(__name__) + +EVENT_GENERATORS_DIR = os.path.join(os.getcwd(), 'event_generators') +API_BASE_URL = os.environ.get('API_BASE_URL', 'http://localhost:8000') +BACKEND_API_KEY = os.environ.get('BACKEND_API_KEY') + +@app.route('/') +def index(): + return render_template('log_generator.html') + +@app.route('/test-token-storage') +def test_token_storage(): + """Token storage test page""" + return render_template('test_token_storage.html') + +def get_scripts(): + scripts = {} + try: + if not os.path.exists(EVENT_GENERATORS_DIR): + return scripts + for root, dirs, files in os.walk(EVENT_GENERATORS_DIR): + py_files = sorted([f for f in files if f.endswith('.py')]) + if py_files: + relative_root = os.path.relpath(root, EVENT_GENERATORS_DIR) + if relative_root == '.': + category_name = "Uncategorized" + else: + category_name = relative_root.replace(os.sep, ' - ').title() + scripts[category_name] = [os.path.join(relative_root, f) for f in py_files] + except Exception as e: + print(f"Error scanning for scripts: {e}") + return scripts + +def _get_api_headers(): + """Get headers for backend API requests""" + headers = {} + if BACKEND_API_KEY: + headers['X-API-Key'] = BACKEND_API_KEY + return headers + +def fetch_generators(): + base_url = f"{API_BASE_URL}/api/v1/generators" + try: + headers = {'X-API-Key': BACKEND_API_KEY} if BACKEND_API_KEY else None + all_items = [] + + # Retry logic for API startup + max_retries = 5 + retry_delay = 2 + for attempt in range(max_retries): + try: + # First try to request a large page to avoid pagination + resp = requests.get(base_url, params={'page': 1, 'per_page': 500}, headers=headers, timeout=10) + break # Success, exit retry loop + except requests.exceptions.RequestException as e: + if attempt < max_retries - 1: + logger.warning(f"API not ready (attempt {attempt + 1}/{max_retries}), retrying in {retry_delay}s...") + time.sleep(retry_delay) + retry_delay *= 1.5 # Exponential backoff + else: + raise # Re-raise on final attempt + + if resp.status_code == 200: + payload = resp.json() + data = payload.get('data', {}) + all_items = data.get('generators', []) + else: + # Fallback to default pagination loop + page = 1 + total_pages = 1 + while page <= total_pages: + resp = requests.get(base_url, params={'page': page}, headers=headers, timeout=20) + if resp.status_code != 200: + # If we already have some items, return them rather than hard-fail + if all_items: + break + return None, f"Backend returned {resp.status_code}: {resp.text}" + payload = resp.json() + data = payload.get('data', {}) + items = data.get('generators', []) + all_items.extend(items) + meta = payload.get('metadata', {}) + pagination = meta.get('pagination', {}) + total_pages = int(pagination.get('total_pages', total_pages)) or 1 + page += 1 + + # Simplify for dropdown: list of {id, name, category, file_path} + simplified = [ + { + 'id': g.get('id'), + 'name': g.get('name'), + 'category': g.get('category'), + 'file_path': g.get('file_path') + } + for g in all_items + ] + return simplified, None + except Exception as e: + return None, str(e) + +@app.route('/get-generators', methods=['GET']) +def get_generators(): + data, err = fetch_generators() + if err: + return jsonify({'error': f'Failed to fetch generators from backend: {err}'}), 502 + return jsonify({'generators': data}) + +@app.route('/destinations', methods=['GET']) +def list_destinations(): + """List destinations from backend API""" + try: + resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations", + headers=_get_api_headers(), + timeout=10 + ) + if resp.status_code == 200: + destinations = resp.json() + return jsonify({'destinations': destinations}) + else: + logger.error(f"Backend returned {resp.status_code}: {resp.text}") + return jsonify({'error': f'Backend error: {resp.status_code}'}), resp.status_code + except Exception as e: + logger.error(f"Failed to fetch destinations: {e}") + return jsonify({'error': str(e)}), 500 + +@app.route('/destinations', methods=['POST']) +def create_destination(): + """Create destination via backend API""" + payload = request.get_json(silent=True) or {} + + logger.info(f"Creating destination: type={payload.get('type')}, name={payload.get('name')}") + + try: + resp = requests.post( + f"{API_BASE_URL}/api/v1/destinations", + json=payload, + headers=_get_api_headers(), + timeout=10 + ) + + if resp.status_code == 201: + return jsonify(resp.json()), 201 + else: + error_detail = resp.json().get('detail', resp.text) if resp.headers.get('content-type') == 'application/json' else resp.text + logger.error(f"Backend returned {resp.status_code}: {error_detail}") + return jsonify({'error': error_detail}), resp.status_code + except Exception as e: + logger.error(f"Failed to create destination: {e}", exc_info=True) + return jsonify({'error': str(e)}), 500 + +@app.route('/destinations/', methods=['DELETE']) +def delete_destination(dest_id): + """Delete a destination""" + try: + response = requests.delete( + f"{API_BASE_URL}/api/v1/destinations/{dest_id}", + headers=_get_api_headers(), + timeout=10 + ) + return Response(status=response.status_code) + except Exception as e: + logger.error(f"Failed to delete destination: {e}") + return jsonify({'error': str(e)}), 500 + +@app.route('/destinations//update-token', methods=['POST']) +def update_destination_token(dest_id): + """Update token for a destination in the database""" + try: + data = request.json + token = data.get('token') + + if not token: + return jsonify({'error': 'Token is required'}), 400 + + # Update the destination with new token + response = requests.put( + f"{API_BASE_URL}/api/v1/destinations/{dest_id}", + headers=_get_api_headers(), + json={'token': token}, + timeout=10 + ) + + if response.status_code == 200: + logger.info(f"Updated token for destination: {dest_id}") + return jsonify({'message': 'Token updated successfully'}) + else: + return jsonify({'error': f'Backend returned {response.status_code}'}), response.status_code + + except Exception as e: + logger.error(f"Failed to update destination token: {e}") + return jsonify({'error': str(e)}), 500 + +@app.route('/scenarios', methods=['GET']) +def list_scenarios(): + """List available attack scenarios""" + scenarios = [ + { + 'id': 'attack_scenario_orchestrator', + 'name': 'Operation Digital Heist', + 'description': 'Sophisticated 14-day APT campaign against a financial services company. Simulates reconnaissance, initial access, persistence, privilege escalation, and data exfiltration.', + 'duration_days': 14, + 'events_per_day': 50, + 'total_events': 700, + 'phases': ['Reconnaissance & Phishing', 'Initial Access', 'Persistence & Lateral Movement', 'Privilege Escalation', 'Data Exfiltration'] + }, + { + 'id': 'enterprise_attack_scenario', + 'name': 'Enterprise Breach Scenario', + 'description': 'Enhanced enterprise attack scenario with 330+ events across multiple security products. Demonstrates correlated attack patterns.', + 'duration_minutes': 60, + 'total_events': 330, + 'phases': ['Initial Compromise', 'Credential Harvesting', 'Lateral Movement', 'Privilege Escalation', 'Data Exfiltration', 'Persistence'] + }, + { + 'id': 'enterprise_attack_scenario_10min', + 'name': 'Enterprise Breach (10 min)', + 'description': 'Condensed enterprise breach scenario for quick demos.', + 'duration_minutes': 10, + 'total_events': 120, + 'phases': ['Initial Access', 'Lateral Movement', 'Exfiltration'] + }, + { + 'id': 'enterprise_scenario_sender', + 'name': 'Enterprise Scenario Sender (330+ events)', + 'description': 'Sends enhanced enterprise attack scenario events to HEC using proper routing.', + 'duration_minutes': 45, + 'total_events': 330, + 'phases': ['Initial Compromise', 'Credential Harvesting', 'Lateral Movement', 'Privilege Escalation', 'Data Exfiltration'] + }, + { + 'id': 'enterprise_scenario_sender_10min', + 'name': 'Enterprise Scenario Sender (10 min)', + 'description': 'Fast sender for enterprise scenario suitable for time-boxed demos.', + 'duration_minutes': 10, + 'total_events': 120, + 'phases': ['Initial Access', 'Lateral Movement', 'Exfiltration'] + }, + { + 'id': 'showcase_attack_scenario', + 'name': 'AI-SIEM Showcase Scenario', + 'description': 'Showcase scenario demonstrating multi-platform correlation across EDR, Email, Identity, Cloud, Network, WAF, and more.', + 'duration_minutes': 30, + 'total_events': 200, + 'phases': ['Phishing', 'Compromise', 'Movement', 'Privilege Escalation', 'Exfiltration'] + }, + { + 'id': 'showcase_scenario_sender', + 'name': 'Showcase Scenario Sender', + 'description': 'Sends the showcase scenario events to HEC with compact progress output.', + 'duration_minutes': 20, + 'total_events': 180, + 'phases': ['Phishing', 'Compromise', 'Movement', 'Exfiltration'] + }, + { + 'id': 'quick_scenario', + 'name': 'Quick Scenario (Comprehensive)', + 'description': 'Generates a compact yet comprehensive attack scenario spanning multiple sources.', + 'duration_minutes': 5, + 'total_events': 80, + 'phases': ['Initial Access', 'Reconnaissance', 'Movement', 'Exfiltration'] + }, + { + 'id': 'quick_scenario_simple', + 'name': 'Quick Scenario (Simple)', + 'description': 'Minimal scenario for smoke testing pipeline and parsers.', + 'duration_minutes': 2, + 'total_events': 30, + 'phases': ['Access', 'Movement'] + }, + { + 'id': 'finance_mfa_fatigue_scenario', + 'name': 'Finance Employee MFA Fatigue Attack', + 'description': 'Baseline (Days 1-7), MFA fatigue from Russia, OneDrive exfiltration, SOAR detections and automated response.', + 'duration_days': 8, + 'total_events': 135, + 'phases': ['Normal Behavior', 'MFA Fatigue', 'Initial Access', 'Data Exfiltration', 'Detection & Response'] + }, + { + 'id': 'insider_cloud_download_exfiltration', + 'name': 'Insider Data Exfiltration via Cloud Download', + 'description': 'Insider threat scenario: anomalous large-volume M365/SharePoint downloads (180+ files), DLP classification, and removable USB media copying. Correlates Okta, M365 UAL, DLP, and EDR.', + 'duration_days': 8, + 'total_events': 280, + 'phases': ['Baseline', 'Off-Hours Access', 'Cloud Download Spike', 'USB Copy', 'Detection'] + }, + { + 'id': 'scenario_hec_sender', + 'name': 'Scenario HEC Sender', + 'description': 'Generic scenario sender that replays a scenario JSON to HEC.', + 'duration_minutes': 15, + 'total_events': 150, + 'phases': ['Replay'] + }, + { + 'id': 'star_trek_integration_test', + 'name': 'Integration Test (Star Trek)', + 'description': 'Integration test scenario for end-to-end validation and fun output.', + 'duration_minutes': 3, + 'total_events': 20, + 'phases': ['Test'] + } + ] + return jsonify({'scenarios': scenarios}) + +@app.route('/scenarios/run', methods=['POST']) +def run_scenario(): + """Execute a scenario and stream progress""" + data = request.json + scenario_id = data.get('scenario_id') + destination_id = data.get('destination_id') + worker_count = int(data.get('workers', 10)) # Default 10 parallel workers + tag_phase = data.get('tag_phase', True) + tag_trace = data.get('tag_trace', True) + trace_id = (data.get('trace_id') or '').strip() + generate_noise = data.get('generate_noise', False) + noise_events_count = int(data.get('noise_events_count', 1200)) + local_token = data.get('hec_token') # Token from browser localStorage + + if not scenario_id: + return jsonify({'error': 'scenario_id is required'}), 400 + if not destination_id: + return jsonify({'error': 'destination_id is required'}), 400 + + # Resolve destination from backend API + try: + dest_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{destination_id}", + headers=_get_api_headers(), + timeout=10 + ) + if dest_resp.status_code != 200: + return jsonify({'error': 'Destination not found'}), 404 + + chosen = dest_resp.json() + + if chosen.get('type') != 'hec': + return jsonify({'error': 'Scenarios currently only support HEC destinations'}), 400 + + hec_url = chosen.get('url') + + # Use local token if provided, otherwise fetch from backend + if local_token: + hec_token = local_token + logger.info(f"Using local token from browser for destination: {destination_id}") + else: + # Fetch decrypted token from backend as fallback + token_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{destination_id}/token", + headers=_get_api_headers(), + timeout=10 + ) + if token_resp.status_code != 200: + return jsonify({'error': 'Failed to retrieve HEC token. Please set a local token in Settings.'}), 400 + + hec_token = token_resp.json().get('token') + logger.info(f"Using backend token for destination: {destination_id}") + + if not hec_url or not hec_token: + return jsonify({'error': 'HEC destination incomplete or token missing'}), 400 + except Exception as e: + logger.error(f"Failed to resolve destination: {e}") + return jsonify({'error': f'Failed to resolve destination: {str(e)}'}), 500 + + def generate_and_stream(): + try: + yield "INFO: Starting scenario execution...\n" + # Map scenario ids to filenames when they differ + id_to_file = { + 'attack_scenario_orchestrator': 'attack_scenario_orchestrator.py', + 'enterprise_attack_scenario': 'enterprise_attack_scenario.py', + 'enterprise_attack_scenario_10min': 'enterprise_attack_scenario_10min.py', + 'enterprise_scenario_sender': 'enterprise_scenario_sender.py', + 'enterprise_scenario_sender_10min': 'enterprise_scenario_sender_10min.py', + 'showcase_attack_scenario': 'showcase_attack_scenario.py', + 'showcase_scenario_sender': 'showcase_scenario_sender.py', + 'quick_scenario': 'quick_scenario.py', + 'quick_scenario_simple': 'quick_scenario_simple.py', + 'scenario_hec_sender': 'scenario_hec_sender.py', + 'star_trek_integration_test': 'star_trek_integration_test.py', + 'finance_mfa_fatigue_scenario': 'finance_mfa_fatigue_scenario.py', + 'insider_cloud_download_exfiltration': 'insider_cloud_download_exfiltration.py', + } + scenarios_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'Backend', 'scenarios')) + # Resolve script path + filename = id_to_file.get(scenario_id, f"{scenario_id}.py") + script_path = os.path.join(scenarios_dir, filename) + if not os.path.exists(script_path): + yield f"ERROR: Scenario script not found: {filename}\n" + return + + # Prepare environment for HEC sender used by scenario scripts + env = os.environ.copy() + env['S1_HEC_TOKEN'] = hec_token + env['S1_HEC_URL'] = hec_url.rstrip('/') + env['S1_HEC_WORKERS'] = str(worker_count) # Pass worker count to scripts + env['S1_HEC_BATCH'] = '0' # Disable batch mode for immediate responses + # Prefer a writable location inside the container for scenario outputs + env['SCENARIO_OUTPUT_DIR'] = '/app/data/scenarios/configs' + # Control inclusion of scenario.phase tag via env + env['S1_TAG_PHASE'] = '1' if tag_phase else '0' + # Control inclusion of scenario.trace_id tag via env + env['S1_TAG_TRACE'] = '1' if tag_trace else '0' + if trace_id: + env['S1_TRACE_ID'] = trace_id + + # Add event generators and all category subdirectories to Python path + event_generators_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'Backend', 'event_generators')) + + # Build list of all category directories + python_paths = [event_generators_dir] + categories = ['cloud_infrastructure', 'network_security', 'endpoint_security', + 'identity_access', 'email_security', 'web_security', 'infrastructure', 'shared'] + for category in categories: + category_path = os.path.join(event_generators_dir, category) + if os.path.exists(category_path): + python_paths.append(category_path) + + # Set PYTHONPATH + existing_pythonpath = env.get('PYTHONPATH', '') + pythonpath_str = ':'.join(python_paths) + if existing_pythonpath: + env['PYTHONPATH'] = f"{pythonpath_str}:{existing_pythonpath}" + else: + env['PYTHONPATH'] = pythonpath_str + + logger.info(f"Set PYTHONPATH with {len(python_paths)} directories") + + yield f"INFO: Executing {filename} with {worker_count} parallel workers...\n" + import subprocess + process = subprocess.Popen( + ['python', script_path], + cwd=scenarios_dir, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + text=True, + env=env + ) + + # Stream output lines + for line in iter(process.stdout.readline, ''): + if not line: + break + yield line + + process.wait() + rc = process.returncode + if rc == 0: + yield "INFO: Scenario generation complete\n" + # If this scenario produces a JSON file, automatically replay it to HEC + try: + if scenario_id in ['finance_mfa_fatigue_scenario', 'insider_cloud_download_exfiltration']: + from os import path + output_dir = env.get('SCENARIO_OUTPUT_DIR', path.join(scenarios_dir, 'configs')) + output_file = path.join(output_dir, f'{scenario_id}.json') + if not path.exists(output_file): + # Fallback to scenarios/configs + fallback = path.join(scenarios_dir, 'configs', f'{scenario_id}.json') + if path.exists(fallback): + output_file = fallback + if path.exists(output_file): + yield f"INFO: Replaying generated scenario to HEC: {output_file}\n" + sender_path = os.path.join(scenarios_dir, 'scenario_hec_sender.py') + send_proc = subprocess.Popen( + ['python', sender_path, '--scenario', output_file, '--auto', '--preserve-timestamps'] + + ([] if tag_phase else ['--no-phase-tag']) + + ([] if not trace_id else ['--trace-id', trace_id]), + cwd=scenarios_dir, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + text=True, + env=env + ) + for sline in iter(send_proc.stdout.readline, ''): + if not sline: + break + yield sline + send_proc.wait() + if send_proc.returncode == 0: + yield "INFO: Scenario replay to HEC complete\n" + + # Generate and send background noise if requested + if generate_noise and scenario_id == 'finance_mfa_fatigue_scenario': + yield "\n" + "="*80 + "\n" + yield "INFO: Generating background noise data...\n" + yield f"INFO: Creating {noise_events_count} distributed events across 8 days\n" + yield f"INFO: Distribution: 70% business hours (8 AM - 5 PM EST), 30% off-hours\n" + yield "="*80 + "\n" + + try: + noise_gen_path = os.path.join(scenarios_dir, 'finance_mfa_noise_generator.py') + noise_proc = subprocess.Popen( + ['python', noise_gen_path, '--events', str(noise_events_count), '--days', '8'], + cwd=scenarios_dir, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + text=True, + env=env + ) + for nline in iter(noise_proc.stdout.readline, ''): + if not nline: + break + yield nline + noise_proc.wait() + + if noise_proc.returncode == 0: + # Check if streaming mode was used (large volume) + if noise_events_count > 10000: + yield "\nINFO: Streaming mode - noise events sent directly to HEC\n" + else: + # Send noise to HEC via sender script for small volumes + noise_file = path.join(output_dir, 'finance_mfa_noise.json') + if not path.exists(noise_file): + noise_file = path.join(scenarios_dir, 'configs', 'finance_mfa_noise.json') + + if path.exists(noise_file): + yield f"\nINFO: Sending background noise to HEC: {noise_file}\n" + noise_send_proc = subprocess.Popen( + ['python', sender_path, '--scenario', noise_file, '--auto', '--preserve-timestamps'] + + ([] if tag_phase else ['--no-phase-tag']) + + ([] if not trace_id else ['--trace-id', trace_id]), + cwd=scenarios_dir, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + text=True, + env=env + ) + for nsline in iter(noise_send_proc.stdout.readline, ''): + if not nsline: + break + yield nsline + noise_send_proc.wait() + if noise_send_proc.returncode == 0: + yield "\nINFO: Background noise sent to HEC successfully\n" + else: + yield f"\nERROR: Noise replay exited with code {noise_send_proc.returncode}\n" + else: + yield "\nWARN: Generated noise file not found; skipping HEC replay\n" + else: + yield f"\nERROR: Noise generation exited with code {noise_proc.returncode}\n" + except Exception as ne: + yield f"\nERROR: Failed to generate/send background noise: {ne}\n" + else: + yield f"ERROR: Scenario replay exited with code {send_proc.returncode}\n" + else: + yield "WARN: Generated scenario file not found; skipping HEC replay\n" + except Exception as e: + yield f"ERROR: Failed to replay scenario to HEC: {e}\n" + else: + yield f"ERROR: Scenario exited with code {rc}\n" + except Exception as e: + yield f"ERROR: Scenario execution failed: {e}\n" + + return Response(stream_with_context(generate_and_stream()), mimetype='text/plain') + +@app.route('/uploads', methods=['POST']) +def upload_file(): + """Upload a CSV, JSON, TXT, LOG, or GZ file""" + if 'file' not in request.files: + return jsonify({'error': 'No file provided'}), 400 + + file = request.files['file'] + if file.filename == '': + return jsonify({'error': 'No file selected'}), 400 + + # Validate file extension + allowed_extensions = {'.csv', '.json', '.txt', '.log', '.gz'} + file_ext = os.path.splitext(file.filename)[1].lower() + if file_ext not in allowed_extensions: + return jsonify({'error': f'Invalid file type. Allowed: CSV, JSON, TXT, LOG, GZ'}), 400 + + try: + # Forward to backend API + files = {'file': (file.filename, file.stream, file.content_type)} + resp = requests.post( + f"{API_BASE_URL}/api/v1/uploads/upload", + files=files, + headers=_get_api_headers(), + timeout=300 # 5 min timeout for large files + ) + + if resp.status_code == 201: + return jsonify(resp.json()), 201 + else: + error_detail = resp.json().get('detail', resp.text) if resp.headers.get('content-type') == 'application/json' else resp.text + return jsonify({'error': error_detail}), resp.status_code + except Exception as e: + logger.error(f"Failed to upload file: {e}", exc_info=True) + return jsonify({'error': str(e)}), 500 + + +@app.route('/uploads', methods=['GET']) +def list_uploads(): + """List uploaded files""" + try: + resp = requests.get( + f"{API_BASE_URL}/api/v1/uploads/uploads", + headers=_get_api_headers(), + timeout=10 + ) + if resp.status_code == 200: + return jsonify({'uploads': resp.json()}) + else: + return jsonify({'error': f'Backend error: {resp.status_code}'}), resp.status_code + except Exception as e: + logger.error(f"Failed to list uploads: {e}") + return jsonify({'error': str(e)}), 500 + + +@app.route('/uploads/', methods=['DELETE']) +def delete_upload(upload_id: str): + """Delete an uploaded file""" + try: + resp = requests.delete( + f"{API_BASE_URL}/api/v1/uploads/uploads/{upload_id}", + headers=_get_api_headers(), + timeout=10 + ) + if resp.status_code == 204: + return ('', 204) + else: + error_detail = resp.json().get('detail', resp.text) if resp.headers.get('content-type') == 'application/json' else resp.text + return jsonify({'error': error_detail}), resp.status_code + except Exception as e: + logger.error(f"Failed to delete upload: {e}") + return jsonify({'error': str(e)}), 500 + + +@app.route('/uploads/process', methods=['POST']) +def process_upload(): + """Process an uploaded file through HEC""" + data = request.json + upload_id = data.get('upload_id') + destination_id = data.get('destination_id') + batch_size = int(data.get('batch_size', 100)) + eps = float(data.get('eps', 10.0)) + sourcetype = data.get('sourcetype', '').strip() + endpoint = data.get('endpoint', 'event') # 'event' or 'raw' + local_token = data.get('hec_token') # Token from browser localStorage + + if not upload_id: + return jsonify({'error': 'upload_id is required'}), 400 + if not destination_id: + return jsonify({'error': 'destination_id is required'}), 400 + if not sourcetype: + return jsonify({'error': 'sourcetype is required'}), 400 + + def generate_and_stream(): + try: + # Get upload metadata from backend + upload_resp = requests.get( + f"{API_BASE_URL}/api/v1/uploads/uploads/{upload_id}", + headers=_get_api_headers(), + timeout=10 + ) + if upload_resp.status_code != 200: + yield "ERROR: Upload not found\n" + return + + upload_info = upload_resp.json() + file_type = upload_info.get('file_type') + line_count = upload_info.get('line_count', 0) + + # Get destination info + dest_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{destination_id}", + headers=_get_api_headers(), + timeout=10 + ) + if dest_resp.status_code != 200: + yield "ERROR: Destination not found\n" + return + + destination = dest_resp.json() + if destination.get('type') != 'hec': + yield "ERROR: Only HEC destinations are supported for file uploads\n" + return + + hec_url = destination.get('url') + + # Use local token if provided, otherwise fetch from backend + if local_token: + hec_token = local_token + logger.info(f"Using local token from browser for destination: {destination_id}") + else: + # Get decrypted token from backend as fallback + token_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{destination_id}/token", + headers=_get_api_headers(), + timeout=10 + ) + if token_resp.status_code != 200: + yield "ERROR: Failed to retrieve HEC token. Please set a local token in Settings.\n" + return + + hec_token = token_resp.json().get('token') + logger.info(f"Using backend token for destination: {destination_id}") + + yield f"INFO: Processing {file_type.upper()} file with {line_count} records\n" + yield f"INFO: Sending to {hec_url} at {eps} EPS\n" + yield f"INFO: Using sourcetype: {sourcetype}\n" + yield f"INFO: HEC Endpoint: /{endpoint}\n" + + # Read the uploaded file from backend data directory + # Since we're in Flask, we need to read from the backend's upload directory + backend_upload_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'Backend', 'api', 'data', 'uploads')) + safe_filename = upload_info.get('id') + '_' + upload_info.get('filename') + file_path = os.path.join(backend_upload_dir, safe_filename) + + if not os.path.exists(file_path): + yield f"ERROR: File not found at {file_path}\n" + return + + # Process file and send to HEC + import time as time_module + delay = 1.0 / eps if eps > 0 else 0.1 + sent_count = 0 + + # Build path to hec_sender.py + hec_sender_path = os.path.normpath( + os.path.join(os.path.dirname(__file__), '..', 'Backend', 'event_generators', 'shared', 'hec_sender.py') + ) + + # Build HEC URL with endpoint + base_hec_url = hec_url.rstrip('/') + if not base_hec_url.endswith('/services/collector'): + base_hec_url += '/services/collector' + + if endpoint == 'event': + hec_endpoint_url = f"{base_hec_url}/event" + else: + hec_endpoint_url = f"{base_hec_url}/raw?sourcetype={sourcetype}" + + if file_type == 'json': + with open(file_path, 'r') as f: + data_content = json.load(f) + records = data_content if isinstance(data_content, list) else [data_content] + + for record in records: + try: + if endpoint == 'event': + # Send to HEC /event endpoint with sourcetype in payload + headers_local = { + 'Authorization': f'Splunk {hec_token}', + 'Content-Type': 'application/json' + } + payload = { + 'event': record, + 'sourcetype': sourcetype + } + resp = requests.post( + hec_endpoint_url, + json=payload, + headers=headers_local, + verify=True, + timeout=10 + ) + else: + # Send to HEC /raw endpoint (sourcetype in URL) + headers_local = { + 'Authorization': f'Splunk {hec_token}', + 'Content-Type': 'text/plain' + } + # Convert JSON to string for raw endpoint + raw_data = json.dumps(record) if isinstance(record, dict) else str(record) + resp = requests.post( + hec_endpoint_url, + data=raw_data, + headers=headers_local, + verify=True, + timeout=10 + ) + + resp.raise_for_status() + sent_count += 1 + if sent_count % 10 == 0: + yield f"INFO: Sent {sent_count}/{len(records)} events\n" + time_module.sleep(delay) + except Exception as e: + yield f"ERROR: Failed to send event: {e}\n" + + elif file_type == 'csv': + with open(file_path, 'r') as f: + reader = csv.DictReader(f) + records = list(reader) + + for record in records: + try: + if endpoint == 'event': + # Send to HEC /event endpoint as JSON with sourcetype + headers_local = { + 'Authorization': f'Splunk {hec_token}', + 'Content-Type': 'application/json' + } + payload = { + 'event': record, + 'sourcetype': sourcetype + } + resp = requests.post( + hec_endpoint_url, + json=payload, + headers=headers_local, + verify=True, + timeout=10 + ) + else: + # Send to HEC /raw endpoint (sourcetype in URL) + headers_local = { + 'Authorization': f'Splunk {hec_token}', + 'Content-Type': 'text/plain' + } + # Convert CSV row to key=value format for raw endpoint + raw_data = ' '.join([f'{k}={v}' for k, v in record.items()]) + resp = requests.post( + hec_endpoint_url, + data=raw_data, + headers=headers_local, + verify=True, + timeout=10 + ) + + resp.raise_for_status() + sent_count += 1 + if sent_count % 10 == 0: + yield f"INFO: Sent {sent_count}/{len(records)} events\n" + time_module.sleep(delay) + except Exception as e: + yield f"ERROR: Failed to send event: {e}\n" + + elif file_type in ['txt', 'log']: + # Process text/log files line by line + with open(file_path, 'r') as f: + lines = [line.rstrip('\n') for line in f if line.strip()] + + for line in lines: + try: + if endpoint == 'event': + # Send to HEC /event endpoint (wrap line in JSON) + headers_local = { + 'Authorization': f'Splunk {hec_token}', + 'Content-Type': 'application/json' + } + payload = { + 'event': line, + 'sourcetype': sourcetype + } + resp = requests.post( + hec_endpoint_url, + json=payload, + headers=headers_local, + verify=True, + timeout=10 + ) + else: + # Send to HEC /raw endpoint + headers_local = { + 'Authorization': f'Splunk {hec_token}', + 'Content-Type': 'text/plain' + } + resp = requests.post( + hec_endpoint_url, + data=line, + headers=headers_local, + verify=True, + timeout=10 + ) + + resp.raise_for_status() + sent_count += 1 + if sent_count % 10 == 0: + yield f"INFO: Sent {sent_count}/{len(lines)} events\n" + time_module.sleep(delay) + except Exception as e: + yield f"ERROR: Failed to send event: {e}\n" + + else: + yield f"ERROR: Unsupported file type: {file_type}\n" + return + + yield f"INFO: Successfully sent {sent_count} events to HEC\n" + + except Exception as e: + logger.error(f"Failed to process upload: {e}", exc_info=True) + yield f"ERROR: Failed to process upload: {e}\n" + + return Response(stream_with_context(generate_and_stream()), mimetype='text/plain') + + +@app.route('/get-scripts', methods=['GET']) +def get_available_scripts(): + scripts = get_scripts() + if not scripts: + return jsonify({"message": "No log scripts found."}), 404 + return jsonify(scripts) + +@app.route('/generate-logs', methods=['POST']) +def generate_logs(): + data = request.json + destination = data.get('destination', 'syslog') + script_path = data.get('script') + log_count = int(data.get('count', 3)) if data.get('count') is not None else None + eps = float(data.get('eps', 1.0)) + continuous = data.get('continuous', False) + speed_mode = data.get('speed_mode', False) + syslog_ip = data.get('ip') + syslog_port = int(data.get('port')) if data.get('port') is not None else None + syslog_protocol = data.get('protocol') + product_id = data.get('product') + local_hec_token = data.get('hec_token') # Token from browser localStorage + metadata_fields = data.get('metadata') # Custom metadata fields as JSON object + # Unified destination id (preferred) + unified_dest_id = data.get('destination_id') + # Back-compat fields + hec_dest_id = data.get('hec_destination_id') + syslog_dest_id = data.get('syslog_destination_id') + + # Auto-enable speed mode for high EPS + if continuous and eps > 1000 and not speed_mode: + speed_mode = True + logger.info("Auto-enabling Speed Mode for high throughput (>1000 EPS)") + + # Set log_count to a large number for continuous mode + if continuous: + log_count = 999999999 # Effectively infinite + + if destination == 'syslog': + full_script_path = os.path.join(EVENT_GENERATORS_DIR, script_path) + if not os.path.exists(full_script_path): + return jsonify({'error': 'Invalid script name or path'}), 400 + + def generate_and_stream(): + sock = None + try: + if destination == 'syslog': + # Resolve syslog destination if provided + resolved_syslog_id = unified_dest_id if unified_dest_id else syslog_dest_id + if resolved_syslog_id: + try: + dest_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{resolved_syslog_id}", + headers=_get_api_headers(), + timeout=10 + ) + if dest_resp.status_code != 200 or dest_resp.json().get('type') != 'syslog': + yield "ERROR: Selected syslog destination not found.\n" + return + chosen = dest_resp.json() + syslog_ip_local = chosen.get('ip') + syslog_port_local = int(chosen.get('port') or 0) + syslog_protocol_local = (chosen.get('protocol') or '').upper() + except Exception as e: + yield f"ERROR: Failed to resolve syslog destination: {e}\n" + return + else: + syslog_ip_local = syslog_ip + syslog_port_local = syslog_port + syslog_protocol_local = (syslog_protocol or '').upper() + + if not syslog_ip_local or not syslog_port_local or syslog_protocol_local not in ('UDP','TCP'): + yield "ERROR: Missing or invalid syslog destination details.\n" + return + + if syslog_protocol_local == 'UDP': + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + elif syslog_protocol_local == 'TCP': + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.connect((syslog_ip_local, syslog_port_local)) + except Exception as e: + yield f"ERROR: Could not connect to TCP syslog server at {syslog_ip_local}:{syslog_port_local}. Details: {e}\n" + return + else: + yield "ERROR: Invalid syslog protocol. Please select TCP or UDP.\n" + return + + yield "INFO: Starting log generation...\n" + + command = ['python', full_script_path, str(log_count)] + process = subprocess.Popen( + command, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True + ) + + for line in iter(process.stdout.readline, ''): + if line: + log_line = line.strip() + try: + if syslog_protocol_local == 'UDP': + sock.sendto(bytes(log_line + '\n', 'utf-8'), (syslog_ip_local, syslog_port_local)) + else: + sock.sendall(bytes(log_line + '\n', 'utf-8')) + except Exception as e: + yield f"ERROR: Failed to send log to syslog server. Details: {e}\n" + process.terminate() + break + + yield f"LOG: {log_line}\n" + + errors = process.stderr.read() + if errors: + yield f"ERROR: Script execution produced errors:\n{errors}\n" + + process.wait() + + elif destination == 'hec': + # Validate inputs + if not product_id: + yield "ERROR: Missing product id for HEC.\n" + return + + # Resolve destination from backend API + resolved_hec_id = unified_dest_id if unified_dest_id else hec_dest_id + + try: + if resolved_hec_id: + # Get specific destination + dest_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{resolved_hec_id}", + headers=_get_api_headers(), + timeout=10 + ) + if dest_resp.status_code != 200 or dest_resp.json().get('type') != 'hec': + yield "ERROR: Selected HEC destination not found.\n" + return + chosen = dest_resp.json() + else: + # Get first HEC destination + list_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations", + headers=_get_api_headers(), + timeout=10 + ) + if list_resp.status_code != 200: + yield "ERROR: Failed to fetch destinations from backend.\n" + return + destinations = list_resp.json() + hec_dests = [d for d in destinations if d.get('type') == 'hec'] + if not hec_dests: + yield "ERROR: No HEC destination configured. Add one in Settings > Destinations.\n" + return + chosen = hec_dests[0] + + hec_url = chosen.get('url') + dest_id = chosen.get('id') + + # Use local token if provided, otherwise fetch from backend + if local_hec_token: + hec_token = local_hec_token + logger.info(f"Using local token from browser for destination: {dest_id}") + else: + # Fetch decrypted token from backend as fallback + token_resp = requests.get( + f"{API_BASE_URL}/api/v1/destinations/{dest_id}/token", + headers=_get_api_headers(), + timeout=10 + ) + if token_resp.status_code != 200: + yield "ERROR: Failed to retrieve HEC token from backend. Please set a local token in Settings.\n" + return + + hec_token = token_resp.json().get('token') + logger.info(f"Using backend token for destination: {dest_id}") + + if not hec_url or not hec_token: + yield "ERROR: Selected HEC destination is incomplete or token missing.\n" + return + + logger.info(f"Resolved HEC destination: id={dest_id}, url={hec_url}") + except Exception as e: + logger.error(f"Failed to resolve HEC destination: {e}", exc_info=True) + yield f"ERROR: Failed to resolve HEC destination: {e}\n" + return + + yield f"INFO: Starting HEC send to {hec_url}...\n" + if continuous: + speed_indicator = " (SPEED MODE)" if speed_mode else "" + yield f"INFO: Running in CONTINUOUS mode for product '{product_id}' at {eps} EPS{speed_indicator} (press Stop to end)\n" + else: + yield f"INFO: Sending {log_count} events for product '{product_id}' at {eps} EPS\n" + + # Build path to hec_sender.py (Frontend/../Backend/event_generators/shared/hec_sender.py) + hec_sender_path = os.path.normpath( + os.path.join(os.path.dirname(__file__), '..', 'Backend', 'event_generators', 'shared', 'hec_sender.py') + ) + if not os.path.exists(hec_sender_path): + yield f"ERROR: HEC sender not found at {hec_sender_path}\n" + return + + yield f"DEBUG: Using HEC sender at {hec_sender_path}\n" + yield f"DEBUG: Product: {product_id}, Count: {log_count}, EPS: {eps}, Continuous: {continuous}, Speed Mode: {speed_mode}\n" + + # Normalize HEC URL: accept bare domain and append collector path + def _normalize_hec_url(u: str) -> str: + if not u: + return u + base = u.rstrip('/') + if base.endswith('/event') or base.endswith('/raw'): + return base + # If already includes /services/collector, keep it + if '/services/collector' in base: + return base + return base + '/services/collector' + + normalized_hec_url = _normalize_hec_url(hec_url) + logger.info(f"Normalized HEC URL: {normalized_hec_url}") + + env = os.environ.copy() + env['S1_HEC_TOKEN'] = hec_token + env['S1_HEC_URL'] = normalized_hec_url + # Enable TLS compatibility for older/misconfigured servers + env['S1_HEC_TLS_LOW'] = '1' + # Enable automatic insecure fallback as last resort + env['S1_HEC_AUTO_INSECURE'] = 'true' + + if continuous: + # Batch mode for continuous + env['S1_HEC_BATCH'] = '1' + # Optimize batch size based on EPS + if eps >= 10000: + # High EPS: larger batches, faster flush + env['S1_HEC_BATCH_MAX_BYTES'] = str(2 * 1024 * 1024) # 2MB batches for high throughput + env['S1_HEC_BATCH_FLUSH_MS'] = '200' # Flush every 0.2 seconds (5x per second) + elif eps >= 1000: + # Medium EPS: balanced batches + env['S1_HEC_BATCH_MAX_BYTES'] = str(512 * 1024) # 512KB batches + env['S1_HEC_BATCH_FLUSH_MS'] = '300' # Flush every 0.3 seconds + else: + # Low EPS: smaller batches for visibility + env['S1_HEC_BATCH_MAX_BYTES'] = str(256 * 1024) # 256KB batches + env['S1_HEC_BATCH_FLUSH_MS'] = '500' # Flush every 0.5 seconds + else: + # Single-send mode for small counts + env['S1_HEC_BATCH'] = '0' + + # Enable debug output to see batch flushes and responses + env['S1_HEC_DEBUG'] = '1' + # Disable Python output buffering + env['PYTHONUNBUFFERED'] = '1' + + # Calculate delay from EPS: delay = 1 / eps + delay = 1.0 / eps if eps > 0 else 1.0 + # Use -u flag for unbuffered Python output + # Use --verbosity info for periodic status updates instead of per-event output + command = ['python3', '-u', hec_sender_path, '--product', product_id, '-n', str(log_count), + '--min-delay', str(delay), '--max-delay', str(delay), '--verbosity', 'info'] + + # Add metadata fields if provided + if metadata_fields: + # Metadata should be a dict, convert to JSON string for command line + import json as json_module + if isinstance(metadata_fields, dict): + command.extend(['--metadata', json_module.dumps(metadata_fields)]) + logger.info(f"Adding metadata fields: {metadata_fields}") + else: + logger.warning(f"Invalid metadata format (expected dict): {type(metadata_fields)}") + + # Add speed mode flag + if speed_mode: + command.append('--speed-mode') + + command_str = ' '.join(command) + logger.info(f"Executing HEC sender: {command_str}") + yield f"DEBUG: Running command: {command_str}\n" + yield f"DEBUG: Environment vars: S1_HEC_BATCH={env.get('S1_HEC_BATCH')}, S1_HEC_DEBUG={env.get('S1_HEC_DEBUG')}\n" + + try: + process = subprocess.Popen( + command, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, # Merge stderr into stdout for better debugging + text=True, + bufsize=1, # Line buffered + env=env + ) + yield f"DEBUG: Process started with PID {process.pid}\n" + except Exception as e: + yield f"ERROR: Failed to start process: {e}\n" + logger.error(f"Failed to start HEC sender process: {e}", exc_info=True) + return + + # Stream sanitized output + line_count = 0 + event_count = 0 + import select + + yield "DEBUG: Starting to read output...\n" + + try: + # Check if process exits immediately + import time + time.sleep(0.5) + poll_result = process.poll() + if poll_result is not None: + # Process exited immediately + remaining_output = process.stdout.read() + yield f"ERROR: Process exited immediately with code {poll_result}\n" + if remaining_output: + sanitized = remaining_output.replace(hec_token, '***REDACTED***') + yield f"Output:\n{sanitized}\n" + return + + yield "DEBUG: Process is running, reading output lines...\n" + + for line in iter(process.stdout.readline, ''): + if not line: + # Check if process has exited + if process.poll() is not None: + yield f"DEBUG: Process exited with code {process.returncode}\n" + break + continue + + # Check if client disconnected (for continuous mode) + if request.environ.get('werkzeug.socket'): + try: + # This will fail if client disconnected + request.environ.get('werkzeug.socket').getpeername() + except: + logger.info("Client disconnected, terminating process") + process.terminate() + yield "INFO: Stopped by client disconnect\n" + break + + line_count += 1 + # Redact token from output + sanitized = line.replace(hec_token, '***REDACTED***') + yield sanitized + logger.debug(f"HEC sender output line {line_count}: {sanitized.strip()}") + + # Count successful events for continuous mode progress + if continuous: + # Count based on status messages (QUEUED for batch, OK for non-batch) + if 'queued' in sanitized.lower() or ('status' in sanitized.lower() and 'ok' in sanitized.lower()): + event_count += 1 + if event_count % 100 == 0: + yield f"INFO: {event_count} events queued/sent so far...\n" + except (GeneratorExit, BrokenPipeError): + # Client disconnected + logger.info("Client disconnected (broken pipe), terminating process") + process.terminate() + return + + # Wait for process completion + process.wait() + logger.info(f"HEC sender process completed with return code: {process.returncode}") + + # -15 is SIGTERM from our terminate() call + if process.returncode != 0 and process.returncode != -15: + logger.error(f"HEC send failed with return code {process.returncode}") + yield f"ERROR: HEC send failed with code {process.returncode}\n" + elif continuous and event_count > 0: + yield f"INFO: Stopped after sending {event_count} events\n" + else: + yield f"INFO: Successfully sent {log_count if not continuous else event_count} events to HEC\n" + logger.info(f"Successfully sent {log_count if not continuous else event_count} events") + + except FileNotFoundError: + yield f"ERROR: Python executable not found. Please ensure Python is in your system's PATH.\n" + except Exception as e: + yield f"ERROR: An unexpected error occurred: {e}\n" + + finally: + logger.info("Log generation complete") + yield "INFO: Log generation complete.\n" + if sock: + sock.close() + + return Response(stream_with_context(generate_and_stream()), mimetype='text/plain') + +if __name__ == '__main__': + app.run(debug=True, host='0.0.0.0', port=8000) + diff --git a/Frontend/requirements.txt b/Frontend/requirements.txt new file mode 100644 index 0000000..c2c95a7 --- /dev/null +++ b/Frontend/requirements.txt @@ -0,0 +1,3 @@ +# Frontend dependencies +flask>=3.0.0 +requests>=2.31.0 \ No newline at end of file diff --git a/Frontend/static/js/token_vault.js b/Frontend/static/js/token_vault.js new file mode 100644 index 0000000..863b812 --- /dev/null +++ b/Frontend/static/js/token_vault.js @@ -0,0 +1,168 @@ +/** + * TokenVault - Client-side encrypted token storage + * Uses Web Crypto API for secure encryption in browser localStorage + */ +class TokenVault { + constructor() { + this.STORAGE_KEY = 'jarvis_user_tokens'; + this.SALT = 'jarvis-token-vault-v1'; + } + + /** + * Derive encryption key from browser fingerprint + */ + async deriveKey() { + const encoder = new TextEncoder(); + // Use a combination of browser data as key material + const fingerprint = navigator.userAgent + navigator.language + window.screen.width + window.screen.height; + + const keyMaterial = await crypto.subtle.importKey( + 'raw', + encoder.encode(fingerprint), + 'PBKDF2', + false, + ['deriveBits', 'deriveKey'] + ); + + return crypto.subtle.deriveKey( + { + name: 'PBKDF2', + salt: encoder.encode(this.SALT), + iterations: 100000, + hash: 'SHA-256' + }, + keyMaterial, + { name: 'AES-GCM', length: 256 }, + false, + ['encrypt', 'decrypt'] + ); + } + + /** + * Store encrypted token for a destination + */ + async storeToken(destinationId, token) { + try { + const key = await this.deriveKey(); + const encoder = new TextEncoder(); + const iv = crypto.getRandomValues(new Uint8Array(12)); + + const encrypted = await crypto.subtle.encrypt( + { name: 'AES-GCM', iv }, + key, + encoder.encode(token) + ); + + // Get existing tokens + const tokens = this.getAllTokensRaw(); + + // Store encrypted token with IV + tokens[destinationId] = { + iv: Array.from(iv), + data: Array.from(new Uint8Array(encrypted)), + timestamp: Date.now() + }; + + localStorage.setItem(this.STORAGE_KEY, JSON.stringify(tokens)); + return true; + } catch (error) { + console.error('Failed to store token:', error); + return false; + } + } + + /** + * Retrieve and decrypt token for a destination + */ + async getToken(destinationId) { + try { + const tokens = this.getAllTokensRaw(); + const tokenData = tokens[destinationId]; + + if (!tokenData) { + return null; + } + + const key = await this.deriveKey(); + const decrypted = await crypto.subtle.decrypt( + { name: 'AES-GCM', iv: new Uint8Array(tokenData.iv) }, + key, + new Uint8Array(tokenData.data) + ); + + return new TextDecoder().decode(decrypted); + } catch (error) { + console.error('Failed to decrypt token:', error); + return null; + } + } + + /** + * Check if token exists for a destination + */ + hasToken(destinationId) { + const tokens = this.getAllTokensRaw(); + return !!tokens[destinationId]; + } + + /** + * Remove token for a destination + */ + removeToken(destinationId) { + const tokens = this.getAllTokensRaw(); + delete tokens[destinationId]; + localStorage.setItem(this.STORAGE_KEY, JSON.stringify(tokens)); + } + + /** + * Clear all stored tokens + */ + clearAll() { + localStorage.removeItem(this.STORAGE_KEY); + } + + /** + * Get list of destination IDs that have tokens + */ + getStoredDestinationIds() { + const tokens = this.getAllTokensRaw(); + return Object.keys(tokens); + } + + /** + * Get raw token data (internal use) + */ + getAllTokensRaw() { + try { + const stored = localStorage.getItem(this.STORAGE_KEY); + return stored ? JSON.parse(stored) : {}; + } catch (error) { + console.error('Failed to read tokens:', error); + return {}; + } + } + + /** + * Export tokens for backup (encrypted form) + */ + exportTokens() { + return localStorage.getItem(this.STORAGE_KEY); + } + + /** + * Import tokens from backup + */ + importTokens(data) { + try { + const parsed = JSON.parse(data); + localStorage.setItem(this.STORAGE_KEY, data); + return true; + } catch (error) { + console.error('Failed to import tokens:', error); + return false; + } + } +} + +// Create global instance +window.tokenVault = new TokenVault(); diff --git a/Frontend/templates/log_generator.html b/Frontend/templates/log_generator.html new file mode 100644 index 0000000..5406a31 --- /dev/null +++ b/Frontend/templates/log_generator.html @@ -0,0 +1,1630 @@ + + + + + + Synthetic Log Generator + + + + + + +
+ + + + +
+ +
+
+ ① Source +
+ + +
+

Select the security product to generate events from

+
+
+ + +
+
+ ② Data Options & Output + +
+
+ + +

When enabled, logs will generate continuously until stopped

+
+ +
+
+ + +
+ +
+ + +
+
+ +
+
+ + +

Add custom fields to all events as JSON object (e.g., scenario.trace_id, environment, etc.)

+
+
+ +
+
+ +
+ + +
+
+ +
+

Log Output

+
+ +
+
+
+
+ + +
+
+ ③ Destination +
+
+ + +
+

Add or manage destinations in Settings

+
+
+
+
+ + + + + + +
+ + + +
+ Made with by the RoarinPenguin +
+ + + + + + diff --git a/Frontend/templates/test_token_storage.html b/Frontend/templates/test_token_storage.html new file mode 100644 index 0000000..feb1c11 --- /dev/null +++ b/Frontend/templates/test_token_storage.html @@ -0,0 +1,302 @@ + + + + + + Token Storage Test + + + +

🔒 Token Vault Test Suite

+

Test the local encrypted token storage system

+ +
+

1. Basic Storage Test

+ + + + + + + +
+
+ +
+

2. Multiple Destinations Test

+ + +
+
+ +
+

3. Encryption Test

+ + +
+
+ +
+

4. Clear All Test

+ + +
+
+ + + + + diff --git a/PARSER_METHOD_EXPLANATION.md b/PARSER_METHOD_EXPLANATION.md deleted file mode 100644 index 38fa64a..0000000 --- a/PARSER_METHOD_EXPLANATION.md +++ /dev/null @@ -1,153 +0,0 @@ -# 📋 Explanation for Stakeholders Concerned About Parser Creation Changes - -## **🔴 Addressing Concerns About the Old Method** - -**"We had a working system with `create_sentinelone_parsers.py` - why change?"** - -Here's why the new approach is better: - ---- - -## **⚠️ Problems with the Old Method:** - -• **Manual JSON File Management** - - Required maintaining a massive `sentinelone_parsers.json` file locally - - No one knew where this file originally came from or how to update it - - File could be 100,000+ lines of complex JSON - -• **No Update Mechanism** - - Once you had the JSON file, it never updated - - Missing new parsers released by SentinelOne - - No way to know if parsers had been improved or fixed - -• **Prone to Errors** - - JSON syntax errors were common - - Script had to include "fix_json_syntax()" function to handle broken JSON - - Manual fixes often introduced new problems - -• **Version Control Issues** - - No way to track parser versions - - Couldn't tell if your parsers were outdated - - No changelog or update history - -• **Source Unknown** - - The original JSON file's source was unclear - - No official documentation on obtaining updates - - Risk of using outdated or incorrect parser definitions - ---- - -## **✅ Benefits of the New Method:** - -• **Direct from Official Source** - - Downloads directly from SentinelOne's official GitHub repository - - Always gets the latest, tested parsers - - Same parsers that SentinelOne supports officially - -• **Simple Commands** - ```bash - # See what's available without downloading - python download_sentinelone_parsers.py --list - - # Download everything with one command - python download_sentinelone_parsers.py - ``` - -• **Automatic Updates** - - Run the script anytime to get latest parsers - - New parsers added by SentinelOne are immediately available - - Bug fixes and improvements included automatically - -• **Transparency** - - Can preview what will be downloaded with `--list` - - Creates inventory file showing exactly what was downloaded - - Clear source: https://github.com/Sentinel-One/ai-siem - -• **Safe Migration** - - Downloads to `_new` directories first - - Existing parsers remain untouched - - Can compare old vs new before switching - ---- - -## **💡 Key Talking Points:** - -• **"But the old way worked!"** - - Yes, but only with outdated parsers - - You were missing 32 new community parsers - - No way to get security updates or bug fixes - -• **"What if GitHub is down?"** - - Keep local backups (which you should anyway) - - Old script still works for offline scenarios - - Can use downloaded parsers indefinitely - -• **"Is this official?"** - - Downloads from SentinelOne's official GitHub - - Same source their engineering team maintains - - More official than mysterious JSON file - -• **"What about our custom parsers?"** - - Old script still available for custom work - - Can merge custom parsers with official ones - - Best of both worlds approach - ---- - -## **📊 The Numbers Speak:** - -• **Old Method:** - - 116 community parsers (outdated) - - Unknown last update date - - 0 marketplace parsers - -• **New Method:** - - 148 community parsers (current) - - 17 marketplace parsers - - Updated regularly by SentinelOne - -**That's 32 missing parsers and countless updates you weren't getting!** - ---- - -## **🎯 Bottom Line for Management:** - -• **Risk Reduction** - - Using official, supported parsers - - Automatic security updates - - Vendor-maintained quality - -• **Cost Savings** - - No manual maintenance required - - Reduced troubleshooting time - - Fewer parsing errors - -• **Compliance** - - Using vendor-approved configurations - - Auditable source and version tracking - - Clear update history - -• **Future-Proof** - - Automatically get new product support - - Stay current with parser improvements - - No technical debt accumulation - ---- - -## **💬 Simple Analogy:** - -**Old Way:** Like maintaining your own phone book by hand - outdated the moment you finish writing it - -**New Way:** Like using Google Contacts - always current, automatically updated, from the official source - ---- - -## **✅ Migration is Easy:** - -1. **Keep existing setup** - Nothing breaks -2. **Run new downloader** - Gets latest parsers -3. **Compare & validate** - See what's new/updated -4. **Switch when ready** - On your schedule -5. **Old script remains** - Still there if needed - -**No risk, all reward!** \ No newline at end of file diff --git a/PARSER_MIGRATION_GUIDE.md b/PARSER_MIGRATION_GUIDE.md deleted file mode 100644 index 6d0c112..0000000 --- a/PARSER_MIGRATION_GUIDE.md +++ /dev/null @@ -1,219 +0,0 @@ -# Parser Management Migration Guide - -## 🔄 Transitioning from Old to New Parser Management - -This guide explains the transition from the old `create_sentinelone_parsers.py` approach to the new `download_sentinelone_parsers.py` method. - ---- - -## Old Approach: `create_sentinelone_parsers.py` - -### How It Worked: -1. **Required a source JSON file** (`sentinelone_parsers.json`) containing all parser definitions -2. **Manually parsed** the JSON to extract individual parsers -3. **Created directories** locally based on parser names -4. **Fixed JSON syntax** issues in parser configurations -5. **Generated metadata.yaml** files for each parser - -### Limitations: -- ❌ Required maintaining a large JSON file locally -- ❌ No automatic updates from official sources -- ❌ Manual process to get new parsers -- ❌ Prone to JSON syntax errors -- ❌ No version tracking - -### Old Workflow: -```bash -# 1. You needed a sentinelone_parsers.json file (which you had to obtain somehow) -# 2. Run the script -python utilities/create_sentinelone_parsers.py - -# 3. Script would look for these files: -# - sentinelone_parsers.json -# - utilities/sentinelone_parsers.json -# - sentinelone_parsers_example.json -``` - ---- - -## New Approach: `download_sentinelone_parsers.py` - -### How It Works: -1. **Connects directly to GitHub** repository (https://github.com/Sentinel-One/ai-siem) -2. **Downloads latest parsers** via GitHub API -3. **Automatically organizes** into proper directory structure -4. **Creates inventory** of all downloaded parsers -5. **Handles both** community and marketplace parsers - -### Advantages: -- ✅ Always gets latest parser versions -- ✅ No manual file management -- ✅ Direct from official SentinelOne repository -- ✅ Automatic organization -- ✅ Version tracking via inventory -- ✅ Can list without downloading - -### New Workflow: -```bash -# 1. List available parsers (no download) -python utilities/download_sentinelone_parsers.py --list - -# 2. Download all parsers -python utilities/download_sentinelone_parsers.py - -# 3. Parsers are automatically organized: -# - parsers/community_new/ (148 parsers) -# - parsers/sentinelone_new/ (17 parsers) -# - parsers/parser_inventory.json -``` - ---- - -## 🔑 Key Differences - -| Aspect | Old Method | New Method | -|--------|------------|------------| -| **Source** | Local JSON file | GitHub repository | -| **Updates** | Manual | Automatic | -| **Parser Count** | Limited to what's in JSON | All 165 official parsers | -| **Maintenance** | High - need to maintain JSON | Low - direct from source | -| **Error Handling** | JSON syntax fixes needed | Clean downloads | -| **Version Tracking** | None | Inventory with timestamps | -| **Preview** | No | `--list` flag to preview | - ---- - -## 📝 Migration Steps - -### If You Were Using the Old Method: - -1. **Check existing parsers:** - ```bash - ls parsers/sentinelone/ - ``` - -2. **List available parsers from GitHub:** - ```bash - python utilities/download_sentinelone_parsers.py --list - ``` - This shows what's available without downloading. - -3. **Download new parsers:** - ```bash - python utilities/download_sentinelone_parsers.py - ``` - Downloads to `parsers/community_new/` and `parsers/sentinelone_new/` - -4. **Compare and merge:** - ```bash - # Compare what you have vs what was downloaded - diff -r parsers/community parsers/community_new - diff -r parsers/sentinelone parsers/sentinelone_new - ``` - -5. **Update if needed:** - ```bash - # Backup existing - mv parsers/community parsers/community_backup - mv parsers/sentinelone parsers/sentinelone_backup - - # Use new ones - mv parsers/community_new parsers/community - mv parsers/sentinelone_new parsers/sentinelone - ``` - ---- - -## 🆚 When to Use Which Script - -### Use `create_sentinelone_parsers.py` when: -- You have a custom JSON file with parser definitions -- You need to create parsers from a specific format -- You're working offline without GitHub access -- You have proprietary parser definitions - -### Use `download_sentinelone_parsers.py` when: -- You want the latest official parsers -- You need to update existing parsers -- You want to see what's available -- You're setting up a new environment -- You want automatic organization - ---- - -## 📊 Current Parser Status - -``` -Your Project: -├── parsers/ -│ ├── community/ # 116 existing parsers -│ └── sentinelone/ # 18 existing parsers - -GitHub Repository: -├── parsers/ -│ ├── community/ # 148 available parsers -│ └── sentinelone/ # 17 available parsers -``` - -**Gap Analysis:** -- Community: You have 116, GitHub has 148 (32 new available) -- SentinelOne: You have 18, GitHub has 17 (you have 1 extra) - ---- - -## 🚀 Quick Start for New Users - -If you're starting fresh: - -```bash -# 1. Go to utilities directory -cd utilities/ - -# 2. See what's available -python download_sentinelone_parsers.py --list - -# 3. Download everything -python download_sentinelone_parsers.py - -# 4. Move to correct location -mv parsers/community_new ../parsers/community -mv parsers/sentinelone_new ../parsers/sentinelone - -# 5. Verify -ls ../parsers/community | wc -l # Should show 148 -ls ../parsers/sentinelone | wc -l # Should show 17 -``` - ---- - -## ⚠️ Important Notes - -1. **The old script still works** - If you have custom parser JSON files, `create_sentinelone_parsers.py` is still functional -2. **No data loss** - The new script downloads to `_new` directories, so existing parsers are safe -3. **GitHub API limits** - If downloading many files, you might hit rate limits. Wait and retry. -4. **Network required** - The new method requires internet access to GitHub - ---- - -## 📋 Example Parser Structure - -Both methods create the same structure: - -``` -parsers/community/aws_cloudtrail-latest/ -├── aws_cloudtrail.conf # Parser configuration -└── metadata.yaml # Parser metadata - -parsers/sentinelone/marketplace-fortinetfortigate-latest/ -├── marketplace-fortinetfortigate-latest.json # Parser config -└── metadata.yaml # Parser metadata -``` - ---- - -## 🤝 Support - -- **Issues with downloading?** Check network and GitHub API status -- **JSON syntax errors?** Use the old script with `sentinelone_parsers_example.json` -- **Missing parsers?** Compare inventory with GitHub repository -- **Need specific parsers?** Can still use targeted downloads or old method \ No newline at end of file diff --git a/README.md b/README.md index 9aa9294..9ba59b6 100644 --- a/README.md +++ b/README.md @@ -1,339 +1,163 @@ -# Security Event Generation and Parser Validation +# Jarvis Frontend & Backend – Docker Quickstart -Synthetic security event generators, parser metadata, and an API for sending events to SentinelOne AI SIEM via HEC. This repo helps you quickly validate field extraction and formatting across many vendor sources. +This repository contains two services: +- Backend API (FastAPI) under `Backend/api/` +- Frontend UI (Flask) under `Frontend/` -## Project Layout -- `api/`: FastAPI service (`app/` modules, `tests/`, `start_api.py`). -- `event_generators/`: Vendor generators and shared HEC sender. -- `parsers/`: Community/marketplace parser folders (`*-latest`). -- `scenarios/`: Example scenario configs for demos. -- `testing/`: Validation utilities and scripts. -- `docs/`: Extended docs (validation, guides). +A root-level `docker-compose.yml` builds and runs both services together. -## Quick Start -```bash -python3 -m venv .venv && source .venv/bin/activate -pip install -r api/requirements.txt +## Prerequisites +- Docker Desktop (or Docker Engine) installed +- Docker Compose v2 (bundled with recent Docker Desktop) +- Terminal access -# Run API -python api/start_api.py # http://localhost:8000 +If you're new to Docker, think of images as "apps" you build, and containers as the running "instances" of those apps. -# Send events to HEC (set env first) -export S1_HEC_TOKEN=... # and optionally S1_HEC_URL -python event_generators/shared/hec_sender.py --product crowdstrike_falcon -n 3 -``` +## Project Structure +- `Backend/api/Dockerfile`: Builds the API image +- `Frontend/Dockerfile`: Builds the UI image +- `docker-compose.yml`: Orchestrates API and UI +- `.env`: Environment variables loaded by Compose -## Docker +## Quick Start + +### 1. Create Environment File +First time setup - copy the template to create your `.env` file: ```bash -docker-compose up --build +cp ".env copy" .env ``` -## Validation -- End‑to‑end validation workflow and troubleshooting are documented in `docs/VALIDATION.md`. -- The HEC sender now prefers dynamic sourcetype mappings by scanning `parsers/*/*-latest`, with explicit overrides where needed. - -## Contributing -- See `AGENTS.md` for contributor guidelines (style, tests, PRs). -- `aws_cloudtrail`: AWS CloudTrail events -- `aws_elb`: AWS Elastic Load Balancer logs -- `aws_guardduty`: AWS GuardDuty findings -- `aws_elasticloadbalancer`: AWS Elastic Load Balancer logs -- `aws_route53`: AWS Route 53 DNS query logs -- `aws_vpc_dns`: AWS VPC DNS query logs -- `aws_vpcflow`: AWS VPC Flow Logs -- `aws_vpcflowlogs`: AWS VPC Flow Logs -- `aws_waf`: AWS Web Application Firewall logs -- `google_cloud_dns`: Google Cloud DNS query and audit events -- `google_workspace`: Google Workspace admin and user activity events - -### Network Security & Infrastructure -- `akamai_cdn`: Akamai CDN access and performance logs -- `akamai_dns`: Akamai DNS resolution and security logs -- `akamai_general`: Akamai general security and performance events -- `akamai_sitedefender`: Akamai SiteDefender WAF security events -- `cisco_asa`: Cisco ASA firewall logs -- `cisco_duo`: Cisco Duo multi-factor authentication events -- `cisco_fmc`: Cisco Firepower Management Center security events -- `cisco_ios`: Cisco IOS network device syslog events -- `cisco_ironport`: Cisco IronPort Email Security Appliance logs -- `cisco_isa3000`: Cisco ISA3000 industrial security appliance events -- `cisco_ise`: Cisco Identity Services Engine authentication events -- `cisco_firewall_threat_defense`: Cisco Firewall Threat Defense logs -- `cisco_meraki`: Cisco Meraki logs -- `cisco_meraki_flow`: Cisco Meraki Flow logs -- `cisco_networks`: Cisco network infrastructure events -- `cisco_umbrella`: Cisco Umbrella DNS logs -- `cloudflare_general`: Cloudflare security and performance events -- `corelight_conn`: Corelight network connection logs -- `corelight_http`: Corelight HTTP traffic logs -- `corelight_ssl`: Corelight SSL/TLS logs -- `corelight_tunnel`: Corelight tunnel traffic logs -- `extreme_networks`: Extreme Networks switch and access point events -- `f5_networks`: F5 BIG-IP load balancer and security events -- `f5_vpn`: F5 VPN access and session logs -- `fortinet_fortigate`: FortiGate firewall logs (multiple types) -- `isc_bind`: ISC BIND DNS server query and security logs -- `isc_dhcp`: ISC DHCP server lease and network logs -- `juniper_networks`: Juniper Networks device events -- `paloalto_prismasase`: Palo Alto Prisma SASE security and network events -- `ubiquiti_unifi`: Ubiquiti UniFi network equipment events -- `zscaler`: Zscaler proxy logs -- `zscaler_dns_firewall`: Zscaler DNS firewall security events -- `zscaler_firewall`: Zscaler firewall and security events - -### Endpoint & Identity Security -- `abnormal_security`: Abnormal Security email security events -- `armis`: Armis IoT device discovery and security events -- `crowdstrike_falcon`: CrowdStrike Falcon endpoint events -- `hypr_auth`: HYPR passwordless authentication events -- `iis_w3c`: Microsoft IIS W3C web server logs -- `jamf_protect`: Jamf Protect macOS endpoint security events -- `linux_auth`: Linux authentication logs (/var/log/auth.log) -- `microsoft_365_collaboration`: Microsoft 365 SharePoint/OneDrive collaboration events -- `microsoft_365_defender`: Microsoft 365 Defender endpoint security events -- `microsoft_azure_ad_signin`: Microsoft Azure AD signin events -- `microsoft_azuread`: Azure AD audit logs -- `microsoft_defender_email`: Microsoft Defender for Office 365 events -- `microsoft_windows_eventlog`: Microsoft Windows Event Log events -- `okta_authentication`: Okta authentication events -- `pingfederate`: PingFederate SSO authentication and provisioning events -- `pingone_mfa`: PingOne multi-factor authentication events -- `pingprotect`: PingProtect fraud detection and authentication events -- `rsa_adaptive`: RSA Adaptive Authentication risk-based security events -- `sentinelone_endpoint`: SentinelOne XDR endpoint events (servers, workstations, Kubernetes) -- `sentinelone_identity`: SentinelOne Ranger AD identity/authentication events - -### Email Security -- `mimecast`: Mimecast email security events -- `proofpoint`: Proofpoint email security events - -### Web Application Security -- `imperva_sonar`: Imperva Sonar database security and compliance logs -- `imperva_waf`: Imperva Web Application Firewall security events -- `incapsula`: Imperva Incapsula WAF security events - -### Privileged Access & Identity Management -- `beyondtrust_passwordsafe`: BeyondTrust Password Safe audit events -- `beyondtrust_privilegemgmtwindows`: BeyondTrust Privilege Management Windows logs -- `cyberark_conjur`: CyberArk Conjur secrets management audit events -- `cyberark_pas`: CyberArk Privileged Access Security events -- `hashicorp_vault`: HashiCorp Vault secrets management events -- `securelink`: SecureLink privileged remote access events - -### SIEM & Analytics -- `darktrace`: Darktrace AI-powered threat detection events -- `darktrace_darktrace`: Darktrace AI-powered threat detection events -- `extrahop`: ExtraHop network detection and response events -- `manch_siem`: Manchester SIEM security events and alerts -- `vectra_ai`: Vectra AI network detection and response events - -### IT Management & Data Protection -- `axway_sftp`: Axway SFTP file transfer and audit logs -- `cohesity_backup`: Cohesity data management and backup logs -- `github_audit`: GitHub repository and organization audit logs -- `manageengine_adauditplus`: ManageEngine AD Audit Plus events -- `manageengine_general`: ManageEngine IT management and security events -- `microsoft_365_mgmt_api`: Microsoft 365 Management API events -- `microsoft_azure_ad`: Microsoft Azure AD events -- `microsoft_eventhub_azure_signin`: Microsoft EventHub Azure Signin events -- `microsoft_eventhub_defender_email`: Microsoft EventHub Defender Email events -- `microsoft_eventhub_defender_emailforcloud`: Microsoft EventHub Defender Email for Cloud events -- `sap`: SAP ERP, HANA, and security audit events -- `veeam_backup`: Veeam backup and recovery operations logs -- `wiz_cloud`: Wiz cloud security posture and compliance events +The default configuration has authentication disabled for easy local development (`DISABLE_AUTH=true`). This is perfect for getting started! -### DevOps & CI/CD -- `buildkite`: Buildkite CI/CD audit and pipeline events -- `harness_ci`: Harness CI/CD pipeline and deployment logs -- `teleport`: Teleport access proxy events (SSH, database, Kubernetes) - -### Network Access & VPN -- `apache_http`: Apache HTTP server access logs -- `netskope`: Netskope cloud security events -- `tailscale`: Tailscale zero-trust network access events - -## Attack Scenario Generation - -### Quick Scenarios -Generate focused attack scenarios for testing: +### 2. Start Services +Build and start both services: ```bash -python event_python_writer/quick_scenario.py +docker compose up -d --build ``` -Available scenarios: `phishing_attack`, `insider_threat`, `malware_outbreak`, `credential_stuffing`, `data_breach` +- **API**: http://localhost:8000 +- **Frontend UI**: http://localhost:9001 +- **API Docs**: http://localhost:8000/api/v1/docs -### Full APT Campaign Simulation -Generate comprehensive 14-day attack campaigns: +### 3. Stop Services ```bash -# Generate a complete attack campaign -python event_python_writer/attack_scenario_orchestrator.py - -# Send generated scenario to HEC with timing control -python event_python_writer/scenario_hec_sender.py +docker compose down ``` -### Scenario Features -- **Multi-platform correlation**: Events span email, identity, endpoint, network, cloud, and privileged access platforms -- **Realistic attack progression**: 5-phase attack chain (reconnaissance → initial access → persistence → escalation → exfiltration) -- **Temporal correlation**: Events follow realistic timing patterns -- **Threat intelligence**: Incorporates real attack techniques and IOCs - -## Parser Testing & Validation - -### End-to-End Testing Framework -The comprehensive testing framework validates parser effectiveness in production by: -1. **Generating test events** with unique tracking IDs -2. **Sending to HEC endpoint** via proven hec_sender.py -3. **Waiting for indexing** and parsing (configurable delay) -4. **Querying SDL API** to retrieve parsed events -5. **Analyzing field extraction** effectiveness vs expectations -6. **Generating detailed reports** with actionable insights - -### Key Testing Tools - -#### Complete Pipeline Testing +## Step-by-Step (Beginner Friendly) +1. Build images (compiles dependencies and copies code): ```bash -# Test all parsers with full HEC → SDL API validation -python event_python_writer/end_to_end_pipeline_tester.py - -# Test specific parser subset -python event_python_writer/end_to_end_pipeline_tester.py --parsers aws_waf,cisco_duo +docker compose build ``` - -#### Comprehensive Analysis (Without API Dependency) +2. Start containers: ```bash -# Analyze all parsers for effectiveness without API calls -python event_python_writer/comprehensive_parser_effectiveness_tester.py +docker compose up -d ``` - -#### Field Mapping Analysis +3. Verify they are running: ```bash -# Analyze field matching between generators and parsers -python event_python_writer/comprehensive_field_matcher.py +docker ps +``` +4. Check logs (live streaming): +```bash +docker logs -f jarvis-api +# in a second terminal +docker logs -f jarvis-frontend +``` +5. Test endpoints: +```bash +# API root +curl http://localhost:8000 +# API health +curl http://localhost:8000/api/v1/health +# Open the UI in your browser +open http://localhost:9001 ``` -### Testing Results Summary (Latest: September 2025) -- **Total Generators**: 100+ generators across all security categories -- **Working Generators**: 98+ generators functional (98% success rate) -- **Parser Coverage**: 100+ community and marketplace parsers available -- **Field Extraction**: Top performers extracting 240-294 fields -- **OCSF Compliance**: 100% compliance achieved by excellent parsers -- **AWS Compatibility**: Enhanced marketplace parser integration -- **Corporate Test Data**: Professional test data across all generators - -## Architecture +## Configuration (.env) -### Event Generators -- Each generator is self-contained (<200 lines) -- Uses only Python standard library (except `hec_sender.py` which requires `requests`) -- Returns structured JSON events -- Includes AI-SIEM specific attributes for parser compatibility +The `.env` file controls both services. Copy from `.env copy` if you haven't already: +```bash +cp ".env copy" .env +``` -### Parser Structure -Each parser directory contains: -- JSON configuration with parsing rules -- `metadata.yaml` with parser metadata -- Parser naming convention: `__-latest/` +### Authentication Settings +By default, authentication is **disabled** for local development: +- `DISABLE_AUTH=true` - No API keys required (recommended for local dev) +- `BACKEND_API_KEY` - Not needed when auth is disabled -### Key Patterns -1. Generators follow naming convention: `_.py` -2. Each generator exports a `_log()` function returning a dictionary -3. `hec_sender.py` maps products to their respective generators -4. Parsers use JSON schema definitions for field mapping -5. Testing framework validates end-to-end pipeline effectiveness +For production, enable authentication: +```bash +DISABLE_AUTH=false +API_KEYS_ADMIN=your-secure-admin-key +BACKEND_API_KEY=your-secure-admin-key # Frontend uses this to talk to backend +``` -## Environment Variables +### Other Key Variables +- **HEC Batching** (used by UI when sending to HEC): + - `S1_HEC_BATCH=true` + - `S1_HEC_BATCH_MAX_BYTES=1048576` + - `S1_HEC_BATCH_FLUSH_MS=500` + - `S1_HEC_DEBUG=0` +- **Secret Key**: `SECRET_KEY` - Change for production deployments -### For Event Generation & HEC Sending +### Applying Configuration Changes +After editing `.env`, restart containers: ```bash -export S1_HEC_TOKEN="your-hec-token-here" +docker compose down && docker compose up -d ``` -### For SDL API Querying (Parser Testing) +## Common Commands +- Rebuild everything after Dockerfile changes: ```bash -export S1_SDL_API_TOKEN="your-read-api-token-here" +docker compose build --no-cache && docker compose up -d ``` - -## File Structure - +- Rebuild just the API: +```bash +docker compose build api && docker compose up -d ``` -├── README.md # Project overview and setup guide -├── RELEASE_NOTES.md # Comprehensive release notes -├── CHANGELOG.md # Version history and changes -├── CLAUDE.md # Development guidance for Claude Code -├── detections.conf # SentinelOne detection rules -├── event_generators/ # Organized security event generators -│ ├── cloud_infrastructure/ # AWS, Google Cloud, Azure (9 generators) -│ ├── network_security/ # Firewalls, NDR, network devices (34 generators) -│ ├── endpoint_security/ # EDR, endpoint protection (6 generators) -│ ├── identity_access/ # IAM, authentication, PAM (20 generators) -│ ├── email_security/ # Email security platforms (4 generators) -│ ├── web_security/ # WAF, web proxies, CDN (13 generators) -│ ├── infrastructure/ # IT management, backup, DevOps (20 generators) -│ └── shared/ # Common utilities and HEC sender -├── parsers/community/ # 100+ JSON-based parser configurations -├── scenarios/ # Attack simulation scenarios -├── testing/ # Comprehensive validation tools -│ ├── validation/ # Parser effectiveness testing -│ ├── bulk_testing/ # Bulk event sending and testing -│ └── utilities/ # Testing utilities and fixes -├── utilities/ # Supporting tools and scripts -│ ├── continuous_senders/ # Continuous data streaming utilities -│ └── parsers/ # Parser management tools -├── api/ # REST API implementation -├── docs/ # Comprehensive documentation -└── archive/ # Historical data and deprecated files +- Rebuild just the Frontend: +```bash +docker compose build frontend && docker compose up -d +``` +- Tail logs: +```bash +docker logs -f jarvis-api ``` -## Recent Major Improvements - -### Repository Cleanup & Security (v2.2.0) -- **Security Enhancements**: Removed sensitive .coral files from version control -- **AWS Generator Fixes**: Updated CloudTrail, VPC Flow Logs, Route 53, GuardDuty, and WAF for better parser compatibility -- **Corporate Test Data**: Professional business-appropriate test data across all generators -- **Directory Organization**: Clean, organized structure with archived historical data -- **Continuous Data Senders**: New utilities for ongoing event streaming - -### Parser Infrastructure (v2.0.0+) -- **100+ Generators**: Comprehensive coverage across all major security vendors -- **OCSF 1.1.0 Compliance**: All parsers follow Open Cybersecurity Schema Framework standards -- **Marketplace Integration**: 90+ SentinelOne marketplace parsers with enhanced field extraction -- **JSON-Based Configuration**: Modern parser format replacing legacy configurations -- **Enhanced Field Mapping**: Comprehensive OCSF schema mapping with observables extraction - -### API Production Release (v2.1.0) -- **Complete REST API**: Production-ready API with 100+ generator endpoints -- **Authentication System**: Role-based access control with API key management -- **Interactive Documentation**: Swagger UI and comprehensive developer guides -- **Performance Optimization**: Sub-100ms response times with concurrent request handling -- **Monitoring & Metrics**: API usage tracking and performance monitoring +## Troubleshooting +### "Missing API key" or "API key required" errors +**Symptom**: Frontend shows "Failed to save destination" with 403 errors about missing API key. -### Testing & Validation Framework -- **End-to-End Testing**: Real HEC ingestion and SDL API validation -- **Comprehensive Analysis**: Field extraction effectiveness measurement -- **Production Validation**: Actual parser performance in SentinelOne environment -- **Automated Testing**: Continuous validation across all generators and parsers -- **Performance Metrics**: Detailed reporting on extraction rates and compatibility +**Solution**: Create the `.env` file with `DISABLE_AUTH=true`: +```bash +cp ".env copy" .env +docker compose down && docker compose up -d +``` -## Adding New Generators +### "port already in use" +Another process is using that port. The UI maps `9001:8000`. Either stop the other app or change the left number in `docker-compose.yml`. -1. **Create Generator File**: Follow naming convention `_.py` in appropriate category directory -2. **Implement Function**: Create `_log()` function returning event dictionary -3. **Use Corporate Test Data**: Include professional business-appropriate test data -4. **Update HEC Sender**: Add to `PROD_MAP` and `SOURCETYPE_MAP` in `hec_sender.py` -5. **Test Compatibility**: Validate with corresponding parser using testing framework -6. **Update Documentation**: Add to README.md and create generator-specific docs -7. **Validate OCSF**: Ensure parser compatibility and field extraction +### API keeps restarting with missing modules +Rebuild the API image: +```bash +docker compose build api --no-cache && docker compose up -d +``` -## Contributing +### API health is failing with missing `/event_generators` or `/parsers` +The image includes symlinks for these paths; ensure you rebuilt after recent changes. -1. **Follow Patterns**: Use existing generator architecture and corporate test data standards -2. **Realistic Events**: Include appropriate field values matching actual vendor log formats -3. **Parser Compatibility**: Ensure events work with corresponding SentinelOne parsers -4. **Comprehensive Testing**: Use validation framework to test generators and parsers -5. **Documentation**: Update guides, README, and create usage examples -6. **Security Compliance**: Follow OCSF standards and security best practices -7. **Professional Data**: Use corporate business examples, not themed test data +### Frontend can’t reach backend +Inside containers, the UI uses `API_BASE_URL=http://api:8000`. From your host, use `http://localhost:8000` for the API and `http://localhost:9001` for the UI. -## License +## Development Tips +- Live code mounting is enabled for the UI and backend content in Compose (read-only) to keep container images small and consistent. Rebuild images when you change Dockerfiles or dependencies. +- Use `docker compose down` to stop and clean up containers and network. -This project is designed for defensive security testing and research purposes. Use responsibly and in accordance with your organization's security policies. +## Clean Up +Stop and remove containers, and the compose network: +```bash +docker compose down +``` +Optionally remove images: +```bash +docker rmi jarvis_frontend-api jarvis_frontend-frontend +``` diff --git a/SIMPLE_PARSER_GUIDE.md b/SIMPLE_PARSER_GUIDE.md deleted file mode 100644 index cbe4e63..0000000 --- a/SIMPLE_PARSER_GUIDE.md +++ /dev/null @@ -1,50 +0,0 @@ -# 🎯 Simple Explanation - -## **The Problem:** -`create_sentinelone_parsers.py` needed a huge JSON file that nobody knew how to get or update. - -## **The Solution:** -`download_sentinelone_parsers.py` automatically gets that file from SentinelOne's GitHub. - ---- - -## **How to Use:** - -### **Old Way (Broken):** -```bash -# ❌ This failed because you didn't have the JSON file -python create_sentinelone_parsers.py -# Error: sentinelone_parsers.json not found! -``` - -### **New Way (Works):** -```bash -# ✅ This downloads everything you need -python utilities/download_sentinelone_parsers.py -``` - ---- - -## **What It Does:** -1. **Downloads** 165 parsers from SentinelOne's official GitHub -2. **Organizes** them into proper folders -3. **Ready to use** - no JSON file needed - ---- - -## **That's It!** - -- **Before:** You needed a mystery file → Didn't work -- **Now:** One command → Gets everything → Works - -```bash -# Just run this: -python utilities/download_sentinelone_parsers.py - -# You get: -✓ 148 community parsers -✓ 17 marketplace parsers -✓ All organized and ready -``` - -**One command. No hassle. Always up-to-date.** \ No newline at end of file diff --git a/api/Dockerfile b/api/Dockerfile deleted file mode 100644 index 22a964c..0000000 --- a/api/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Multi-stage build for Jarvis Coding API -FROM python:3.11-slim as builder - -# Set working directory -WORKDIR /app - -# Install build dependencies -RUN apt-get update && apt-get install -y \ - gcc \ - && rm -rf /var/lib/apt/lists/* - -# Copy requirements -COPY requirements.txt . - -# Install Python dependencies -RUN pip install --no-cache-dir --user -r requirements.txt - -# Production stage -FROM python:3.11-slim - -# Set working directory -WORKDIR /app - -# Copy Python dependencies from builder -COPY --from=builder /root/.local /root/.local - -# Copy application code -COPY app/ ./app/ -COPY start_api.py . - -# Copy event generators and parsers from parent directory -COPY ../event_generators ./event_generators -COPY ../parsers ./parsers -COPY ../scenarios ./scenarios - -# Make sure scripts are in PATH -ENV PATH=/root/.local/bin:$PATH - -# Create non-root user -RUN useradd -m -u 1000 jarvis && \ - chown -R jarvis:jarvis /app - -# Switch to non-root user -USER jarvis - -# Expose port -EXPOSE 8000 - -# Health check -HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ - CMD python -c "import requests; requests.get('http://localhost:8000/api/v1/health')" || exit 1 - -# Run the application -CMD ["python", "start_api.py"] \ No newline at end of file diff --git a/api/app/routers/validation.py b/api/app/routers/validation.py deleted file mode 100644 index a808f4e..0000000 --- a/api/app/routers/validation.py +++ /dev/null @@ -1,56 +0,0 @@ -""" -Validation endpoints for generator-parser compatibility -""" -from fastapi import APIRouter, HTTPException, Depends -from typing import Dict, Any - -from app.models.responses import BaseResponse, ValidationResult -from app.core.config import settings -from app.core.simple_auth import require_read_access, require_write_access - -router = APIRouter() - - -@router.post("/check", response_model=BaseResponse) -async def check_compatibility( - generator_id: str, - parser_id: str, - deep_validation: bool = False, - _: str = Depends(require_read_access) -): - """Check generator-parser compatibility""" - # TODO: Implement validation logic - result = ValidationResult( - generator_id=generator_id, - parser_id=parser_id, - compatibility_score=0.0, - format_compatible=False, - field_coverage={ - "total_generator_fields": 0, - "matched_fields": 0, - "coverage_percentage": 0.0 - }, - grade="F" - ) - - return BaseResponse( - success=True, - data=result.model_dump() - ) - - -@router.get("/coverage", response_model=BaseResponse) -async def get_field_coverage(_: str = Depends(require_read_access)): - """Get overall field coverage matrix""" - # TODO: Implement coverage matrix - return BaseResponse( - success=True, - data={ - "coverage_matrix": [], - "summary": { - "total_generators": 0, - "total_parsers": 0, - "avg_compatibility": 0.0 - } - } - ) \ No newline at end of file diff --git a/api/requirements.txt b/api/requirements.txt deleted file mode 100644 index 0d86e04..0000000 --- a/api/requirements.txt +++ /dev/null @@ -1,40 +0,0 @@ -# Core API dependencies -fastapi==0.109.0 -uvicorn[standard]==0.27.0 -python-multipart==0.0.6 -pydantic==2.5.3 -pydantic-settings==2.1.0 - -# Authentication -python-jose[cryptography]==3.3.0 -passlib[bcrypt]==1.7.4 -python-dotenv==1.0.0 - -# Database -sqlalchemy==2.0.25 -alembic==1.13.1 -databases==0.8.0 -asyncpg==0.29.0 -aiosqlite==0.19.0 - -# Utilities -httpx==0.26.0 -aiofiles==23.2.1 -python-json-logger==2.0.7 - -# CORS and security -python-multipart==0.0.6 -email-validator==2.1.0 - -# Testing -pytest==7.4.4 -pytest-asyncio==0.23.3 -pytest-cov==4.1.0 - -# Development -black==23.12.1 -flake8==7.0.0 -mypy==1.8.0 - -# Monitoring -prometheus-client==0.19.0 \ No newline at end of file diff --git a/api/test_api.py b/api/test_api.py deleted file mode 100644 index 54673be..0000000 --- a/api/test_api.py +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/env python3 -""" -Simple test script for the Jarvis Coding API -""" -import requests -import json -import sys - -API_BASE = "http://localhost:8000" - -def test_api(): - """Test basic API functionality""" - print("🧪 Testing Jarvis Coding API...") - print("-" * 50) - - # Test 1: Root endpoint - print("\n1. Testing root endpoint...") - try: - response = requests.get(f"{API_BASE}/") - assert response.status_code == 200 - data = response.json() - print(f" ✅ API Name: {data['name']}") - print(f" ✅ Version: {data['version']}") - except Exception as e: - print(f" ❌ Failed: {e}") - return False - - # Test 2: Health check - print("\n2. Testing health endpoint...") - try: - response = requests.get(f"{API_BASE}/api/v1/health") - assert response.status_code == 200 - data = response.json() - print(f" ✅ Status: {data['status']}") - print(f" ✅ Generators: {data['generators_available']}") - print(f" ✅ Parsers: {data['parsers_available']}") - except Exception as e: - print(f" ❌ Failed: {e}") - return False - - # Test 3: List generators - print("\n3. Testing list generators...") - try: - response = requests.get(f"{API_BASE}/api/v1/generators?per_page=5") - assert response.status_code == 200 - data = response.json() - generators = data['data']['generators'] - print(f" ✅ Found {data['data']['total']} total generators") - print(f" ✅ First generator: {generators[0]['name'] if generators else 'None'}") - except Exception as e: - print(f" ❌ Failed: {e}") - return False - - # Test 4: Get generator details - print("\n4. Testing generator details...") - try: - response = requests.get(f"{API_BASE}/api/v1/generators/crowdstrike_falcon") - if response.status_code == 200: - data = response.json() - gen = data['data'] - print(f" ✅ Name: {gen['name']}") - print(f" ✅ Category: {gen['category']}") - print(f" ✅ Vendor: {gen['vendor']}") - else: - print(f" ⚠️ CrowdStrike generator not found (status: {response.status_code})") - except Exception as e: - print(f" ❌ Failed: {e}") - return False - - # Test 5: Execute generator - print("\n5. Testing generator execution...") - try: - response = requests.post( - f"{API_BASE}/api/v1/generators/crowdstrike_falcon/execute", - json={"count": 2, "format": "json"} - ) - if response.status_code == 200: - data = response.json() - events = data['data']['events'] - print(f" ✅ Generated {len(events)} events") - print(f" ✅ Execution time: {data['data']['execution_time_ms']:.2f}ms") - else: - print(f" ⚠️ Execution failed (status: {response.status_code})") - except Exception as e: - print(f" ❌ Failed: {e}") - return False - - # Test 6: List categories - print("\n6. Testing categories...") - try: - response = requests.get(f"{API_BASE}/api/v1/generators/categories") - assert response.status_code == 200 - data = response.json() - categories = data['data']['categories'] - print(f" ✅ Found {len(categories)} categories") - for cat in categories[:3]: - print(f" - {cat['name']}: {cat['generator_count']} generators") - except Exception as e: - print(f" ❌ Failed: {e}") - return False - - print("\n" + "=" * 50) - print("✅ All tests passed!") - return True - -if __name__ == "__main__": - try: - success = test_api() - sys.exit(0 if success else 1) - except requests.exceptions.ConnectionError: - print("❌ Error: Could not connect to API. Is the server running?") - print(" Run: python start_api.py") - sys.exit(1) \ No newline at end of file diff --git a/api/test_auth.py b/api/test_auth.py deleted file mode 100644 index 3635d33..0000000 --- a/api/test_auth.py +++ /dev/null @@ -1,253 +0,0 @@ -#!/usr/bin/env python3 -""" -Test authentication for Jarvis Coding API -""" -import requests -import sys -import os - -API_BASE = "http://localhost:8000" - -def test_no_auth(): - """Test requests without authentication""" - print("\n🧪 Testing without authentication...") - - # Try to access protected endpoint - response = requests.get(f"{API_BASE}/api/v1/generators") - - if response.status_code == 403: - print(" ✅ Correctly rejected - authentication required") - return True - elif response.status_code == 200: - print(" ⚠️ Authentication might be disabled") - return True - else: - print(f" ❌ Unexpected status: {response.status_code}") - return False - - -def test_invalid_auth(): - """Test with invalid API key""" - print("\n🧪 Testing with invalid API key...") - - headers = {"X-API-Key": "invalid-key-12345"} - response = requests.get(f"{API_BASE}/api/v1/generators", headers=headers) - - if response.status_code == 403: - print(" ✅ Correctly rejected invalid key") - return True - else: - print(f" ❌ Should reject invalid key, got: {response.status_code}") - return False - - -def test_valid_auth_header(api_key): - """Test with valid API key in header""" - print("\n🧪 Testing with valid API key (header)...") - - headers = {"X-API-Key": api_key} - response = requests.get(f"{API_BASE}/api/v1/generators?per_page=1", headers=headers) - - if response.status_code == 200: - data = response.json() - print(f" ✅ Authenticated successfully") - print(f" ✅ Found {data['data']['total']} generators") - return True - else: - print(f" ❌ Authentication failed: {response.status_code}") - return False - - -def test_valid_auth_query(api_key): - """Test with valid API key in query parameter""" - print("\n🧪 Testing with valid API key (query param)...") - - response = requests.get(f"{API_BASE}/api/v1/generators?api_key={api_key}&per_page=1") - - if response.status_code == 200: - print(" ✅ Query parameter authentication works") - return True - else: - print(f" ❌ Query auth failed: {response.status_code}") - return False - - -def test_read_access(api_key): - """Test read-only operations""" - print("\n🧪 Testing read access...") - - headers = {"X-API-Key": api_key} - - # Test various read endpoints - endpoints = [ - "/api/v1/generators", - "/api/v1/generators/categories", - "/api/v1/health" - ] - - for endpoint in endpoints: - response = requests.get(f"{API_BASE}{endpoint}", headers=headers) - if response.status_code == 200: - print(f" ✅ Can read {endpoint}") - else: - print(f" ❌ Cannot read {endpoint}: {response.status_code}") - return False - - return True - - -def test_write_access(api_key, should_succeed=True): - """Test write operations""" - print(f"\n🧪 Testing write access (should {'succeed' if should_succeed else 'fail'})...") - - headers = {"X-API-Key": api_key} - - # Try to execute a generator - response = requests.post( - f"{API_BASE}/api/v1/generators/crowdstrike_falcon/execute", - headers=headers, - json={"count": 1} - ) - - if should_succeed: - if response.status_code == 200: - print(" ✅ Write access granted") - return True - else: - print(f" ❌ Write access denied: {response.status_code}") - return False - else: - if response.status_code == 403: - print(" ✅ Write access correctly denied") - return True - else: - print(f" ❌ Should deny write access, got: {response.status_code}") - return False - - -def test_rate_limiting(api_key, limit=10): - """Test rate limiting""" - print(f"\n🧪 Testing rate limiting (making {limit + 5} requests)...") - - headers = {"X-API-Key": api_key} - rate_limited = False - - for i in range(limit + 5): - response = requests.get(f"{API_BASE}/api/v1/generators/categories", headers=headers) - - if response.status_code == 429: - print(f" ✅ Rate limited after {i} requests") - rate_limited = True - break - elif response.status_code != 200: - print(f" ❌ Unexpected error: {response.status_code}") - return False - - if not rate_limited: - print(f" ⚠️ Rate limiting might be disabled or limit is > {limit + 5}") - - return True - - -def main(): - """Run authentication tests""" - print("=" * 50) - print("🔐 Jarvis Coding API Authentication Tests") - print("=" * 50) - - # Check if auth is disabled - check_response = requests.get(f"{API_BASE}/") - if check_response.status_code != 200: - print("❌ API is not running. Start it with: python start_api.py") - sys.exit(1) - - # Get API key from environment or use default - admin_key = os.getenv("JARVIS_ADMIN_KEYS", "development-key-change-in-production") - read_key = os.getenv("JARVIS_READ_KEYS", admin_key) # Use admin key if no read key - - print(f"\nUsing API keys from environment variables") - print(f"Admin key prefix: {admin_key[:8]}...") - - # Check if auth is enabled - response = requests.get(f"{API_BASE}/api/v1/generators") - auth_enabled = response.status_code == 403 - - if not auth_enabled: - print("\n⚠️ WARNING: Authentication appears to be DISABLED!") - print(" Set DISABLE_AUTH=false to enable authentication") - print("\n Running limited tests...") - - # Test that endpoints work without auth - test_valid_auth_header("") # Empty key should work if auth disabled - else: - print("\n✅ Authentication is ENABLED") - - # Run all tests - tests_passed = 0 - tests_total = 0 - - # Test 1: No auth - tests_total += 1 - if test_no_auth(): - tests_passed += 1 - - # Test 2: Invalid auth - tests_total += 1 - if test_invalid_auth(): - tests_passed += 1 - - # Test 3: Valid auth (header) - tests_total += 1 - if test_valid_auth_header(admin_key): - tests_passed += 1 - - # Test 4: Valid auth (query) - tests_total += 1 - if test_valid_auth_query(admin_key): - tests_passed += 1 - - # Test 5: Read access - tests_total += 1 - if test_read_access(admin_key): - tests_passed += 1 - - # Test 6: Write access (admin should have it) - tests_total += 1 - if test_write_access(admin_key, should_succeed=True): - tests_passed += 1 - - # Test 7: Write access with read-only key (if different from admin) - if read_key != admin_key: - tests_total += 1 - if test_write_access(read_key, should_succeed=False): - tests_passed += 1 - - # Test 8: Rate limiting (optional, may be high for admin) - # Commenting out as admin typically has high limits - # tests_total += 1 - # if test_rate_limiting(admin_key, limit=100): - # tests_passed += 1 - - print("\n" + "=" * 50) - print(f"📊 Results: {tests_passed}/{tests_total} tests passed") - - if tests_passed == tests_total: - print("✅ All authentication tests passed!") - return 0 - else: - print(f"❌ {tests_total - tests_passed} tests failed") - return 1 - - return 0 - - -if __name__ == "__main__": - try: - sys.exit(main()) - except requests.exceptions.ConnectionError: - print("❌ Could not connect to API. Is it running?") - print(" Start with: python start_api.py") - sys.exit(1) - except Exception as e: - print(f"❌ Unexpected error: {e}") - sys.exit(1) \ No newline at end of file diff --git a/api/tests/complex_tests/complex_api_test_execution_results.json b/api/tests/complex_tests/complex_api_test_execution_results.json deleted file mode 100644 index acebe43..0000000 --- a/api/tests/complex_tests/complex_api_test_execution_results.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "executive_summary": { - "test_duration_minutes": 0.00017149845759073894, - "total_test_cases": 0, - "overall_success_rate": 0.0, - "phases_passed": 0, - "total_phases": 0, - "events_generated": 0, - "critical_issues_found": 0, - "production_ready": false, - "performance_grade": "A" - }, - "performance_metrics": { - "avg_response_time_ms": 0.0, - "p50_response_time_ms": 0.0, - "p95_response_time_ms": 0.0, - "p99_response_time_ms": 0.0, - "max_concurrent_users": 0, - "total_events_generated": 0, - "requests_per_second": 0.0 - }, - "phase_results": [], - "critical_issues": [], - "recommendations": [], - "error_summary": { - "total_errors": 0, - "unique_errors": 0, - "error_categories": { - "connection": 0, - "timeout": 0, - "authentication": 0, - "validation": 0, - "server_error": 0, - "other": 0 - } - }, - "production_readiness_assessment": { - "ready_for_production": false, - "confidence_level": "Low", - "risk_level": "Low", - "scalability_rating": "Poor", - "security_rating": "Excellent", - "reliability_rating": "Poor" - } -} \ No newline at end of file diff --git a/api/tests/complex_tests/complex_api_test_suite.py b/api/tests/complex_tests/complex_api_test_suite.py deleted file mode 100644 index f1cc4b8..0000000 --- a/api/tests/complex_tests/complex_api_test_suite.py +++ /dev/null @@ -1,1676 +0,0 @@ -#!/usr/bin/env python3 -""" -Complex API Test Suite - Enterprise Attack Simulation -Senior QA Engineer Test Implementation for Production Readiness Validation - -This comprehensive test suite simulates real-world enterprise SOC operations -under extreme conditions to validate API robustness and production readiness. - -Test Phases: -1. Reconnaissance Simulation (15 min) -2. Attack Detection Simulation (30 min) -3. Incident Response Simulation (20 min) -4. Performance Degradation Testing (15 min) -5. End-to-End Workflow Validation (10 min) - -Total Test Duration: ~90 minutes -Expected Events Generated: 100,000+ -""" - -import asyncio -import aiohttp -import json -import time -import logging -import statistics -import traceback -from datetime import datetime, timedelta -from typing import Dict, List, Optional, Tuple, Any -from concurrent.futures import ThreadPoolExecutor, as_completed -from dataclasses import dataclass, asdict -import random -import sys -import os -from pathlib import Path - -# Setup logging -logging.basicConfig( - level=logging.INFO, - format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', - handlers=[ - logging.FileHandler('complex_api_test_results.log'), - logging.StreamHandler(sys.stdout) - ] -) -logger = logging.getLogger(__name__) - -@dataclass -class TestConfig: - """Test configuration settings""" - api_base_url: str = "http://localhost:8000/api/v1" - test_duration_minutes: int = 90 - max_concurrent_connections: int = 50 - max_events_per_request: int = 1000 - rate_limit_rpm: int = 1000 # requests per minute - timeout_seconds: int = 30 - - # API Keys for different roles (simulated) - admin_key: str = "development-key-change-in-production" - write_key: str = "development-key-change-in-production" - read_key: str = "development-key-change-in-production" - - # Test analyst simulation - analyst_keys: List[str] = None - - def __post_init__(self): - if self.analyst_keys is None: - self.analyst_keys = [ - self.admin_key, - self.write_key, - self.read_key, - self.admin_key, # Duplicate for load testing - self.write_key # Duplicate for load testing - ] - -@dataclass -class TestMetrics: - """Test execution metrics""" - start_time: float = 0.0 - end_time: float = 0.0 - total_requests: int = 0 - successful_requests: int = 0 - failed_requests: int = 0 - response_times: List[float] = None - errors: List[str] = None - events_generated: int = 0 - concurrent_users: int = 0 - memory_usage_mb: float = 0.0 - - def __post_init__(self): - if self.response_times is None: - self.response_times = [] - if self.errors is None: - self.errors = [] - - @property - def duration_seconds(self) -> float: - return self.end_time - self.start_time if self.end_time else 0.0 - - @property - def success_rate(self) -> float: - if self.total_requests == 0: - return 0.0 - return (self.successful_requests / self.total_requests) * 100 - - @property - def avg_response_time(self) -> float: - return statistics.mean(self.response_times) if self.response_times else 0.0 - - @property - def p50_response_time(self) -> float: - return statistics.median(self.response_times) if self.response_times else 0.0 - - @property - def p95_response_time(self) -> float: - if not self.response_times: - return 0.0 - sorted_times = sorted(self.response_times) - index = int(0.95 * len(sorted_times)) - return sorted_times[min(index, len(sorted_times) - 1)] - - @property - def p99_response_time(self) -> float: - if not self.response_times: - return 0.0 - sorted_times = sorted(self.response_times) - index = int(0.99 * len(sorted_times)) - return sorted_times[min(index, len(sorted_times) - 1)] - -@dataclass -class PhaseResult: - """Results for a single test phase""" - phase_name: str - metrics: TestMetrics - success: bool - critical_issues: List[str] = None - recommendations: List[str] = None - - def __post_init__(self): - if self.critical_issues is None: - self.critical_issues = [] - if self.recommendations is None: - self.recommendations = [] - -class APITestClient: - """High-performance async HTTP client for API testing""" - - def __init__(self, config: TestConfig): - self.config = config - self.session: Optional[aiohttp.ClientSession] = None - self.total_requests = 0 - self.successful_requests = 0 - self.failed_requests = 0 - - async def __aenter__(self): - timeout = aiohttp.ClientTimeout(total=self.config.timeout_seconds) - connector = aiohttp.TCPConnector( - limit=self.config.max_concurrent_connections, - limit_per_host=self.config.max_concurrent_connections - ) - self.session = aiohttp.ClientSession( - timeout=timeout, - connector=connector - ) - return self - - async def __aexit__(self, exc_type, exc_val, exc_tb): - if self.session: - await self.session.close() - - async def request(self, method: str, endpoint: str, - api_key: str = None, **kwargs) -> Tuple[bool, Dict, float]: - """Make API request with timing and error handling""" - if not self.session: - raise RuntimeError("Client not initialized. Use async context manager.") - - url = f"{self.config.api_base_url}{endpoint}" - headers = kwargs.get('headers', {}) - - if api_key: - headers['X-API-Key'] = api_key - - start_time = time.time() - - try: - async with self.session.request(method, url, headers=headers, **kwargs) as response: - response_time = time.time() - start_time - self.total_requests += 1 - - if response.status < 400: - self.successful_requests += 1 - try: - data = await response.json() - return True, data, response_time - except: - return True, {"status": response.status}, response_time - else: - self.failed_requests += 1 - try: - error_data = await response.json() - return False, error_data, response_time - except: - return False, {"status": response.status, "error": "Unknown error"}, response_time - - except Exception as e: - self.failed_requests += 1 - response_time = time.time() - start_time - return False, {"error": str(e)}, response_time - -class ComplexAPITestSuite: - """Complex API Test Suite Implementation""" - - def __init__(self, config: TestConfig = None): - self.config = config or TestConfig() - self.overall_metrics = TestMetrics() - self.phase_results: List[PhaseResult] = [] - self.generators_list: List[str] = [] - self.scenarios_list: List[str] = [] - - async def initialize(self): - """Initialize test suite and gather system information""" - logger.info("=== Initializing Complex API Test Suite ===") - logger.info(f"API Base URL: {self.config.api_base_url}") - logger.info(f"Test Duration: {self.config.test_duration_minutes} minutes") - logger.info(f"Max Concurrent Connections: {self.config.max_concurrent_connections}") - - # Test API connectivity - async with APITestClient(self.config) as client: - success, data, _ = await client.request("GET", "/health", self.config.admin_key) - if not success: - raise RuntimeError(f"API health check failed: {data}") - - logger.info(f"API Health Check: {data.get('status', 'Unknown')}") - - # Get available generators - success, generators_data, _ = await client.request("GET", "/generators", self.config.admin_key) - if success: - self.generators_list = [g['id'] for g in generators_data.get('data', [])] - logger.info(f"Available Generators: {len(self.generators_list)}") - else: - logger.warning("Failed to load generators list") - - # Get available scenarios - success, scenarios_data, _ = await client.request("GET", "/scenarios", self.config.admin_key) - if success: - self.scenarios_list = [s['id'] for s in scenarios_data.get('data', [])] - logger.info(f"Available Scenarios: {len(self.scenarios_list)}") - else: - logger.warning("Failed to load scenarios list") - - async def execute_phase_1_reconnaissance(self) -> PhaseResult: - """ - Phase 1: Reconnaissance Simulation (15 minutes) - - Simulates 5 security analysts simultaneously investigating suspicious activity: - - Concurrent generator execution - - Simultaneous search operations - - Metrics collection stress test - """ - logger.info("=== PHASE 1: Reconnaissance Simulation ===") - phase_metrics = TestMetrics() - phase_metrics.start_time = time.time() - - async with APITestClient(self.config) as client: - - # 1.1 Concurrent Generator Execution (5,000 events) - logger.info("1.1 Executing concurrent generators with 5 analysts...") - - tasks = [] - target_generators = self.generators_list[:10] if self.generators_list else [ - "aws_cloudtrail", "cisco_umbrella", "zscaler", "cloudflare_waf", "google_cloud_dns" - ] - - for analyst_idx in range(5): - api_key = self.config.analyst_keys[analyst_idx % len(self.config.analyst_keys)] - for gen in target_generators: - task = self._execute_generator(client, gen, 100, api_key) - tasks.append(task) - - # Execute all generators concurrently - results = await asyncio.gather(*tasks, return_exceptions=True) - - for result in results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Generator execution failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, events = result - if success: - phase_metrics.successful_requests += 1 - phase_metrics.events_generated += events - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info(f"Generator execution completed. Events generated: {phase_metrics.events_generated}") - - # 1.2 Simultaneous Search Operations (100 searches) - logger.info("1.2 Executing simultaneous search operations...") - - search_queries = [ - {"query": "failed login"}, {"query": "suspicious"}, {"query": "admin"}, - {"query": "firewall"}, {"query": "aws"}, {"query": "error"}, - {"query": "alert"}, {"query": "security"}, {"query": "breach"}, {"query": "access"} - ] - - search_tasks = [] - for i in range(100): - query = search_queries[i % len(search_queries)] - api_key = self.config.analyst_keys[i % len(self.config.analyst_keys)] - task = self._execute_search(client, query, api_key) - search_tasks.append(task) - - search_results = await asyncio.gather(*search_tasks, return_exceptions=True) - - for result in search_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Search failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time = result - if success: - phase_metrics.successful_requests += 1 - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info("Search operations completed") - - # 1.3 Metrics Collection Storm (500 requests) - logger.info("1.3 Executing metrics collection stress test...") - - metrics_endpoints = ["/metrics", "/metrics/generators", "/health"] - metrics_tasks = [] - - for i in range(500): - endpoint = metrics_endpoints[i % len(metrics_endpoints)] - api_key = self.config.analyst_keys[i % len(self.config.analyst_keys)] - task = self._execute_metrics_request(client, endpoint, api_key) - metrics_tasks.append(task) - - # Execute with controlled rate to test rate limiting - batch_size = 50 - for i in range(0, len(metrics_tasks), batch_size): - batch = metrics_tasks[i:i + batch_size] - batch_results = await asyncio.gather(*batch, return_exceptions=True) - - for result in batch_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Metrics request failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, is_rate_limited = result - if success: - phase_metrics.successful_requests += 1 - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - # Brief pause between batches to avoid overwhelming the server - await asyncio.sleep(0.1) - - phase_metrics.end_time = time.time() - phase_metrics.concurrent_users = 5 - - # Evaluate success criteria - success = ( - phase_metrics.success_rate >= 95 and - phase_metrics.events_generated >= 4000 and # Allow some tolerance - len(phase_metrics.errors) < 10 - ) - - critical_issues = [] - recommendations = [] - - if phase_metrics.success_rate < 95: - critical_issues.append(f"Low success rate: {phase_metrics.success_rate:.1f}%") - recommendations.append("Investigate request failures and improve error handling") - - if phase_metrics.p95_response_time > 1000: # 1 second - critical_issues.append(f"High p95 response time: {phase_metrics.p95_response_time:.0f}ms") - recommendations.append("Optimize API performance and add caching") - - logger.info(f"Phase 1 completed in {phase_metrics.duration_seconds:.1f}s") - logger.info(f"Success rate: {phase_metrics.success_rate:.1f}%") - logger.info(f"Events generated: {phase_metrics.events_generated}") - logger.info(f"P95 response time: {phase_metrics.p95_response_time:.0f}ms") - - return PhaseResult( - phase_name="Phase 1: Reconnaissance Simulation", - metrics=phase_metrics, - success=success, - critical_issues=critical_issues, - recommendations=recommendations - ) - - async def execute_phase_2_attack_detection(self) -> PhaseResult: - """ - Phase 2: Attack Detection Simulation (30 minutes) - - Execute multiple attack scenarios simultaneously with massive event volumes: - - Parallel scenario execution - - Batch generator execution at scale - - Event streaming stress test - """ - logger.info("=== PHASE 2: Attack Detection Simulation ===") - phase_metrics = TestMetrics() - phase_metrics.start_time = time.time() - - async with APITestClient(self.config) as client: - - # 2.1 Parallel Scenario Execution - logger.info("2.1 Executing parallel attack scenarios...") - - scenario_tasks = [] - target_scenarios = self.scenarios_list[:5] if self.scenarios_list else [ - "enterprise_attack", "ransomware_sim", "insider_threat", "cloud_breach", "quick_phishing" - ] - - for scenario_id in target_scenarios: - task = self._execute_scenario(client, scenario_id, self.config.admin_key) - scenario_tasks.append(task) - - scenario_results = await asyncio.gather(*scenario_tasks, return_exceptions=True) - - for result in scenario_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Scenario execution failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, events = result - if success: - phase_metrics.successful_requests += 1 - phase_metrics.events_generated += events - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info(f"Scenario execution completed. Events: {phase_metrics.events_generated}") - - # 2.2 Batch Generator Execution at Scale (50,000 events) - logger.info("2.2 Executing mega-batch generator operations...") - - batch_generators = self.generators_list[:50] if len(self.generators_list) >= 50 else self.generators_list - if not batch_generators: - # Fallback to known generators - batch_generators = [ - "aws_cloudtrail", "aws_guardduty", "cisco_firewall_threat_defense", - "fortinet_fortigate", "paloalto_firewall", "microsoft_windows_eventlog", - "crowdstrike_falcon", "sentinelone_endpoint", "okta_authentication", - "microsoft_azuread" - ] * 5 # Repeat to get to 50 - batch_generators = batch_generators[:50] - - batch_tasks = [] - for gen in batch_generators: - task = self._execute_generator(client, gen, 1000, self.config.admin_key) - batch_tasks.append(task) - - # Execute in smaller batches to manage load - batch_size = 10 - for i in range(0, len(batch_tasks), batch_size): - batch = batch_tasks[i:i + batch_size] - logger.info(f"Executing batch {i//batch_size + 1}/{(len(batch_tasks) + batch_size - 1)//batch_size}") - - batch_results = await asyncio.gather(*batch, return_exceptions=True) - - for result in batch_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Batch generator failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, events = result - if success: - phase_metrics.successful_requests += 1 - phase_metrics.events_generated += events - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - # Brief pause between batches - await asyncio.sleep(1) - - logger.info(f"Batch execution completed. Total events: {phase_metrics.events_generated}") - - # 2.3 Event Streaming Stress Test (60,000 events) - logger.info("2.3 Executing event streaming stress test...") - - # Simulate streaming by executing multiple concurrent generators - stream_tasks = [] - stream_generators = self.generators_list[:10] if self.generators_list else [ - "aws_vpc_dns", "cisco_umbrella", "zscaler", "netskope", "cloudflare_waf", - "fortinet_fortigate", "paloalto_firewall", "crowdstrike_falcon", "sentinelone_endpoint", "okta_authentication" - ] - - for i in range(10): # 10 concurrent streams - gen = stream_generators[i % len(stream_generators)] - # Each stream generates 6000 events (10 streams = 60,000 total) - task = self._execute_generator(client, gen, 6000, self.config.admin_key) - stream_tasks.append(task) - - stream_results = await asyncio.gather(*stream_tasks, return_exceptions=True) - - for result in stream_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Stream failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, events = result - if success: - phase_metrics.successful_requests += 1 - phase_metrics.events_generated += events - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info(f"Streaming completed. Total events: {phase_metrics.events_generated}") - - phase_metrics.end_time = time.time() - phase_metrics.concurrent_users = 10 - - # Evaluate success criteria - success = ( - phase_metrics.success_rate >= 90 and # Slightly lower due to high load - phase_metrics.events_generated >= 100000 and # Should hit our 100K+ target - len(phase_metrics.errors) < 20 - ) - - critical_issues = [] - recommendations = [] - - if phase_metrics.events_generated < 100000: - critical_issues.append(f"Low event generation: {phase_metrics.events_generated}") - recommendations.append("Optimize generator performance for high-volume scenarios") - - if phase_metrics.success_rate < 90: - critical_issues.append(f"High failure rate under load: {100-phase_metrics.success_rate:.1f}%") - recommendations.append("Improve system stability under concurrent load") - - logger.info(f"Phase 2 completed in {phase_metrics.duration_seconds:.1f}s") - logger.info(f"Success rate: {phase_metrics.success_rate:.1f}%") - logger.info(f"Events generated: {phase_metrics.events_generated}") - - return PhaseResult( - phase_name="Phase 2: Attack Detection Simulation", - metrics=phase_metrics, - success=success, - critical_issues=critical_issues, - recommendations=recommendations - ) - - async def execute_phase_3_incident_response(self) -> PhaseResult: - """ - Phase 3: Incident Response Simulation (20 minutes) - - Simulate incident response workflow with exports and chaos testing: - - Mass export operations - - Chaos engineering - intentional failures - - Recovery testing - """ - logger.info("=== PHASE 3: Incident Response Simulation ===") - phase_metrics = TestMetrics() - phase_metrics.start_time = time.time() - - async with APITestClient(self.config) as client: - - # 3.1 Mass Export Operations (50,000 events exported) - logger.info("3.1 Executing mass export operations...") - - export_formats = ["json", "csv", "ndjson"] # Reduced formats for realism - export_tasks = [] - - export_generators = self.generators_list[:20] if len(self.generators_list) >= 20 else self.generators_list - if not export_generators: - export_generators = [ - "aws_cloudtrail", "cisco_firewall_threat_defense", "fortinet_fortigate", - "microsoft_windows_eventlog", "crowdstrike_falcon", "okta_authentication", - "aws_guardduty", "paloalto_firewall", "sentinelone_endpoint", "microsoft_azuread" - ] * 2 - export_generators = export_generators[:20] - - for fmt in export_formats: - for gen in export_generators: - # Export 500 events per generator per format - task = self._execute_export(client, gen, 500, fmt, self.config.admin_key) - export_tasks.append(task) - - export_results = await asyncio.gather(*export_tasks, return_exceptions=True) - - for result in export_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Export failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, events = result - if success: - phase_metrics.successful_requests += 1 - phase_metrics.events_generated += events - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info(f"Export operations completed. Events exported: {phase_metrics.events_generated}") - - # 3.2 Chaos Engineering - Intentional Failures - logger.info("3.2 Executing chaos engineering tests...") - - chaos_tests = [ - # Invalid authentication - {"endpoint": "/generators", "method": "GET", "api_key": "invalid_key_12345"}, - {"endpoint": "/health", "method": "GET", "api_key": ""}, - - # Malformed requests - {"endpoint": "/generators/nonexistent/execute", "method": "POST", "api_key": self.config.admin_key}, - {"endpoint": "/export", "method": "POST", "api_key": self.config.admin_key, "json": {"count": -1}}, - - # Non-existent resources - {"endpoint": "/generators/does_not_exist", "method": "GET", "api_key": self.config.admin_key}, - {"endpoint": "/scenarios/invalid_scenario", "method": "GET", "api_key": self.config.admin_key}, - - # Oversized requests - {"endpoint": "/generators", "method": "GET", "api_key": self.config.admin_key, "params": {"per_page": 10000}}, - - # Potential injection attempts (should be safely rejected) - {"endpoint": "/search", "method": "GET", "api_key": self.config.admin_key, "params": {"query": "'; DROP TABLE users; --"}}, - {"endpoint": "/generators", "method": "GET", "api_key": self.config.admin_key, "params": {"search": ""}}, - ] - - chaos_tasks = [] - for test in chaos_tests: - task = self._execute_chaos_test(client, test) - chaos_tasks.append(task) - - chaos_results = await asyncio.gather(*chaos_tasks, return_exceptions=True) - - security_passes = 0 - for i, result in enumerate(chaos_results): - if isinstance(result, Exception): - phase_metrics.errors.append(f"Chaos test {i} errored: {result}") - else: - success, response_time, properly_rejected = result - if properly_rejected: # Security test passed (attack was rejected) - security_passes += 1 - phase_metrics.successful_requests += 1 - else: - if success: # This is bad - attack succeeded - phase_metrics.errors.append(f"Security vulnerability: chaos test {i} should have been rejected") - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info(f"Chaos engineering completed. Security tests passed: {security_passes}/{len(chaos_tests)}") - - # 3.3 Recovery Testing - logger.info("3.3 Executing recovery tests...") - - recovery_tasks = [] - - # Test scenario cancellation and restart - if self.scenarios_list: - task = self._test_scenario_recovery(client, self.scenarios_list[0], self.config.admin_key) - recovery_tasks.append(task) - - # Test generator retry after failure - if self.generators_list: - task = self._test_generator_retry(client, self.generators_list[0], self.config.admin_key) - recovery_tasks.append(task) - - # Test rate limit recovery - task = self._test_rate_limit_recovery(client, self.config.admin_key) - recovery_tasks.append(task) - - recovery_results = await asyncio.gather(*recovery_tasks, return_exceptions=True) - - for result in recovery_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Recovery test failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time = result - if success: - phase_metrics.successful_requests += 1 - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info("Recovery tests completed") - - phase_metrics.end_time = time.time() - phase_metrics.concurrent_users = 5 - - # Evaluate success criteria - success = ( - phase_metrics.success_rate >= 90 and - security_passes >= 7 and # Most security tests should pass - phase_metrics.events_generated >= 25000 and # From exports - len(phase_metrics.errors) < 15 - ) - - critical_issues = [] - recommendations = [] - - if security_passes < 7: - critical_issues.append(f"Security vulnerabilities detected: {len(chaos_tests) - security_passes}") - recommendations.append("Fix security vulnerabilities before production deployment") - - if phase_metrics.events_generated < 25000: - critical_issues.append("Export performance below expectations") - recommendations.append("Optimize export functionality for incident response scenarios") - - logger.info(f"Phase 3 completed in {phase_metrics.duration_seconds:.1f}s") - logger.info(f"Security tests passed: {security_passes}/{len(chaos_tests)}") - logger.info(f"Events exported: {phase_metrics.events_generated}") - - return PhaseResult( - phase_name="Phase 3: Incident Response Simulation", - metrics=phase_metrics, - success=success, - critical_issues=critical_issues, - recommendations=recommendations - ) - - async def execute_phase_4_performance_degradation(self) -> PhaseResult: - """ - Phase 4: Performance Degradation Testing (15 minutes) - - Find system breaking points and measure performance under extreme load: - - Connection saturation - - Memory pressure test - - Sustained load test - """ - logger.info("=== PHASE 4: Performance Degradation Testing ===") - phase_metrics = TestMetrics() - phase_metrics.start_time = time.time() - - async with APITestClient(self.config) as client: - - # 4.1 Connection Saturation Test - logger.info("4.1 Testing connection saturation limits...") - - # Try to open many concurrent connections - connection_tasks = [] - max_connections_found = 0 - - for i in range(100): # Try up to 100 concurrent long-running requests - task = self._create_long_running_request(client, self.config.admin_key) - connection_tasks.append(task) - - # Test every 10 connections - if (i + 1) % 10 == 0: - try: - # Start all tasks and see how many we can handle - pending_tasks = [asyncio.create_task(t) for t in connection_tasks[-10:]] - completed, pending = await asyncio.wait(pending_tasks, timeout=5.0) - - successful_connections = len(completed) - max_connections_found = i + 1 - (10 - successful_connections) - - # Cancel pending tasks - for task in pending: - task.cancel() - - # Process completed results - for task in completed: - try: - success, response_time = await task - if success: - phase_metrics.successful_requests += 1 - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - except: - phase_metrics.failed_requests += 1 - phase_metrics.total_requests += 1 - - except Exception as e: - phase_metrics.errors.append(f"Connection saturation test error: {e}") - break - - logger.info(f"Max concurrent connections handled: ~{max_connections_found}") - - # 4.2 Memory Pressure Test - logger.info("4.2 Executing memory pressure tests...") - - large_request_tasks = [] - - # Request very large responses - large_requests = [ - {"endpoint": "/generators", "params": {"per_page": 100}}, # Large generator list - {"endpoint": "/parsers", "params": {"per_page": 100}}, # Large parser list - ] - - # Add large generator execution requests - if self.generators_list: - for gen in self.generators_list[:5]: - large_requests.append({ - "endpoint": f"/generators/{gen}/execute", - "method": "POST", - "json": {"count": 1000} # Large event count - }) - - for req in large_requests: - method = req.get("method", "GET") - endpoint = req["endpoint"] - params = req.get("params", {}) - json_data = req.get("json", None) - - task = self._execute_large_request(client, method, endpoint, self.config.admin_key, params, json_data) - large_request_tasks.append(task) - - large_results = await asyncio.gather(*large_request_tasks, return_exceptions=True) - - memory_pressure_events = 0 - for result in large_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Memory pressure test failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, events = result - if success: - phase_metrics.successful_requests += 1 - memory_pressure_events += events - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - phase_metrics.events_generated += memory_pressure_events - logger.info(f"Memory pressure test completed. Events: {memory_pressure_events}") - - # 4.3 Sustained Load Test (15 minutes of steady load) - logger.info("4.3 Executing sustained load test...") - - # Target: 50 requests per second for remaining time - sustained_start = time.time() - sustained_duration = 300 # 5 minutes (reduced from 15 for practicality) - requests_per_second = 10 # Reduced target for stability - total_sustained_requests = sustained_duration * requests_per_second - - logger.info(f"Targeting {requests_per_second} req/sec for {sustained_duration}s = {total_sustained_requests} requests") - - sustained_tasks = [] - request_endpoints = ["/health", "/generators", "/metrics"] - - # Create all requests upfront - for i in range(total_sustained_requests): - endpoint = request_endpoints[i % len(request_endpoints)] - api_key = self.config.analyst_keys[i % len(self.config.analyst_keys)] - - # Schedule request for specific time - delay = i / requests_per_second - task = self._scheduled_request(client, endpoint, api_key, delay) - sustained_tasks.append(task) - - # Execute sustained load - logger.info("Starting sustained load execution...") - sustained_results = await asyncio.gather(*sustained_tasks, return_exceptions=True) - - sustained_success = 0 - sustained_response_times = [] - - for result in sustained_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Sustained load request failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time = result - if success: - sustained_success += 1 - phase_metrics.successful_requests += 1 - else: - phase_metrics.failed_requests += 1 - sustained_response_times.append(response_time) - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - sustained_success_rate = (sustained_success / len(sustained_results)) * 100 if sustained_results else 0 - sustained_avg_response = statistics.mean(sustained_response_times) if sustained_response_times else 0 - - logger.info(f"Sustained load completed. Success rate: {sustained_success_rate:.1f}%, " - f"Avg response time: {sustained_avg_response:.0f}ms") - - phase_metrics.end_time = time.time() - phase_metrics.concurrent_users = max_connections_found - - # Evaluate success criteria - success = ( - phase_metrics.success_rate >= 85 and # Lower threshold for stress test - max_connections_found >= 20 and # Should handle at least 20 concurrent - sustained_success_rate >= 90 and # Sustained load should be stable - sustained_avg_response < 2000 # Response times should stay reasonable - ) - - critical_issues = [] - recommendations = [] - - if max_connections_found < 20: - critical_issues.append(f"Low concurrent connection limit: {max_connections_found}") - recommendations.append("Increase connection pool limits and optimize resource usage") - - if sustained_success_rate < 90: - critical_issues.append(f"Poor sustained load performance: {sustained_success_rate:.1f}%") - recommendations.append("Improve system stability under sustained load") - - if sustained_avg_response > 2000: - critical_issues.append(f"High response times under load: {sustained_avg_response:.0f}ms") - recommendations.append("Optimize response times and add performance monitoring") - - logger.info(f"Phase 4 completed in {phase_metrics.duration_seconds:.1f}s") - logger.info(f"Max concurrent connections: {max_connections_found}") - logger.info(f"Sustained load success: {sustained_success_rate:.1f}%") - - return PhaseResult( - phase_name="Phase 4: Performance Degradation Testing", - metrics=phase_metrics, - success=success, - critical_issues=critical_issues, - recommendations=recommendations - ) - - async def execute_phase_5_end_to_end_workflow(self) -> PhaseResult: - """ - Phase 5: End-to-End Workflow Validation (10 minutes) - - Validate complete SOC workflow and data consistency: - - Complete SOC workflow execution - - Data consistency verification - - Performance measurement - """ - logger.info("=== PHASE 5: End-to-End Workflow Validation ===") - phase_metrics = TestMetrics() - phase_metrics.start_time = time.time() - - async with APITestClient(self.config) as client: - - # 5.1 Complete SOC Workflow (Execute 10 times in parallel) - logger.info("5.1 Executing complete SOC workflows...") - - workflow_tasks = [] - for i in range(10): - api_key = self.config.analyst_keys[i % len(self.config.analyst_keys)] - task = self._execute_complete_workflow(client, api_key) - workflow_tasks.append(task) - - workflow_results = await asyncio.gather(*workflow_tasks, return_exceptions=True) - - successful_workflows = 0 - workflow_response_times = [] - - for result in workflow_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Workflow failed: {result}") - phase_metrics.failed_requests += 10 # Each workflow has ~10 requests - else: - success, total_time, requests_made, events = result - if success: - successful_workflows += 1 - phase_metrics.successful_requests += requests_made - phase_metrics.events_generated += events - else: - phase_metrics.failed_requests += requests_made - - workflow_response_times.append(total_time) - # Add individual request times (estimated) - avg_request_time = total_time / max(requests_made, 1) - phase_metrics.response_times.extend([avg_request_time] * requests_made) - phase_metrics.total_requests += requests_made - - workflow_success_rate = (successful_workflows / len(workflow_tasks)) * 100 - avg_workflow_time = statistics.mean(workflow_response_times) if workflow_response_times else 0 - - logger.info(f"Workflow execution completed. Success rate: {workflow_success_rate:.1f}%, " - f"Avg workflow time: {avg_workflow_time:.1f}s") - - # 5.2 Data Consistency Verification - logger.info("5.2 Executing data consistency checks...") - - consistency_tasks = [ - self._verify_generator_counts(client, self.config.admin_key), - self._verify_metrics_accuracy(client, self.config.admin_key), - self._verify_search_consistency(client, self.config.admin_key), - ] - - consistency_results = await asyncio.gather(*consistency_tasks, return_exceptions=True) - - consistency_passes = 0 - for result in consistency_results: - if isinstance(result, Exception): - phase_metrics.errors.append(f"Consistency check failed: {result}") - phase_metrics.failed_requests += 1 - else: - success, response_time, is_consistent = result - if success and is_consistent: - consistency_passes += 1 - phase_metrics.successful_requests += 1 - else: - phase_metrics.failed_requests += 1 - phase_metrics.response_times.append(response_time) - phase_metrics.total_requests += 1 - - logger.info(f"Consistency checks completed. Passed: {consistency_passes}/{len(consistency_tasks)}") - - phase_metrics.end_time = time.time() - phase_metrics.concurrent_users = 10 - - # Evaluate success criteria - success = ( - workflow_success_rate >= 90 and - consistency_passes >= 2 and # At least 2/3 consistency checks should pass - phase_metrics.success_rate >= 90 and - avg_workflow_time < 30 # Complete workflow should take < 30 seconds - ) - - critical_issues = [] - recommendations = [] - - if workflow_success_rate < 90: - critical_issues.append(f"Low workflow success rate: {workflow_success_rate:.1f}%") - recommendations.append("Improve workflow reliability and error handling") - - if consistency_passes < 2: - critical_issues.append("Data consistency issues detected") - recommendations.append("Fix data consistency problems before production") - - if avg_workflow_time > 30: - critical_issues.append(f"Slow workflow performance: {avg_workflow_time:.1f}s") - recommendations.append("Optimize end-to-end workflow performance") - - logger.info(f"Phase 5 completed in {phase_metrics.duration_seconds:.1f}s") - logger.info(f"Workflow success rate: {workflow_success_rate:.1f}%") - logger.info(f"Data consistency: {consistency_passes}/{len(consistency_tasks)} passed") - - return PhaseResult( - phase_name="Phase 5: End-to-End Workflow Validation", - metrics=phase_metrics, - success=success, - critical_issues=critical_issues, - recommendations=recommendations - ) - - # Helper methods for test execution - - async def _execute_generator(self, client: APITestClient, generator_id: str, count: int, api_key: str) -> Tuple[bool, float, int]: - """Execute a generator and return success, response_time, events_generated""" - try: - success, data, response_time = await client.request( - "POST", - f"/generators/{generator_id}/execute", - api_key=api_key, - json={"count": count} - ) - - if success: - events = data.get("data", {}).get("count", count) if data else count - return True, response_time, events - else: - return False, response_time, 0 - except Exception as e: - logger.error(f"Generator {generator_id} execution failed: {e}") - return False, 0.0, 0 - - async def _execute_search(self, client: APITestClient, query: dict, api_key: str) -> Tuple[bool, float]: - """Execute a search query""" - try: - success, data, response_time = await client.request( - "GET", - "/search", - api_key=api_key, - params=query - ) - return success, response_time - except Exception as e: - logger.error(f"Search failed: {e}") - return False, 0.0 - - async def _execute_metrics_request(self, client: APITestClient, endpoint: str, api_key: str) -> Tuple[bool, float, bool]: - """Execute a metrics request and detect rate limiting""" - try: - success, data, response_time = await client.request( - "GET", - endpoint, - api_key=api_key - ) - - is_rate_limited = False - if not success and isinstance(data, dict): - # Check for rate limiting indicators - error_msg = str(data.get("error", "")).lower() - is_rate_limited = "rate limit" in error_msg or "too many requests" in error_msg - - return success, response_time, is_rate_limited - except Exception as e: - logger.error(f"Metrics request failed: {e}") - return False, 0.0, False - - async def _execute_scenario(self, client: APITestClient, scenario_id: str, api_key: str) -> Tuple[bool, float, int]: - """Execute a scenario""" - try: - # Start scenario - success, data, response_time = await client.request( - "POST", - f"/scenarios/{scenario_id}/execute", - api_key=api_key - ) - - if success: - # Estimate events generated (scenarios typically generate 1000-5000 events) - estimated_events = random.randint(1000, 5000) - return True, response_time, estimated_events - else: - return False, response_time, 0 - except Exception as e: - logger.error(f"Scenario {scenario_id} execution failed: {e}") - return False, 0.0, 0 - - async def _execute_export(self, client: APITestClient, generator_id: str, count: int, fmt: str, api_key: str) -> Tuple[bool, float, int]: - """Execute an export operation""" - try: - success, data, response_time = await client.request( - "POST", - "/export", - api_key=api_key, - json={ - "generator_id": generator_id, - "count": count, - "format": fmt - } - ) - - if success: - return True, response_time, count - else: - return False, response_time, 0 - except Exception as e: - logger.error(f"Export failed: {e}") - return False, 0.0, 0 - - async def _execute_chaos_test(self, client: APITestClient, test_config: dict) -> Tuple[bool, float, bool]: - """Execute a chaos engineering test""" - try: - method = test_config.get("method", "GET") - endpoint = test_config["endpoint"] - api_key = test_config.get("api_key", "") - params = test_config.get("params", {}) - json_data = test_config.get("json", None) - - success, data, response_time = await client.request( - method, - endpoint, - api_key=api_key, - params=params, - json=json_data - ) - - # For chaos tests, we want to see proper rejection of malicious requests - properly_rejected = not success # Most chaos tests should fail (be rejected) - - # Special cases where success might be expected - if endpoint == "/health" and api_key == "": - properly_rejected = success # Health endpoint should work without auth - - return success, response_time, properly_rejected - except Exception as e: - logger.error(f"Chaos test failed: {e}") - return False, 0.0, True # Exception counts as proper rejection - - async def _test_scenario_recovery(self, client: APITestClient, scenario_id: str, api_key: str) -> Tuple[bool, float]: - """Test scenario stop/restart recovery""" - try: - # This is a simplified recovery test - success, data, response_time = await client.request( - "GET", - f"/scenarios/{scenario_id}", - api_key=api_key - ) - return success, response_time - except Exception as e: - logger.error(f"Scenario recovery test failed: {e}") - return False, 0.0 - - async def _test_generator_retry(self, client: APITestClient, generator_id: str, api_key: str) -> Tuple[bool, float]: - """Test generator retry after failure""" - try: - # Execute generator with minimal count to test retry capability - success, data, response_time = await client.request( - "POST", - f"/generators/{generator_id}/execute", - api_key=api_key, - json={"count": 1} - ) - return success, response_time - except Exception as e: - logger.error(f"Generator retry test failed: {e}") - return False, 0.0 - - async def _test_rate_limit_recovery(self, client: APITestClient, api_key: str) -> Tuple[bool, float]: - """Test rate limit recovery""" - try: - # Make multiple rapid requests to trigger rate limiting - tasks = [] - for _ in range(10): - task = client.request("GET", "/health", api_key=api_key) - tasks.append(task) - - results = await asyncio.gather(*tasks, return_exceptions=True) - - # Check if rate limiting kicked in and then recovered - rate_limited = False - for result in results: - if not isinstance(result, Exception): - success, data, _ = result - if not success and "rate limit" in str(data).lower(): - rate_limited = True - break - - # Wait a bit and try again to test recovery - await asyncio.sleep(2) - success, data, response_time = await client.request("GET", "/health", api_key=api_key) - - # Recovery is successful if we can make requests again - return success, response_time - except Exception as e: - logger.error(f"Rate limit recovery test failed: {e}") - return False, 0.0 - - async def _create_long_running_request(self, client: APITestClient, api_key: str) -> Tuple[bool, float]: - """Create a request that simulates a long-running connection""" - try: - success, data, response_time = await client.request( - "GET", - "/generators", # List generators - relatively heavy operation - api_key=api_key, - params={"per_page": 100} - ) - - # Add artificial delay to simulate long-running request - await asyncio.sleep(0.5) - - return success, response_time - except Exception as e: - logger.error(f"Long running request failed: {e}") - return False, 0.0 - - async def _execute_large_request(self, client: APITestClient, method: str, endpoint: str, - api_key: str, params: dict = None, json_data: dict = None) -> Tuple[bool, float, int]: - """Execute a request designed to use significant memory""" - try: - success, data, response_time = await client.request( - method, - endpoint, - api_key=api_key, - params=params, - json=json_data - ) - - events = 0 - if success and json_data and "count" in json_data: - events = json_data["count"] - - return success, response_time, events - except Exception as e: - logger.error(f"Large request failed: {e}") - return False, 0.0, 0 - - async def _scheduled_request(self, client: APITestClient, endpoint: str, api_key: str, delay: float) -> Tuple[bool, float]: - """Execute a request after a specified delay""" - await asyncio.sleep(delay) - - try: - success, data, response_time = await client.request( - "GET", - endpoint, - api_key=api_key - ) - return success, response_time - except Exception as e: - logger.error(f"Scheduled request failed: {e}") - return False, 0.0 - - async def _execute_complete_workflow(self, client: APITestClient, api_key: str) -> Tuple[bool, float, int, int]: - """Execute a complete SOC workflow""" - try: - workflow_start = time.time() - requests_made = 0 - events_generated = 0 - - # 1. Check health - success, data, _ = await client.request("GET", "/health", api_key=api_key) - requests_made += 1 - if not success: - return False, time.time() - workflow_start, requests_made, 0 - - # 2. Search for generators - success, data, _ = await client.request("GET", "/search", api_key=api_key, params={"query": "firewall"}) - requests_made += 1 - if not success: - return False, time.time() - workflow_start, requests_made, 0 - - # 3. Execute generator - if self.generators_list: - gen_id = random.choice(self.generators_list) - success, data, _ = await client.request( - "POST", - f"/generators/{gen_id}/execute", - api_key=api_key, - json={"count": 100} - ) - requests_made += 1 - if success: - events_generated += 100 - - # 4. Get metrics - success, data, _ = await client.request("GET", "/metrics", api_key=api_key) - requests_made += 1 - - # 5. Execute scenario (if available) - if self.scenarios_list: - scenario_id = random.choice(self.scenarios_list) - success, data, _ = await client.request( - "POST", - f"/scenarios/{scenario_id}/execute", - api_key=api_key - ) - requests_made += 1 - if success: - events_generated += random.randint(500, 2000) # Estimate - - # 6. Export results - if self.generators_list: - gen_id = random.choice(self.generators_list) - success, data, _ = await client.request( - "POST", - "/export", - api_key=api_key, - json={"generator_id": gen_id, "count": 50, "format": "json"} - ) - requests_made += 1 - if success: - events_generated += 50 - - total_time = time.time() - workflow_start - return True, total_time, requests_made, events_generated - - except Exception as e: - logger.error(f"Complete workflow failed: {e}") - return False, time.time() - workflow_start, requests_made, events_generated - - async def _verify_generator_counts(self, client: APITestClient, api_key: str) -> Tuple[bool, float, bool]: - """Verify generator counts are consistent""" - try: - success, data, response_time = await client.request("GET", "/generators", api_key=api_key) - - is_consistent = True - if success and data: - generators = data.get("data", []) - # Basic consistency check - we should have some generators - is_consistent = len(generators) > 0 - - return success, response_time, is_consistent - except Exception as e: - logger.error(f"Generator count verification failed: {e}") - return False, 0.0, False - - async def _verify_metrics_accuracy(self, client: APITestClient, api_key: str) -> Tuple[bool, float, bool]: - """Verify metrics accuracy""" - try: - success, data, response_time = await client.request("GET", "/metrics", api_key=api_key) - - is_consistent = True - if success and data: - # Basic consistency check - metrics should be present - metrics = data.get("data", {}) - is_consistent = bool(metrics) - - return success, response_time, is_consistent - except Exception as e: - logger.error(f"Metrics accuracy verification failed: {e}") - return False, 0.0, False - - async def _verify_search_consistency(self, client: APITestClient, api_key: str) -> Tuple[bool, float, bool]: - """Verify search results consistency""" - try: - success, data, response_time = await client.request( - "GET", - "/search", - api_key=api_key, - params={"query": "test"} - ) - - is_consistent = True - if success and data: - # Basic consistency check - search should return results or empty array - results = data.get("data", []) - is_consistent = isinstance(results, list) - - return success, response_time, is_consistent - except Exception as e: - logger.error(f"Search consistency verification failed: {e}") - return False, 0.0, False - - async def run_complete_test_suite(self) -> Dict[str, Any]: - """Execute the complete test suite and return comprehensive results""" - logger.info("🚀 Starting Complex API Test Suite Execution") - logger.info("=" * 80) - - self.overall_metrics.start_time = time.time() - - try: - # Initialize test suite - await self.initialize() - - # Execute all test phases - phase_1_result = await self.execute_phase_1_reconnaissance() - self.phase_results.append(phase_1_result) - - phase_2_result = await self.execute_phase_2_attack_detection() - self.phase_results.append(phase_2_result) - - phase_3_result = await self.execute_phase_3_incident_response() - self.phase_results.append(phase_3_result) - - phase_4_result = await self.execute_phase_4_performance_degradation() - self.phase_results.append(phase_4_result) - - phase_5_result = await self.execute_phase_5_end_to_end_workflow() - self.phase_results.append(phase_5_result) - - except Exception as e: - logger.error(f"Test suite execution failed: {e}") - logger.error(traceback.format_exc()) - - finally: - self.overall_metrics.end_time = time.time() - - # Aggregate overall metrics - for phase_result in self.phase_results: - self.overall_metrics.total_requests += phase_result.metrics.total_requests - self.overall_metrics.successful_requests += phase_result.metrics.successful_requests - self.overall_metrics.failed_requests += phase_result.metrics.failed_requests - self.overall_metrics.events_generated += phase_result.metrics.events_generated - self.overall_metrics.response_times.extend(phase_result.metrics.response_times) - self.overall_metrics.errors.extend(phase_result.metrics.errors) - self.overall_metrics.concurrent_users = max( - self.overall_metrics.concurrent_users, - phase_result.metrics.concurrent_users - ) - - # Generate comprehensive test report - test_report = self._generate_test_report() - - logger.info("🎉 Complex API Test Suite Execution Complete") - logger.info("=" * 80) - - return test_report - - def _generate_test_report(self) -> Dict[str, Any]: - """Generate comprehensive test execution report""" - - # Calculate overall success - phases_passed = sum(1 for phase in self.phase_results if phase.success) - overall_success = phases_passed == len(self.phase_results) - - # Collect all critical issues and recommendations - all_critical_issues = [] - all_recommendations = [] - - for phase in self.phase_results: - all_critical_issues.extend(phase.critical_issues) - all_recommendations.extend(phase.recommendations) - - # Production readiness assessment - production_ready = ( - overall_success and - self.overall_metrics.success_rate >= 90 and - self.overall_metrics.events_generated >= 100000 and - len(all_critical_issues) == 0 - ) - - # Performance grade - if self.overall_metrics.p95_response_time <= 500: - performance_grade = "A" - elif self.overall_metrics.p95_response_time <= 1000: - performance_grade = "B" - elif self.overall_metrics.p95_response_time <= 2000: - performance_grade = "C" - else: - performance_grade = "D" - - report = { - "executive_summary": { - "test_duration_minutes": self.overall_metrics.duration_seconds / 60, - "total_test_cases": self.overall_metrics.total_requests, - "overall_success_rate": self.overall_metrics.success_rate, - "phases_passed": phases_passed, - "total_phases": len(self.phase_results), - "events_generated": self.overall_metrics.events_generated, - "critical_issues_found": len(all_critical_issues), - "production_ready": production_ready, - "performance_grade": performance_grade - }, - - "performance_metrics": { - "avg_response_time_ms": self.overall_metrics.avg_response_time, - "p50_response_time_ms": self.overall_metrics.p50_response_time, - "p95_response_time_ms": self.overall_metrics.p95_response_time, - "p99_response_time_ms": self.overall_metrics.p99_response_time, - "max_concurrent_users": self.overall_metrics.concurrent_users, - "total_events_generated": self.overall_metrics.events_generated, - "requests_per_second": self.overall_metrics.total_requests / max(self.overall_metrics.duration_seconds, 1) - }, - - "phase_results": [ - { - "phase_name": phase.phase_name, - "success": phase.success, - "duration_seconds": phase.metrics.duration_seconds, - "success_rate": phase.metrics.success_rate, - "events_generated": phase.metrics.events_generated, - "avg_response_time_ms": phase.metrics.avg_response_time, - "critical_issues": phase.critical_issues, - "recommendations": phase.recommendations - } - for phase in self.phase_results - ], - - "critical_issues": all_critical_issues, - "recommendations": list(set(all_recommendations)), # Remove duplicates - - "error_summary": { - "total_errors": len(self.overall_metrics.errors), - "unique_errors": len(set(self.overall_metrics.errors)), - "error_categories": self._categorize_errors() - }, - - "production_readiness_assessment": { - "ready_for_production": production_ready, - "confidence_level": "High" if production_ready else "Medium" if phases_passed >= 3 else "Low", - "risk_level": "Low" if len(all_critical_issues) == 0 else "Medium" if len(all_critical_issues) < 5 else "High", - "scalability_rating": self._assess_scalability(), - "security_rating": self._assess_security(), - "reliability_rating": self._assess_reliability() - } - } - - return report - - def _categorize_errors(self) -> Dict[str, int]: - """Categorize errors for analysis""" - categories = { - "connection": 0, - "timeout": 0, - "authentication": 0, - "validation": 0, - "server_error": 0, - "other": 0 - } - - for error in self.overall_metrics.errors: - error_lower = error.lower() - if "connection" in error_lower or "connect" in error_lower: - categories["connection"] += 1 - elif "timeout" in error_lower or "timed out" in error_lower: - categories["timeout"] += 1 - elif "auth" in error_lower or "unauthorized" in error_lower: - categories["authentication"] += 1 - elif "validation" in error_lower or "invalid" in error_lower: - categories["validation"] += 1 - elif "server error" in error_lower or "internal" in error_lower: - categories["server_error"] += 1 - else: - categories["other"] += 1 - - return categories - - def _assess_scalability(self) -> str: - """Assess system scalability""" - if (self.overall_metrics.events_generated >= 100000 and - self.overall_metrics.concurrent_users >= 20 and - self.overall_metrics.success_rate >= 90): - return "Excellent" - elif (self.overall_metrics.events_generated >= 50000 and - self.overall_metrics.concurrent_users >= 10): - return "Good" - elif self.overall_metrics.events_generated >= 25000: - return "Fair" - else: - return "Poor" - - def _assess_security(self) -> str: - """Assess security based on chaos engineering results""" - # Look for security-related issues in phase 3 - security_issues = 0 - for phase in self.phase_results: - if "Security vulnerabilities detected" in str(phase.critical_issues): - security_issues += 1 - - if security_issues == 0: - return "Excellent" - elif security_issues <= 2: - return "Good" - else: - return "Needs Improvement" - - def _assess_reliability(self) -> str: - """Assess system reliability""" - if self.overall_metrics.success_rate >= 95: - return "Excellent" - elif self.overall_metrics.success_rate >= 90: - return "Good" - elif self.overall_metrics.success_rate >= 80: - return "Fair" - else: - return "Poor" - - -async def main(): - """Main execution function""" - # Configure test settings - config = TestConfig( - api_base_url="http://localhost:8000/api/v1", - max_concurrent_connections=50, - timeout_seconds=30 - ) - - # Initialize test suite - test_suite = ComplexAPITestSuite(config) - - # Run complete test suite - try: - results = await test_suite.run_complete_test_suite() - - # Save results to file - results_file = "complex_api_test_execution_results.json" - with open(results_file, "w") as f: - json.dump(results, f, indent=2) - - logger.info(f"Test results saved to {results_file}") - - # Print executive summary - print("\n" + "=" * 80) - print("🚀 COMPLEX API TEST SUITE - EXECUTIVE SUMMARY") - print("=" * 80) - - summary = results["executive_summary"] - print(f"📊 Total Duration: {summary['test_duration_minutes']:.1f} minutes") - print(f"📈 Overall Success Rate: {summary['overall_success_rate']:.1f}%") - print(f"✅ Phases Passed: {summary['phases_passed']}/{summary['total_phases']}") - print(f"🎯 Events Generated: {summary['events_generated']:,}") - print(f"⚠️ Critical Issues: {summary['critical_issues_found']}") - print(f"🏆 Performance Grade: {summary['performance_grade']}") - print(f"🚀 Production Ready: {'YES' if summary['production_ready'] else 'NO'}") - - print("\n" + "=" * 80) - - return results - - except KeyboardInterrupt: - logger.info("Test execution interrupted by user") - return {"error": "Test interrupted"} - except Exception as e: - logger.error(f"Test execution failed: {e}") - logger.error(traceback.format_exc()) - return {"error": str(e)} - - -if __name__ == "__main__": - # Run the test suite - asyncio.run(main()) \ No newline at end of file diff --git a/api/tests/complex_tests/complex_test_results_summary.json b/api/tests/complex_tests/complex_test_results_summary.json deleted file mode 100644 index 72c3534..0000000 --- a/api/tests/complex_tests/complex_test_results_summary.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "test_execution_summary": { - "test_date": "2025-09-01", - "test_duration_minutes": 90, - "test_engineer": "Senior QA Engineer", - "api_version": "2.0.0", - "test_plan_version": "1.0" - }, - "overall_results": { - "total_phases": 5, - "phases_passed": 5, - "overall_success_rate": 89.3, - "total_requests": 1247, - "successful_requests": 1114, - "failed_requests": 133, - "events_generated": 127450, - "max_concurrent_users": 25, - "performance_grade": "B+", - "production_ready": false, - "conditional_approval": true - }, - "performance_metrics": { - "response_time_avg_ms": 1347, - "response_time_p50_ms": 1076, - "response_time_p95_ms": 3890, - "response_time_p99_ms": 5980, - "throughput_req_per_sec": 23.1, - "peak_memory_usage_gb": 2.8, - "peak_concurrent_connections": 25 - }, - "phase_results": [ - { - "phase": "Phase 1: Reconnaissance Simulation", - "duration_minutes": 18.4, - "success_rate": 94.2, - "events_generated": 23100, - "concurrent_users": 5, - "avg_response_time_ms": 245, - "p95_response_time_ms": 892, - "status": "PASSED", - "critical_issues": [ - "52 failed requests due to generator timeouts", - "Search response times increased under load" - ] - }, - { - "phase": "Phase 2: Attack Detection Simulation", - "duration_minutes": 34.7, - "success_rate": 87.1, - "events_generated": 112350, - "concurrent_users": 10, - "avg_response_time_ms": 1847, - "p95_response_time_ms": 4200, - "status": "PASSED", - "critical_issues": [ - "High response times during batch operations (>4s)", - "Memory usage peaked at 2.1GB", - "Connection pool exhausted errors" - ] - }, - { - "phase": "Phase 3: Incident Response Simulation", - "duration_minutes": 22.1, - "success_rate": 91.8, - "events_generated": 15000, - "concurrent_users": 5, - "avg_response_time_ms": 1234, - "p95_response_time_ms": 2890, - "status": "PASSED", - "security_tests_passed": "9/9 (100%)", - "critical_issues": [ - "Export response times high for large datasets (>3s)" - ] - }, - { - "phase": "Phase 4: Performance Degradation Testing", - "duration_minutes": 19.3, - "success_rate": 82.4, - "events_generated": 8500, - "max_concurrent_connections": 25, - "avg_response_time_ms": 2156, - "p95_response_time_ms": 5670, - "status": "CONDITIONALLY_PASSED", - "critical_issues": [ - "Connection pool limit reached at 25 concurrent connections", - "Performance degraded significantly under sustained load", - "Memory usage increased 280% during stress testing", - "Response times exceeded 5 seconds during peak load" - ] - }, - { - "phase": "Phase 5: End-to-End Workflow Validation", - "duration_minutes": 12.8, - "success_rate": 93.7, - "events_generated": 6200, - "concurrent_users": 10, - "workflow_success_rate": 90.0, - "avg_workflow_time_seconds": 23.4, - "avg_response_time_ms": 867, - "status": "PASSED", - "data_consistency_tests": "3/3 passed" - } - ], - "security_assessment": { - "overall_grade": "A+", - "security_tests_passed": "100%", - "sql_injection_blocked": "9/9", - "xss_attempts_blocked": "3/3", - "authentication_bypass_attempts": "0/5 successful", - "input_validation_tests": "All passed", - "information_disclosure": "None detected", - "production_ready": true - }, - "critical_issues": [ - "Connection pool saturation at 25 concurrent connections", - "High response times under load (P95: 3.9s)", - "Memory usage spikes during batch operations (2.8GB peak)", - "10.7% failure rate during high-volume operations" - ], - "recommendations": [ - "Increase connection pool limits to 100+ connections", - "Implement connection pooling optimization", - "Add memory usage monitoring and alerting", - "Optimize response times for P95 <1000ms target", - "Implement asynchronous processing for large exports", - "Add performance monitoring dashboard" - ], - "production_readiness": { - "verdict": "CONDITIONALLY_APPROVED", - "confidence_level": "HIGH", - "risk_level": "MEDIUM", - "time_to_production": "2-3 weeks", - "phased_deployment": { - "phase_1": { - "timeline": "Week 1", - "max_concurrent_users": 15, - "prerequisites": ["Increase connection pool", "Add monitoring"] - }, - "phase_2": { - "timeline": "Week 2-3", - "max_concurrent_users": 30, - "prerequisites": ["Performance optimization", "Enhanced monitoring"] - }, - "phase_3": { - "timeline": "Week 3-4", - "max_concurrent_users": "50+", - "prerequisites": ["All optimizations complete", "Full monitoring deployed"] - } - } - }, - "success_criteria_comparison": { - "response_time_p50_target": { - "target": "< 100ms", - "achieved": "1076ms", - "status": "FAILED" - }, - "response_time_p95_target": { - "target": "< 500ms", - "achieved": "3890ms", - "status": "FAILED" - }, - "error_rate_target": { - "target": "< 0.1%", - "achieved": "10.7%", - "status": "FAILED" - }, - "concurrent_users_target": { - "target": "> 10", - "achieved": "25", - "status": "PASSED" - }, - "total_events_target": { - "target": "> 100,000", - "achieved": "127,450", - "status": "PASSED" - }, - "security_tests_target": { - "target": "100% pass", - "achieved": "100% pass", - "status": "PASSED" - }, - "data_integrity_target": { - "target": "0% loss", - "achieved": "0% loss", - "status": "PASSED" - } - }, - "infrastructure_recommendations": { - "immediate_changes": { - "connection_pool_size": "Increase from 25 to 100", - "memory_limit": "Increase from 2GB to 4GB", - "timeout_seconds": "Increase from 30 to 45", - "worker_processes": "Add horizontal scaling (4 workers)" - }, - "monitoring_requirements": [ - "Performance metrics dashboard", - "Memory usage alerts (>2GB)", - "Connection pool alerts (>80%)", - "Response time alerts (P95 >2s)" - ] - } -} \ No newline at end of file diff --git a/api/tests/validation_tests/additional_edge_case_tests.py b/api/tests/validation_tests/additional_edge_case_tests.py deleted file mode 100644 index 9fac24a..0000000 --- a/api/tests/validation_tests/additional_edge_case_tests.py +++ /dev/null @@ -1,342 +0,0 @@ -#!/usr/bin/env python3 -""" -Additional Edge Case Tests for API QA Validation -Extended testing beyond the core comprehensive test suite -""" - -import requests -import time -import json -from concurrent.futures import ThreadPoolExecutor, as_completed -import threading - -class AdditionalEdgeCaseTests: - """Additional edge case and stress tests""" - - def __init__(self, base_url: str = "http://localhost:8000"): - self.base_url = base_url - self.admin_key = "admin-test-key-123456789012345678901234" - self.read_key = "read-test-key-1234567890123456789012345" - self.headers = {"X-API-Key": self.admin_key, "Content-Type": "application/json"} - - def test_extremely_large_request_payload(self): - """Test handling of extremely large request payloads""" - print("Testing extremely large request payload...") - - # Create a very large payload - large_data = { - "count": 1, - "format": "json", - "star_trek_theme": True, - "large_field": "x" * 10000 # 10KB of data - } - - try: - response = requests.post( - f"{self.base_url}/api/v1/generators/crowdstrike_falcon/execute", - headers=self.headers, - json=large_data, - timeout=30 - ) - - # Should either handle it gracefully or return appropriate error - if response.status_code in [200, 201, 413, 422]: # 413 = Payload Too Large - print(f"✅ Large payload handled appropriately: {response.status_code}") - return True - else: - print(f"❌ Unexpected response to large payload: {response.status_code}") - return False - - except Exception as e: - print(f"❌ Large payload test failed: {e}") - return False - - def test_unicode_and_special_characters(self): - """Test handling of Unicode and special characters""" - print("Testing Unicode and special characters...") - - special_chars = { - "search": "🚀💫🖖 Jean-Luc Picard αβγ 中文 العربية русский", - "category": "test'<>\"&", - "vendor": "NULL\x00\r\n\t" - } - - try: - response = requests.get( - f"{self.base_url}/api/v1/generators", - headers=self.headers, - params=special_chars, - timeout=30 - ) - - if response.status_code in [200, 400, 422]: - print("✅ Unicode/special chars handled appropriately") - return True - else: - print(f"❌ Unexpected response to special chars: {response.status_code}") - return False - - except Exception as e: - print(f"❌ Unicode test failed: {e}") - return False - - def test_rapid_authentication_switching(self): - """Test rapid switching between different API keys""" - print("Testing rapid authentication key switching...") - - keys = [ - self.admin_key, - self.read_key, - "invalid-key-123", - self.admin_key - ] - - results = [] - for key in keys: - headers = {"X-API-Key": key, "Content-Type": "application/json"} - try: - response = requests.get( - f"{self.base_url}/api/v1/generators", - headers=headers, - timeout=5 - ) - results.append(response.status_code) - except Exception as e: - results.append(0) - time.sleep(0.1) # Brief pause - - # Expected: [200, 200, 403, 200] - expected = [200, 200, 403, 200] - if results == expected: - print("✅ Rapid auth switching handled correctly") - return True - else: - print(f"❌ Unexpected auth pattern: expected {expected}, got {results}") - return False - - def test_concurrent_different_operations(self): - """Test concurrent different operations to check for race conditions""" - print("Testing concurrent mixed operations...") - - def execute_generator(): - return requests.post( - f"{self.base_url}/api/v1/generators/crowdstrike_falcon/execute", - headers=self.headers, - json={"count": 1, "format": "json"}, - timeout=30 - ) - - def list_generators(): - return requests.get( - f"{self.base_url}/api/v1/generators", - headers=self.headers, - timeout=30 - ) - - def get_details(): - return requests.get( - f"{self.base_url}/api/v1/generators/okta_authentication", - headers=self.headers, - timeout=30 - ) - - operations = [execute_generator, list_generators, get_details] * 3 - - try: - with ThreadPoolExecutor(max_workers=9) as executor: - futures = [executor.submit(op) for op in operations] - responses = [future.result() for future in as_completed(futures)] - - success_count = sum(1 for r in responses if r.status_code == 200) - - if success_count >= 7: # Allow some failures - print(f"✅ Concurrent operations successful: {success_count}/9") - return True - else: - print(f"❌ Too many concurrent operation failures: {success_count}/9") - return False - - except Exception as e: - print(f"❌ Concurrent operations test failed: {e}") - return False - - def test_malformed_http_headers(self): - """Test handling of malformed HTTP headers""" - print("Testing malformed HTTP headers...") - - malformed_headers = { - "X-API-Key": self.admin_key, - "Content-Type": "application/json", - "X-Custom\x00Header": "test", - "X-Long-Header": "x" * 8192, # Very long header - "\x7f\x80\x81": "invalid" - } - - try: - response = requests.get( - f"{self.base_url}/api/v1/generators", - headers=malformed_headers, - timeout=30 - ) - - # Should handle malformed headers gracefully - if response.status_code in [200, 400, 413]: - print("✅ Malformed headers handled appropriately") - return True - else: - print(f"❌ Unexpected response to malformed headers: {response.status_code}") - return False - - except Exception as e: - # Requests library might reject malformed headers, which is acceptable - print("✅ Malformed headers rejected by client (expected)") - return True - - def test_deep_nesting_in_json(self): - """Test deeply nested JSON structures""" - print("Testing deeply nested JSON...") - - # Create deeply nested object - nested = {"value": "test"} - for i in range(50): # 50 levels deep - nested = {"level": i, "nested": nested} - - payload = { - "count": 1, - "format": "json", - "deep_nested": nested - } - - try: - response = requests.post( - f"{self.base_url}/api/v1/generators/crowdstrike_falcon/execute", - headers=self.headers, - json=payload, - timeout=30 - ) - - if response.status_code in [200, 201, 400, 422, 413]: - print("✅ Deep nesting handled appropriately") - return True - else: - print(f"❌ Unexpected response to deep nesting: {response.status_code}") - return False - - except Exception as e: - print(f"❌ Deep nesting test failed: {e}") - return False - - def test_timeout_and_slow_requests(self): - """Test timeout handling and slow request scenarios""" - print("Testing timeout handling...") - - # Test with very short timeout - try: - response = requests.get( - f"{self.base_url}/api/v1/generators", - headers=self.headers, - timeout=0.001 # 1ms timeout - should fail - ) - print("❌ Request should have timed out but didn't") - return False - except requests.exceptions.Timeout: - print("✅ Short timeout handled correctly") - except Exception as e: - print(f"✅ Timeout or connection error handled: {type(e).__name__}") - - # Test normal request after timeout - try: - response = requests.get( - f"{self.base_url}/api/v1/generators", - headers=self.headers, - timeout=30 - ) - if response.status_code == 200: - print("✅ Normal request works after timeout test") - return True - else: - print(f"❌ Normal request failed after timeout: {response.status_code}") - return False - except Exception as e: - print(f"❌ Normal request after timeout failed: {e}") - return False - - def run_all_additional_tests(self): - """Run all additional edge case tests""" - print("🧪 Running Additional Edge Case Tests") - print("=" * 50) - - tests = [ - self.test_extremely_large_request_payload, - self.test_unicode_and_special_characters, - self.test_rapid_authentication_switching, - self.test_concurrent_different_operations, - self.test_malformed_http_headers, - self.test_deep_nesting_in_json, - self.test_timeout_and_slow_requests - ] - - results = [] - for test in tests: - try: - result = test() - results.append(result) - except Exception as e: - print(f"❌ Test failed with exception: {e}") - results.append(False) - print() - - passed = sum(results) - total = len(results) - - print(f"📊 Additional Edge Case Tests Summary:") - print(f"✅ Passed: {passed}/{total}") - print(f"❌ Failed: {total - passed}/{total}") - print(f"📈 Success Rate: {(passed/total)*100:.1f}%") - - return passed, total - -if __name__ == "__main__": - import subprocess - import time - import os - - # Start API server - print("📡 Starting API server for edge case testing...") - env = os.environ.copy() - env.update({ - "DISABLE_AUTH": "false", - "JARVIS_ADMIN_KEYS": "admin-test-key-123456789012345678901234", - "JARVIS_WRITE_KEYS": "write-test-key-123456789012345678901234", - "JARVIS_READ_KEYS": "read-test-key-1234567890123456789012345", - "RATE_LIMIT_ADMIN": "1000", - "RATE_LIMIT_WRITE": "500", - "RATE_LIMIT_READ": "100" - }) - - api_dir = "/Users/nathanial.smalley/projects/jarvis_coding/api" - server_process = subprocess.Popen( - ["/opt/homebrew/bin/python3", "start_api.py"], - cwd=api_dir, - env=env, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE - ) - - time.sleep(3) # Wait for server to start - - try: - # Run additional tests - tester = AdditionalEdgeCaseTests() - passed, total = tester.run_all_additional_tests() - - if passed == total: - print("\n🏆 All additional edge case tests passed!") - else: - print(f"\n⚠️ Some edge case tests failed: {passed}/{total}") - - finally: - # Stop server - server_process.terminate() - server_process.wait(timeout=10) - print("\n🛑 API server stopped") \ No newline at end of file diff --git a/api/tests/validation_tests/additional_endpoint_tests.py b/api/tests/validation_tests/additional_endpoint_tests.py deleted file mode 100644 index 449b3f4..0000000 --- a/api/tests/validation_tests/additional_endpoint_tests.py +++ /dev/null @@ -1,271 +0,0 @@ -#!/usr/bin/env python3 -""" -Additional API endpoint tests for comprehensive coverage -Testing parsers, scenarios, validation, export, metrics, and search endpoints -""" - -import requests -import json -import time -from typing import Dict, Any - -class AdditionalEndpointTests: - """Test additional API endpoints not covered in main test suite""" - - def __init__(self, base_url: str = "http://localhost:8000"): - self.base_url = base_url - self.admin_key = "admin-test-key-123456789012345678901234" - self.headers = {"X-API-Key": self.admin_key, "Content-Type": "application/json"} - - def test_parsers_endpoints(self) -> Dict[str, Any]: - """Test parser-related endpoints""" - results = {} - - # Test list parsers - try: - response = requests.get(f"{self.base_url}/api/v1/parsers", headers=self.headers, timeout=30) - results["list_parsers"] = { - "status": response.status_code, - "success": response.status_code == 200, - "response_size": len(response.text) if response.text else 0 - } - except Exception as e: - results["list_parsers"] = {"error": str(e), "success": False} - - # Test get parser details (if parsers exist) - try: - response = requests.get(f"{self.base_url}/api/v1/parsers/crowdstrike_endpoint", headers=self.headers, timeout=30) - results["get_parser"] = { - "status": response.status_code, - "success": response.status_code in [200, 404], # Both are acceptable - } - except Exception as e: - results["get_parser"] = {"error": str(e), "success": False} - - return results - - def test_validation_endpoints(self) -> Dict[str, Any]: - """Test validation endpoints""" - results = {} - - # Test validate event format - try: - test_event = { - "timestamp": "2023-08-29T10:00:00Z", - "event_type": "authentication", - "user": "test.user@starfleet.corp" - } - response = requests.post( - f"{self.base_url}/api/v1/validation/event", - headers=self.headers, - json={"event": test_event, "parser_id": "crowdstrike_endpoint"}, - timeout=30 - ) - results["validate_event"] = { - "status": response.status_code, - "success": response.status_code in [200, 400, 404] # Various acceptable responses - } - except Exception as e: - results["validate_event"] = {"error": str(e), "success": False} - - return results - - def test_scenarios_endpoints(self) -> Dict[str, Any]: - """Test scenario endpoints""" - results = {} - - # Test list scenarios - try: - response = requests.get(f"{self.base_url}/api/v1/scenarios", headers=self.headers, timeout=30) - results["list_scenarios"] = { - "status": response.status_code, - "success": response.status_code == 200 - } - except Exception as e: - results["list_scenarios"] = {"error": str(e), "success": False} - - # Test execute scenario - try: - scenario_data = { - "scenario_type": "phishing_attack", - "duration_minutes": 5, - "target_count": 10 - } - response = requests.post( - f"{self.base_url}/api/v1/scenarios/execute", - headers=self.headers, - json=scenario_data, - timeout=30 - ) - results["execute_scenario"] = { - "status": response.status_code, - "success": response.status_code in [200, 201, 400] # Various acceptable responses - } - except Exception as e: - results["execute_scenario"] = {"error": str(e), "success": False} - - return results - - def test_export_endpoints(self) -> Dict[str, Any]: - """Test export endpoints""" - results = {} - - # Test export events - try: - export_request = { - "generator_ids": ["crowdstrike_falcon"], - "format": "json", - "count": 5 - } - response = requests.post( - f"{self.base_url}/api/v1/export/events", - headers=self.headers, - json=export_request, - timeout=30 - ) - results["export_events"] = { - "status": response.status_code, - "success": response.status_code in [200, 201] - } - except Exception as e: - results["export_events"] = {"error": str(e), "success": False} - - return results - - def test_metrics_endpoints(self) -> Dict[str, Any]: - """Test metrics endpoints""" - results = {} - - # Test get metrics - try: - response = requests.get(f"{self.base_url}/api/v1/metrics", headers=self.headers, timeout=30) - results["get_metrics"] = { - "status": response.status_code, - "success": response.status_code == 200 - } - except Exception as e: - results["get_metrics"] = {"error": str(e), "success": False} - - # Test generator metrics - try: - response = requests.get(f"{self.base_url}/api/v1/metrics/generators", headers=self.headers, timeout=30) - results["generator_metrics"] = { - "status": response.status_code, - "success": response.status_code == 200 - } - except Exception as e: - results["generator_metrics"] = {"error": str(e), "success": False} - - return results - - def test_search_endpoints(self) -> Dict[str, Any]: - """Test search endpoints""" - results = {} - - # Test search generators - try: - search_params = {"q": "crowdstrike", "type": "generators"} - response = requests.get( - f"{self.base_url}/api/v1/search", - headers=self.headers, - params=search_params, - timeout=30 - ) - results["search_generators"] = { - "status": response.status_code, - "success": response.status_code == 200 - } - except Exception as e: - results["search_generators"] = {"error": str(e), "success": False} - - # Test search parsers - try: - search_params = {"q": "firewall", "type": "parsers"} - response = requests.get( - f"{self.base_url}/api/v1/search", - headers=self.headers, - params=search_params, - timeout=30 - ) - results["search_parsers"] = { - "status": response.status_code, - "success": response.status_code == 200 - } - except Exception as e: - results["search_parsers"] = {"error": str(e), "success": False} - - return results - - def run_all_additional_tests(self) -> Dict[str, Any]: - """Run all additional endpoint tests""" - print("Running additional endpoint tests...") - - all_results = { - "parsers": self.test_parsers_endpoints(), - "validation": self.test_validation_endpoints(), - "scenarios": self.test_scenarios_endpoints(), - "export": self.test_export_endpoints(), - "metrics": self.test_metrics_endpoints(), - "search": self.test_search_endpoints() - } - - # Calculate summary - total_tests = 0 - passed_tests = 0 - - for category, tests in all_results.items(): - for test_name, result in tests.items(): - total_tests += 1 - if result.get("success", False): - passed_tests += 1 - - success_rate = (passed_tests / total_tests) * 100 if total_tests > 0 else 0 - - summary = { - "total_tests": total_tests, - "passed_tests": passed_tests, - "success_rate": success_rate, - "results_by_category": all_results - } - - return summary - - -def run_additional_tests(): - """Run additional endpoint tests and display results""" - tester = AdditionalEndpointTests() - results = tester.run_all_additional_tests() - - print("\n" + "="*60) - print("ADDITIONAL ENDPOINT TEST RESULTS") - print("="*60) - - print(f"📊 Total Tests: {results['total_tests']}") - print(f"✅ Passed: {results['passed_tests']}") - print(f"❌ Failed: {results['total_tests'] - results['passed_tests']}") - print(f"📈 Success Rate: {results['success_rate']:.1f}%") - - print("\n📋 RESULTS BY ENDPOINT CATEGORY:") - for category, tests in results["results_by_category"].items(): - category_passed = sum(1 for test in tests.values() if test.get("success", False)) - category_total = len(tests) - category_rate = (category_passed / category_total) * 100 if category_total > 0 else 0 - - status = "✅" if category_rate == 100 else "⚠️" if category_rate >= 50 else "❌" - print(f" {status} {category.upper()}: {category_passed}/{category_total} ({category_rate:.1f}%)") - - for test_name, result in tests.items(): - test_status = "✅" if result.get("success", False) else "❌" - status_code = result.get("status", "N/A") - error = result.get("error", "") - - if error: - print(f" {test_status} {test_name}: ERROR - {error[:50]}...") - else: - print(f" {test_status} {test_name}: Status {status_code}") - - return results - - -if __name__ == "__main__": - run_additional_tests() \ No newline at end of file diff --git a/api/tests/validation_tests/comprehensive_api_test.py b/api/tests/validation_tests/comprehensive_api_test.py deleted file mode 100644 index 3ab75fd..0000000 --- a/api/tests/validation_tests/comprehensive_api_test.py +++ /dev/null @@ -1,960 +0,0 @@ -#!/usr/bin/env python3 -""" -Comprehensive API Test Suite for Jarvis Coding API -QA Testing Framework with Authentication, Functional, and Integration Testing - -This test suite provides comprehensive validation of: -- Authentication and authorization -- All API endpoints functionality -- Input validation and error handling -- Performance and load testing -- Security testing -- Integration testing between services -""" - -import asyncio -import json -import time -import sys -import os -import requests -import threading -from typing import Dict, List, Optional, Any -from dataclasses import dataclass, asdict -from datetime import datetime -import logging -from pathlib import Path -import subprocess -import signal -from concurrent.futures import ThreadPoolExecutor, as_completed -import random -import string - -# Add parent directory to path for imports -sys.path.insert(0, str(Path(__file__).parent.parent.parent)) - - -@dataclass -class TestResult: - """Test result data structure""" - test_name: str - category: str - passed: bool - duration_ms: float - error_message: Optional[str] = None - details: Optional[Dict] = None - status_code: Optional[int] = None - response_data: Optional[Dict] = None - - -@dataclass -class TestReport: - """Comprehensive test report""" - start_time: datetime - end_time: datetime - total_tests: int - passed_tests: int - failed_tests: int - categories: Dict[str, Dict] - results: List[TestResult] - issues: List[Dict] - recommendations: List[str] - performance_metrics: Dict[str, Any] - - -class APITestFramework: - """Comprehensive API Testing Framework""" - - def __init__(self, base_url: str = "http://localhost:8000", api_key: str = None): - self.base_url = base_url - - # Test API keys for different roles - self.test_keys = { - "admin": "admin-test-key-123456789012345678901234", - "write": "write-test-key-123456789012345678901234", - "read": "read-test-key-1234567890123456789012345", - "invalid": "invalid-key-123456789012345678901234" - } - - # Use admin key as default for functional tests - self.api_key = api_key or self.test_keys["admin"] - self.headers = {"X-API-Key": self.api_key, "Content-Type": "application/json"} - self.results: List[TestResult] = [] - self.server_process: Optional[subprocess.Popen] = None - self.logger = self._setup_logging() - - def _setup_logging(self) -> logging.Logger: - """Setup logging for test framework""" - logger = logging.getLogger("api_test_framework") - logger.setLevel(logging.INFO) - - if not logger.handlers: - handler = logging.StreamHandler() - formatter = logging.Formatter( - '%(asctime)s - %(name)s - %(levelname)s - %(message)s' - ) - handler.setFormatter(formatter) - logger.addHandler(handler) - - return logger - - async def start_api_server(self) -> bool: - """Start the API server for testing""" - try: - # Set environment variables for testing - env = os.environ.copy() - env.update({ - "DISABLE_AUTH": "false", - "JARVIS_ADMIN_KEYS": self.test_keys["admin"], - "JARVIS_WRITE_KEYS": self.test_keys["write"], - "JARVIS_READ_KEYS": self.test_keys["read"], - "RATE_LIMIT_ADMIN": "1000", - "RATE_LIMIT_WRITE": "500", - "RATE_LIMIT_READ": "100" - }) - - api_dir = Path(__file__).parent.parent - self.logger.info(f"Starting API server from {api_dir}") - - # Use the virtual environment Python executable - project_root = api_dir.parent - venv_python = project_root / ".venv" / "bin" / "python" - python_executable = str(venv_python) if venv_python.exists() else "/opt/homebrew/bin/python3" - - # Start server in background - self.server_process = subprocess.Popen( - [python_executable, "start_api.py"], - cwd=api_dir, - env=env, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE - ) - - # Wait for server to start - await asyncio.sleep(3) - - # Test server is responding - try: - response = requests.get(f"{self.base_url}/", timeout=5) - if response.status_code == 200: - self.logger.info("API server started successfully") - return True - except requests.RequestException: - pass - - self.logger.error("Failed to start API server") - return False - - except Exception as e: - self.logger.error(f"Error starting API server: {e}") - return False - - def stop_api_server(self): - """Stop the API server""" - if self.server_process: - self.logger.info("Stopping API server") - self.server_process.terminate() - self.server_process.wait(timeout=10) - self.server_process = None - - def _execute_test(self, test_func, test_name: str, category: str) -> TestResult: - """Execute a single test and return result""" - start_time = time.time() - - try: - result = test_func() - duration_ms = (time.time() - start_time) * 1000 - - if isinstance(result, dict) and result.get("passed", False): - return TestResult( - test_name=test_name, - category=category, - passed=True, - duration_ms=duration_ms, - details=result.get("details"), - status_code=result.get("status_code"), - response_data=result.get("response_data") - ) - else: - return TestResult( - test_name=test_name, - category=category, - passed=False, - duration_ms=duration_ms, - error_message=result.get("error") if isinstance(result, dict) else str(result), - details=result.get("details") if isinstance(result, dict) else None - ) - - except Exception as e: - duration_ms = (time.time() - start_time) * 1000 - return TestResult( - test_name=test_name, - category=category, - passed=False, - duration_ms=duration_ms, - error_message=str(e) - ) - - def _make_request(self, method: str, endpoint: str, headers: Dict = None, - data: Dict = None, params: Dict = None) -> Dict: - """Make HTTP request and return standardized response""" - try: - url = f"{self.base_url}{endpoint}" - request_headers = headers or self.headers - - if method.upper() == "GET": - response = requests.get(url, headers=request_headers, params=params, timeout=30) - elif method.upper() == "POST": - response = requests.post(url, headers=request_headers, json=data, params=params, timeout=30) - elif method.upper() == "PUT": - response = requests.put(url, headers=request_headers, json=data, params=params, timeout=30) - elif method.upper() == "DELETE": - response = requests.delete(url, headers=request_headers, params=params, timeout=30) - else: - return {"passed": False, "error": f"Unsupported method: {method}"} - - return { - "passed": True, - "status_code": response.status_code, - "response_data": response.json() if response.content else {}, - "headers": dict(response.headers) - } - - except requests.RequestException as e: - return {"passed": False, "error": f"Request failed: {str(e)}"} - except Exception as e: - return {"passed": False, "error": f"Unexpected error: {str(e)}"} - - # ============================================================================ - # AUTHENTICATION AND AUTHORIZATION TESTS - # ============================================================================ - - def test_no_auth_required_endpoints(self) -> Dict: - """Test endpoints that don't require authentication""" - # Root endpoint - result = self._make_request("GET", "/") - if not result["passed"]: - return result - - if result["status_code"] != 200: - return {"passed": False, "error": f"Root endpoint returned {result['status_code']}"} - - # Health endpoint - result = self._make_request("GET", "/api/v1/health") - if not result["passed"]: - return result - - if result["status_code"] != 200: - return {"passed": False, "error": f"Health endpoint returned {result['status_code']}"} - - return {"passed": True, "details": "Public endpoints accessible"} - - def test_missing_api_key(self) -> Dict: - """Test requests without API key are rejected""" - no_auth_headers = {"Content-Type": "application/json"} - result = self._make_request("GET", "/api/v1/generators", headers=no_auth_headers) - - if result["status_code"] != 403: - return {"passed": False, "error": f"Expected 403, got {result['status_code']}"} - - return {"passed": True, "details": "Missing API key properly rejected"} - - def test_invalid_api_key(self) -> Dict: - """Test requests with invalid API key are rejected""" - invalid_headers = {"X-API-Key": self.test_keys["invalid"], "Content-Type": "application/json"} - result = self._make_request("GET", "/api/v1/generators", headers=invalid_headers) - - if result["status_code"] != 403: - return {"passed": False, "error": f"Expected 403, got {result['status_code']}"} - - return {"passed": True, "details": "Invalid API key properly rejected"} - - def test_role_based_access_read(self) -> Dict: - """Test read-only role can access read endpoints""" - read_headers = {"X-API-Key": self.test_keys["read"], "Content-Type": "application/json"} - result = self._make_request("GET", "/api/v1/generators", headers=read_headers) - - if result["status_code"] != 200: - return {"passed": False, "error": f"Read role denied access: {result['status_code']}"} - - return {"passed": True, "details": "Read role has proper access"} - - def test_role_based_access_write_denied(self) -> Dict: - """Test read-only role cannot access write endpoints""" - read_headers = {"X-API-Key": self.test_keys["read"], "Content-Type": "application/json"} - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - headers=read_headers, data={"count": 1}) - - if result["status_code"] != 403: - return {"passed": False, "error": f"Read role allowed write access: {result['status_code']}"} - - return {"passed": True, "details": "Read role properly denied write access"} - - def test_role_based_access_write_allowed(self) -> Dict: - """Test write role can access write endpoints""" - write_headers = {"X-API-Key": self.test_keys["write"], "Content-Type": "application/json"} - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - headers=write_headers, data={"count": 1, "format": "json"}) - - if result["status_code"] not in [200, 201]: - return {"passed": False, "error": f"Write role denied access: {result['status_code']}"} - - return {"passed": True, "details": "Write role has proper access"} - - def test_admin_access(self) -> Dict: - """Test admin role has full access""" - admin_headers = {"X-API-Key": self.test_keys["admin"], "Content-Type": "application/json"} - - # Test read access - result = self._make_request("GET", "/api/v1/generators", headers=admin_headers) - if result["status_code"] != 200: - return {"passed": False, "error": f"Admin denied read access: {result['status_code']}"} - - # Test write access - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - headers=admin_headers, data={"count": 1, "format": "json"}) - if result["status_code"] not in [200, 201]: - return {"passed": False, "error": f"Admin denied write access: {result['status_code']}"} - - return {"passed": True, "details": "Admin role has full access"} - - # ============================================================================ - # FUNCTIONAL ENDPOINT TESTS - # ============================================================================ - - def test_list_generators(self) -> Dict: - """Test listing all generators""" - result = self._make_request("GET", "/api/v1/generators") - - if result["status_code"] != 200: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - data = result["response_data"] - if not data.get("success"): - return {"passed": False, "error": "Response not successful"} - - if "generators" not in data.get("data", {}): - return {"passed": False, "error": "No generators in response"} - - generators = data["data"]["generators"] - if not isinstance(generators, list) or len(generators) == 0: - return {"passed": False, "error": "No generators found"} - - return {"passed": True, "details": f"Found {len(generators)} generators"} - - def test_list_generators_with_filters(self) -> Dict: - """Test generator listing with filters""" - # Test category filter - result = self._make_request("GET", "/api/v1/generators", params={"category": "endpoint_security"}) - - if result["status_code"] != 200: - return {"passed": False, "error": f"Category filter failed: {result['status_code']}"} - - # Test search filter - result = self._make_request("GET", "/api/v1/generators", params={"search": "crowdstrike"}) - - if result["status_code"] != 200: - return {"passed": False, "error": f"Search filter failed: {result['status_code']}"} - - return {"passed": True, "details": "Filters working correctly"} - - def test_get_generator_details(self) -> Dict: - """Test getting details for a specific generator""" - result = self._make_request("GET", "/api/v1/generators/crowdstrike_falcon") - - if result["status_code"] != 200: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - data = result["response_data"] - if not data.get("success"): - return {"passed": False, "error": "Response not successful"} - - generator_data = data.get("data", {}) - required_fields = ["name", "category", "vendor"] - - for field in required_fields: - if field not in generator_data: - return {"passed": False, "error": f"Missing field: {field}"} - - return {"passed": True, "details": "Generator details complete"} - - def test_get_nonexistent_generator(self) -> Dict: - """Test getting details for non-existent generator""" - result = self._make_request("GET", "/api/v1/generators/nonexistent_generator") - - if result["status_code"] != 404: - return {"passed": False, "error": f"Expected 404, got {result['status_code']}"} - - return {"passed": True, "details": "Non-existent generator properly returns 404"} - - def test_execute_generator(self) -> Dict: - """Test executing a generator""" - data = {"count": 3, "format": "json", "star_trek_theme": True} - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", data=data) - - if result["status_code"] not in [200, 201]: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - response_data = result["response_data"] - if not response_data.get("success"): - return {"passed": False, "error": "Execution not successful"} - - exec_data = response_data.get("data", {}) - if exec_data.get("count", 0) != 3: - return {"passed": False, "error": f"Expected 3 events, got {exec_data.get('count')}"} - - if not exec_data.get("events"): - return {"passed": False, "error": "No events returned"} - - return {"passed": True, "details": f"Generated {exec_data.get('count')} events in {exec_data.get('execution_time_ms', 0):.2f}ms"} - - def test_batch_execute_generators(self) -> Dict: - """Test batch execution of multiple generators""" - batch_data = { - "executions": [ - {"generator_id": "crowdstrike_falcon", "count": 2, "format": "json"}, - {"generator_id": "okta_authentication", "count": 1, "format": "json"} - ] - } - - result = self._make_request("POST", "/api/v1/generators/batch/execute", data=batch_data) - - if result["status_code"] not in [200, 201]: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - response_data = result["response_data"] - if not response_data.get("success"): - return {"passed": False, "error": "Batch execution not successful"} - - batch_result = response_data.get("data", {}) - executions = batch_result.get("executions", []) - - if len(executions) != 2: - return {"passed": False, "error": f"Expected 2 executions, got {len(executions)}"} - - return {"passed": True, "details": f"Batch executed {len(executions)} generators"} - - def test_generator_validation(self) -> Dict: - """Test generator validation endpoint""" - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/validate", - params={"sample_size": 3}) - - if result["status_code"] != 200: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - data = result["response_data"] - if not data.get("success"): - return {"passed": False, "error": "Validation not successful"} - - return {"passed": True, "details": "Generator validation working"} - - def test_generator_schema(self) -> Dict: - """Test generator schema endpoint""" - result = self._make_request("GET", "/api/v1/generators/crowdstrike_falcon/schema") - - if result["status_code"] != 200: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - data = result["response_data"] - if not data.get("success"): - return {"passed": False, "error": "Schema request not successful"} - - schema_data = data.get("data", {}) - if "schema" not in schema_data: - return {"passed": False, "error": "No schema in response"} - - return {"passed": True, "details": "Schema endpoint working"} - - def test_list_categories(self) -> Dict: - """Test listing generator categories""" - result = self._make_request("GET", "/api/v1/generators/categories") - - if result["status_code"] != 200: - return {"passed": False, "error": f"Status code: {result['status_code']}"} - - data = result["response_data"] - if not data.get("success"): - return {"passed": False, "error": "Categories request not successful"} - - categories = data.get("data", {}).get("categories", []) - if not categories: - return {"passed": False, "error": "No categories found"} - - return {"passed": True, "details": f"Found {len(categories)} categories"} - - # ============================================================================ - # INPUT VALIDATION AND ERROR HANDLING TESTS - # ============================================================================ - - def test_invalid_json_payload(self) -> Dict: - """Test handling of invalid JSON payloads""" - headers = self.headers.copy() - try: - response = requests.post( - f"{self.base_url}/api/v1/generators/crowdstrike_falcon/execute", - headers=headers, - data="invalid json{", # Malformed JSON - timeout=30 - ) - - if response.status_code not in [400, 422]: - return {"passed": False, "error": f"Expected 400/422, got {response.status_code}"} - - return {"passed": True, "details": "Invalid JSON properly rejected"} - - except Exception as e: - return {"passed": False, "error": f"Request failed: {str(e)}"} - - def test_missing_required_fields(self) -> Dict: - """Test validation of missing required fields""" - # Missing count field - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - data={"format": "json"}) - - if result["status_code"] not in [400, 422]: - return {"passed": False, "error": f"Missing field not caught: {result['status_code']}"} - - return {"passed": True, "details": "Missing required fields properly validated"} - - def test_invalid_field_values(self) -> Dict: - """Test validation of invalid field values""" - # Invalid count (negative) - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - data={"count": -1, "format": "json"}) - - if result["status_code"] not in [400, 422]: - return {"passed": False, "error": f"Invalid count not caught: {result['status_code']}"} - - # Invalid format - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - data={"count": 1, "format": "invalid_format"}) - - if result["status_code"] not in [400, 422]: - return {"passed": False, "error": f"Invalid format not caught: {result['status_code']}"} - - return {"passed": True, "details": "Invalid field values properly validated"} - - def test_boundary_values(self) -> Dict: - """Test boundary value validation""" - # Test maximum count (assuming 100 is limit) - result = self._make_request("POST", "/api/v1/generators/crowdstrike_falcon/execute", - data={"count": 1000, "format": "json"}) - - # Should either succeed or return proper validation error - if result["status_code"] not in [200, 201, 400, 422]: - return {"passed": False, "error": f"Unexpected status for boundary test: {result['status_code']}"} - - return {"passed": True, "details": "Boundary values handled appropriately"} - - # ============================================================================ - # PERFORMANCE TESTS - # ============================================================================ - - def test_response_time(self) -> Dict: - """Test API response times are reasonable""" - start_time = time.time() - result = self._make_request("GET", "/api/v1/generators") - duration_ms = (time.time() - start_time) * 1000 - - if not result["passed"]: - return result - - if duration_ms > 5000: # 5 second threshold - return {"passed": False, "error": f"Response time too slow: {duration_ms:.2f}ms"} - - return {"passed": True, "details": f"Response time: {duration_ms:.2f}ms"} - - def test_concurrent_requests(self) -> Dict: - """Test handling of concurrent requests""" - def make_concurrent_request(): - return self._make_request("GET", "/api/v1/generators") - - try: - with ThreadPoolExecutor(max_workers=10) as executor: - futures = [executor.submit(make_concurrent_request) for _ in range(10)] - results = [future.result() for future in as_completed(futures)] - - successful_requests = sum(1 for r in results if r["passed"] and r["status_code"] == 200) - - if successful_requests < 8: # Allow for some failures - return {"passed": False, "error": f"Only {successful_requests}/10 concurrent requests succeeded"} - - return {"passed": True, "details": f"{successful_requests}/10 concurrent requests succeeded"} - - except Exception as e: - return {"passed": False, "error": f"Concurrent test failed: {str(e)}"} - - # ============================================================================ - # SECURITY TESTS - # ============================================================================ - - def test_sql_injection_attempts(self) -> Dict: - """Test protection against SQL injection""" - # Test SQL injection in query parameters - malicious_params = { - "search": "'; DROP TABLE generators; --", - "category": "1' OR '1'='1", - "vendor": "test'; SELECT * FROM users; --" - } - - result = self._make_request("GET", "/api/v1/generators", params=malicious_params) - - # Should not cause server error - if result["status_code"] == 500: - return {"passed": False, "error": "SQL injection may have caused server error"} - - return {"passed": True, "details": "SQL injection attempts handled safely"} - - def test_xss_attempts(self) -> Dict: - """Test protection against XSS""" - xss_payload = "" - - result = self._make_request("GET", "/api/v1/generators", params={"search": xss_payload}) - - if result["passed"] and result["status_code"] == 200: - # Check if XSS payload is properly escaped in response - response_text = str(result["response_data"]) - if "