Expand description
Entity mapping preprocessor.
⚠️ DEPRECATED: Use entity-analysis preprocess instead.
# Old (deprecated):
vault-audit preprocess-entities logs/*.log --output mappings.json
# New (recommended):
vault-audit entity-analysis preprocess logs/*.log --output mappings.jsonNote: Most commands now auto-preprocess entity mappings, so this is rarely needed!
See entity_analysis for the unified command.
Extracts entity-to-alias mappings from audit logs and exports to JSON or CSV, creating a baseline for subsequent entity analysis. Supports multi-file processing for comprehensive entity mapping.
§Usage
# Single file preprocessing (JSON default)
vault-audit preprocess-entities audit.log --output entity-mappings.json
# Multi-day comprehensive mapping (CSV)
vault-audit preprocess-entities logs/*.log --output entity-mappings.csv --format csv
# JSON format for entity-creation command
vault-audit preprocess-entities logs/*.log --output entity-mappings.json --format json§Output
Generates JSON or CSV containing:
- Entity ID
- Display name
- Mount path and accessor
- Username (if available)
- Login count
- First and last seen timestamps
This output can be used as a baseline for:
entity-creationcommand (accepts both CSV and JSON)client-activitycommand (JSON format)- External analysis tools
- Historical trending
Structs§
- Entity
Mapping - Entity mapping with login statistics
Functions§
- build_
entity_ map - Build entity mappings from audit logs without writing to file.
Returns
HashMapofentity_id->EntityMappingfor reuse by other commands. - run