# Material Security 로그 ## 개요 Panther는 수집합니다 [Material Security](https://material.security/) Material에서 이벤트 구독을 구성하여 이벤트를 Panther의 HTTP 엔드포인트로 전달하도록 로그를 전송합니다. Material Security는 Microsoft 365 및 Google Workspace용 통합 이메일 보안, 사용자 행동 분석(UBS), 및 데이터 유출 방지 솔루션입니다. ## **Material Security 로그를 Panther에 온보딩하는 방법** ### 1단계: Panther에서 새 Material Security 소스 생성 이 로그를 Panther에 연결하려면: 1. Panther 콘솔의 왼쪽 탐색 창에서 **구성** > **로그 소스**. 2. 를 선택하고 Panther가 설치된 계정 ID를 입력하십시오. **새로 만들기**. 3. “Material Security”를 검색한 다음 해당 타일을 클릭합니다. 4. 슬라이드 아웃 패널에서 클릭하세요 **설정 시작**.
On the right side of the screen, there is a slide-out panel titled "Material Security." There is an arrow drawn to a "Start Setup" button.
5. Panther의 [HTTP 소스 구성에 대한 지침을 따르세요](https://docs.panther.com/data-onboarding/data-transports/http#how-to-set-up-an-http-log-source-in-panther)5단계부터 시작하여. * 일반 구성 **인증 방법** 드롭다운 필드에서 다음을 선택하세요 **Bearer**. * 이 소스로 전송된 페이로드는 다음의 적용을 받습니다 [모든 HTTP 소스에 대한 페이로드 요구사항](https://docs.panther.com/data-onboarding/data-transports/http#payload-requirements). * HTTP 엔드포인트 생성이 완료될 때까지 다음 단계로 진행하지 마세요. ### 2단계: Material Security에서 이벤트 구독 생성 1. Material Security 테넌트에 로그인합니다. 2. 우측 상단 모서리에서 퍼즐 조각(**통합**) 아이콘을 클릭합니다. 3. 왼쪽 탐색 표시줄에서 다음을 선택합니다 **탭에서 생성된 스키마를 확인하세요.**. 4. 오른쪽 상단에서 **구독 생성(Create Subscription)**. 5. 일반 구성 **구독 생성(Create Subscription)** 양식, 아래에 **이벤트 및 알림 유형**, 다음 필드의 값을 입력하세요: * **이벤트**: **새 케이스 생성됨**. * **알림 유형**: **웹후크**. * **구독 이름**: 짧은 설명을 입력합니다. 6. 에서 **이벤트별 옵션**에서, **케이스 출처** 필드에서 해당되는 모든 옵션을 선택합니다. 7. 에서 **알림**, 다음 필드의 값을 입력하세요: * **HTTP 메서드**: **메서드** > **HTTP 원시 이벤트(HTTP Raw events)**. * **URI**: Panther에서 이전 단계에서 생성한 **HTTP 소스 URL** Panther에서 생성한 것을 [1단계](#step-1-create-a-new-material-security-source-in-panther). 8. 에서 **헤더**에서, **헤더** 필드에 Panther에 입력하거나 생성한 베어러 토큰을 추가합니다 [1단계](#step-1-create-a-new-material-security-source-in-panther)예: `{ "Authorization": "Bearer " }`. 9. 우측 상단에서 클릭합니다 **"Resource": "\"**. ## 지원되는 로그 유형 ### Material.CaseCreated ```yaml 스키마: Material.NewCaseCreated 설명: Material에서 생성된 케이스 참조 URL: https://material.security/ 필드: - name: caseCreated type: object 필드: - name: _internal type: object 필드: - name: internalAllMarks type: array element: type: object 필드: - name: markedBy type: object 필드: - name: acctEmail type: string 지표: - 이메일 - name: acctId type: string - name: csp type: string - name: isAdmin 유형: boolean - name: uAcctId type: string - name: userReport type: object 필드: - name: job type: object 필드: - name: jobId type: string - name: jobType type: string - name: reportedInMsftReportMsgAddin 유형: boolean - name: reportedInOutlookAddin 유형: boolean - name: labelName type: string - name: reportedStub 유형: boolean - name: ruleMatch type: object 필드: - 이름: id type: string - name: markedAt type: string - name: internalMark type: object 필드: - name: markedBy type: object 필드: - name: acctEmail type: string - name: acctId type: string - name: csp type: string - name: isAdmin 유형: boolean - name: uAcctId type: string - name: userReport type: object 필드: - name: job type: object 필드: - name: jobId type: string - name: jobType type: string - name: reportedInMsftReportMsgAddin 유형: boolean - name: reportedInOutlookAddin 유형: boolean - name: labelName type: string - name: reportedStub 유형: boolean - name: ruleMatch type: object 필드: - 이름: id type: string - name: markedAt type: string - name: caseId type: string - name: createdAt type: timestamp timeFormats: - rfc3339 - name: createdBy type: object 필드: - name: system 유형: boolean - name: mark type: object 필드: - name: userReport type: object 필드: - name: reportingMethod type: string - name: ruleMatch type: object 필드: - 이름: ruleId type: string - name: ruleName type: string - name: ruleProvenanceType type: string - name: markType type: string - name: markedAt type: timestamp timeFormats: - rfc3339 - name: markedBy type: object 필드: - name: actor type: object 필드: - name: acctEmail type: string 지표: - 이메일 - name: acctId type: string - name: csp type: string - name: isAdmin 유형: boolean - name: uAcctId type: string - name: system 유형: boolean - name: messageId type: string - 이름: eventId type: string - name: forCase type: object 필드: - name: caseId type: string - 이름: info type: object 필드: - name: remedyHistory type: array element: type: object 필드: - 이름: reason type: object 필드: - name: userReport type: object 필드: - name: global 유형: boolean - 이름: 룰 type: object 필드: - 이름: ruleId type: string - name: remedy type: object 필드: - name: markSpam type: object 필드: - name: selected 유형: boolean - name: vaxAllow type: object 필드: - name: selected 유형: boolean - name: vaxDeny type: object 필드: - name: selected 유형: boolean - name: vaxTeach type: object 필드: - name: message type: string - name: selected 유형: boolean - name: vaxBanner type: object 필드: - name: message type: string - name: selected 유형: boolean - name: reporterAcknowledgementConfig type: object 필드: - name: acknowledgeNewReporters 유형: boolean - name: acknowledgePreviousReporters 유형: boolean - name: acknowledgementMessage type: string - 이름: id type: string - 이름: type type: string - name: version type: string - name: judgedBy type: string - name: caseAnalysis type: object 필드: - name: caseId type: string - name: completedAt type: timestamp timeFormats: - rfc3339 - name: judgement type: string - name: reasons type: array element: type: string - 이름: type type: string - name: caseAnalysisHistory type: array element: type: object 필드: - name: caseId type: string - name: completedAt type: timestamp timeFormats: - rfc3339 - name: judgement type: string - name: reasons type: array element: type: string - 이름: type type: string - name: recommendedJudgementCategory type: string - 이름: orgId type: string - name: caseId type: string - name: closedStatus type: string - name: createdAt type: timestamp timeFormats: - rfc3339 - name: hasNovelDomain 유형: boolean - name: hasNovelSender 유형: boolean - name: isHistorical 유형: boolean - name: isShadow 유형: boolean - name: judgedAt type: string - name: judgementCategory type: string - name: judgementHistory type: array element: type: object 필드: - name: judgedBy type: string - name: recommendedJudgementCategory type: string - name: judgedAt type: timestamp timeFormats: - rfc3339 - name: judgementCategory type: string - name: judgementReason type: object 필드: - name: default 유형: boolean - name: adminReport 유형: boolean - name: caseClassification 유형: boolean - name: modelName type: string - name: modelVersion type: string - name: reasons type: array element: type: string - name: score type: float - 이름: 룰 type: object 필드: - name: custom type: object 필드: - 이름: ruleId type: string - name: builtIn type: object 필드: - 이름: ruleId type: string - name: judgementReason type: object 필드: - name: default 유형: boolean - name: adminReport 유형: boolean - name: caseClassification 유형: boolean - name: modelName type: string - name: modelVersion type: string - name: reasons type: array element: type: string - name: score type: float - 이름: 룰 type: object 필드: - name: custom type: object 필드: - 이름: ruleId type: string - name: builtIn type: object 필드: - 이름: ruleId type: string - name: newMarkedMessagesCount type: bigint - name: newSimilarMessagesCount type: bigint - name: remediateSimilarMessages 유형: boolean - name: remedy type: object 필드: - 이름: reason type: object 필드: - name: userReport type: object 필드: - name: global 유형: boolean - 이름: 룰 type: object 필드: - 이름: ruleId type: string - name: remedy type: object 필드: - name: vaxTeach type: object 필드: - name: message type: string - name: selected 유형: boolean - name: markSpam type: object 필드: - name: selected 유형: boolean - name: vaxDeny type: object 필드: - name: selected 유형: boolean - name: vaxBanner type: object 필드: - name: message type: string - name: selected 유형: boolean - name: vaxAllow type: object 필드: - name: selected 유형: boolean - name: reporterAcknowledgementConfig type: object 필드: - name: acknowledgeNewReporters 유형: boolean - name: acknowledgePreviousReporters 유형: boolean - name: acknowledgementMessage type: string - 이름: id type: string - 이름: type type: string - name: version type: string - name: reviewedStatus type: string - name: shouldInvestigate 유형: boolean - name: updatedAt type: timestamp timeFormats: - rfc3339 - 이름: status type: object 필드: - name: caseId type: string - name: createdAt type: timestamp timeFormats: - rfc3339 - name: investigation type: object 필드: - name: override type: object 필드: - name: createdAt type: timestamp timeFormats: - rfc3339 - name: isShadow 유형: boolean - name: remedy type: object 필드: - 이름: reason type: object 필드: - name: userReport type: object 필드: - name: global 유형: boolean - 이름: 룰 type: object 필드: - 이름: ruleId type: string - name: remedy type: object 필드: - name: vaxTeach type: object 필드: - name: message type: string - name: selected 유형: boolean - name: markSpam type: object 필드: - name: selected 유형: boolean - name: vaxDeny type: object 필드: - name: selected 유형: boolean - name: vaxBanner type: object 필드: - name: message type: string - name: selected 유형: boolean - name: vaxAllow type: object 필드: - name: selected 유형: boolean - name: reporterAcknowledgementConfig type: object 필드: - name: acknowledgeNewReporters 유형: boolean - name: acknowledgePreviousReporters 유형: boolean - name: acknowledgementMessage type: string - 이름: id type: string - 이름: type type: string - name: version type: string - name: remedyHistory type: array element: type: object 필드: - 이름: reason type: object 필드: - name: userReport type: object 필드: - name: global 유형: boolean - 이름: 룰 type: object 필드: - 이름: ruleId type: string - name: remedy type: object 필드: - name: vaxTeach type: object 필드: - name: message type: string - name: selected 유형: boolean - name: markSpam type: object 필드: - name: selected 유형: boolean - name: vaxDeny type: object 필드: - name: selected 유형: boolean - name: vaxBanner type: object 필드: - name: message type: string - name: selected 유형: boolean - name: vaxAllow type: object 필드: - name: selected 유형: boolean - name: reporterAcknowledgementConfig type: object 필드: - name: acknowledgeNewReporters 유형: boolean - name: acknowledgePreviousReporters 유형: boolean - name: acknowledgementMessage type: string - 이름: id type: string - 이름: type type: string - name: version type: string - name: reviewed type: object 필드: - 이름: status type: string - name: forMessage type: object 필드: - name: json type: object 필드: - name: inReplyTo type: string - name: sender type: string - name: xMailer type: string - name: inReplyTos type: array element: type: string - name: references type: array element: type: string - name: rawReplyTo type: array element: type: string - name: replyTo type: array element: type: string - name: dkim type: string - name: dmarc type: string - name: spf type: string - name: received type: array element: type: string - name: acctEmail type: string 지표: - 이메일 - name: acctId type: string - name: attachmentIds type: array element: type: string - name: attachmentMimes type: array element: type: string - name: attachmentNames type: array element: type: string - name: attachments type: array element: type: object 필드: - name: attachId type: string - 이름: filename type: string - name: md5 type: string 지표: - md5 - name: mime type: string - name: sha256 type: string 지표: - sha256 - name: size type: bigint - name: store type: string 설명: 이 로그가 관련된 앱 id. type: timestamp timeFormats: - rfc3339 - 이름: from type: string - name: headers type: array element: type: object 필드: - name: k type: string - name: v type: string - 이름: host type: string - name: hostDate type: timestamp timeFormats: - rfc3339 - name: hostFlags type: object 필드: - name: isDraft 유형: boolean - name: isInbox 유형: boolean - name: isRetrieved 유형: boolean - name: isSent 유형: boolean - name: isSpam 유형: boolean - name: isTrash 유형: boolean - name: isUnread 유형: boolean - name: hostMsgId type: string - name: hostTags type: array element: type: string - name: hostThreadId type: string - name: isDiagnostic 유형: boolean - name: isPurgatoryV2 유형: boolean - name: isStub 유형: boolean - name: links type: array element: type: object 필드: - name: text type: string - name: href type: string - name: messageId type: string - name: numAttachments type: bigint - name: parts type: array element: type: object 필드: - name: attachmentType type: string - name: attachId type: string - 이름: filename type: string - name: md5 type: string 지표: - md5 - name: sha256 type: string 지표: - sha256 - name: store type: string - name: text type: string - name: headers type: array element: type: object 필드: - name: k type: string - name: v type: string - name: mime type: string - name: path type: string - name: size type: bigint - name: rawFrom type: array element: type: string - name: rawTo type: array element: type: string - name: receivedDates type: array element: type: timestamp timeFormats: - rfc3339 - name: snippet type: string - name: snippetMime type: string - name: subject type: string - 이름: to type: array element: type: string - name: totalSize type: bigint - name: uDomainId type: string - 이름: key type: array element: type: string - name: getMaterialBaseUrl type: object 필드: - name: url type: string 지표: - url - 이름: timestamp type: timestamp timeFormats: - rfc3339 isEventTime: true ```