Expand description
Entity mapping preprocessor.
Extracts entity-to-alias mappings from audit logs and exports to JSON or CSV, creating a baseline for subsequent entity analysis. Supports multi-file processing for comprehensive entity mapping.
§Usage
# Single file preprocessing (JSON default)
vault-audit preprocess-entities audit.log --output entity-mappings.json
# Multi-day comprehensive mapping (CSV)
vault-audit preprocess-entities logs/*.log --output entity-mappings.csv --format csv
# JSON format for entity-creation command
vault-audit preprocess-entities logs/*.log --output entity-mappings.json --format json§Output
Generates JSON or CSV containing:
- Entity ID
- Display name
- Mount path and accessor
- Username (if available)
- Login count
- First and last seen timestamps
This output can be used as a baseline for:
entity-creationcommand (accepts both CSV and JSON)client-activitycommand (JSON format)- External analysis tools
- Historical trending