chore(demo): Add demo data for IOT and Cortex XDR

PR #185

Author: paulmnguyen

demo/conf/eventgen_conf/eventgen.conf

@@ -1,4 +1,3 @@
-
 [pan_traffic.samplelog]
 
 outputMode = splunkstream
@@ -650,3 +649,75 @@ disabled = false
 interval = 60
 randomizeEvents = false
 count = 0
+
+[pan_xdr_incidents.json]
+outputMode = splunkstream
+disabled = false 
+earliest = -60s
+latest = now
+interval = 60
+count = 4
+randomizeCount = 0.2
+randomizeEvents = true
+
+sourcetype=pan:xdr_incident
+source = eventgen:pan_xdr_incidents.json
+autotimestamp = 1
+
+[pan_iot_device.json]
+index = main
+count = 4
+earliest = -60s
+latest = now
+interval = 6
+mode = sample
+autotimestamp = true
+sourcetype = json
+randomizeCount = 0.2
+randomizeEvents = true
+sourcetype=pan:iot_device
+source = eventgen:pan_iot_device.json
+
+token.0.token = "last_activity":(\d+)
+token.0.replacementType = replaytimestamp
+token.0.replacement = %Y-%d-%m %H:%M:%S 
+
+token.1.token = "first_seen_date":(\d+)
+token.1.replacementType = replaytimestamp
+token.1.replacement = %Y-%d-%m %H:%M:%S 
+
+[pan_iot_alert.json]
+index = main
+count = 4
+earliest = -60s
+latest = now
+interval = 6
+mode = sample
+autotimestamp = true
+sourcetype = json
+randomizeCount = 0.2
+randomizeEvents = true
+sourcetype=pan:iot_alert
+source = eventgen:pan_iot_alert.json
+
+token.0.token = "date":(\d+)
+token.0.replacementType = replaytimestamp
+token.0.replacement = %Y-%d-%m %H:%M:%S
+
+[pan_iot_vulnerability.json]
+index = main
+count = 4
+earliest = -60s
+latest = now
+interval = 6
+mode = sample
+autotimestamp = true
+sourcetype = json
+randomizeCount = 0.2
+randomizeEvents = true
+sourcetype=pan:iot_vulnerability
+source = eventgen:pan_iot_vulnerability.json
+
+token.0.token = "date":(\d+)
+token.0.replacementType = replaytimestamp
+token.0.replacement = %Y-%d-%m %H:%M:%S