Format d'export de log OGO

{  
    "@version": "1", // Internal log export configuration version  
    "action": "suspicious", // Action taken by OGO  
    "cache": "NONE", // Is the ressoure cached by OGO  
    "cause": "", // Cause of the action  
    "clientIP": "1.1.1.1", // Client IP  
    "clientPort": "56738", // Port of the client  
    "clusterId": "163.172.105.73", // Cluster UID  
    "countryCode": "FR", // Country code ISO 2  
    "geoIp": {
        "countryCode":"FR",
        "cityName":"Paris",    
        "latitude":"48.844",     
        "longitude":"2.408"  
    }, 
    "requestInfo": { // Request meta data    
        "scheme": "https", // Scheme : http or https    
        "method": "GET", // Request method    
        "protocol": "HTTP/2.0", // Request protocol    
        "content-size": "0", // Request body content-size    
        "query-string": "some_query=...", // Query parameters    
        "request-uri": "/some-vulnerable-path" // Path (without Query parameters)  
    },  
    "requestHeaders": { // Request headers    
        "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",    
        "user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36"    
        "x-forwarded-for": [      "1.1.1.1"    ],    
        "host": "example.com"
    },  
    "responseHeaders": { // Response headers    
        "content-encoding": "gzip",    
        "content-type": "text/html; charset=UTF-8",    ...  
    },  
    "ogo": { // OGO Actions    
        "whitelistedIp": "false", // Is IP a whitelisted IP    
        "blocked": "false", // Is the request blocked    
        "driveUid": "45B5F128B47C4AD494DB7F8B0D1D539D", // Strongest belief drive UID which react to the request    
        "driveLabel" "Command Injection - Bash", // Strongest belief drive translation    
        "dryRun": "false", // Is in Audit mode    
        "geoBlocked": "false", // Is the country geoblocked    
        "appliedAction": "brain", // OGO Action, can be : brain (analyzed) / bypass (not analyzed) / denied (blocked by access control rule),    
        "credibility": 51000 // credibility rating of the request, value between 0 and 100,000, IP is temporary banned when dropped below the acceptability threshold.  
    },  
    "ogoVersion": "1", // Internal log export configuration version, only present for Microsoft Sentinel v2,  
    "requestBody": "...", // only show if detected drive inside,  
    "requestUrl": "https://example.com/some-vulnerable-page?some_query=...", // Full URL  
    "responseCode": 200, // Origin server response code  
    "responseContentSize": 34143, // Body response content-size  
    "responseTimeMs": 112, // Response time between OGO and Origin server  
    "serviceAddr": "2.2.2.2", // Origin server IP address  
    "site": "example.com", // Normalized FQDN  
    "TimeGenerated": "2024-04-24T01:08:02.491Z" // ISO8601 of timestamp, only present for Microsoft Sentinel v2  
    "timestamp": 1657875209811, // Epoch milliseconds timestamp of the start of the request  
    "tlsCipher": "TLS_AES_128_GCM_SHA256", // Used TLS Cipher  
    "tlsVersion": "1.3", // TLS Version 
}