Event Generator
Generates synthetic events for testing pipeline functionality, transformations, and enrichments. This connector allows you to produce sample data that mimics real-world events from various security tools and platforms.
Overview
The Event Generator connector creates realistic synthetic data based on templates from over 50 different data sources including:
- AWS Security Hub Findings
- Crowdstrike security events
- Google Workspace activity logs
- Microsoft Defender alerts
- Okta system logs
- Slack user data
- Snowflake user activity
- And many more
This allows you to test your data pipelines, transformations, and detection rules without needing to connect to actual production systems.
Use Cases
- Pipeline Testing: Validate that your data pipelines are processing events correctly
- Transformation Testing: Verify that your data transformations produce the expected output
- Alert Testing: Test downstream detection rules and alerts
- Demo Environments: Create realistic data for demonstration environments
- Training: Provide sample data for training security analysts
Requirements
The Event Generator connector doesn't require any external credentials or API keys, making it a straightforward plug-and-play connector.
Configuration
The following configuration defines the input parameters for the Event Generator.
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Record Type | string | Yes | The type of record to generate. Must be one of the available template types (see list below). |
| Rate | integer | Yes | The rate at which to generate records (between 1 and 1000 per second). |
Secrets
None required.
Available Record Types
The Event Generator supports creating synthetic data for the following data sources:
| Record Type | Description |
|---|---|
| aws_securityhub_findings | AWS Security Hub vulnerability findings |
| box_events | Box file sharing activity events |
| box_users | Box user management events |
| cloudtrail | AWS CloudTrail audit logs |
| crowdstrike_detect_summaries | Crowdstrike EDR detection events |
| crowdstrike_event_stream | Crowdstrike endpoint security events |
| crowdstrike_falcon_data_replicator | Crowdstrike FDR events |
| duo_security_admin_logs | Duo Security admin activity logs |
| github_audit_logs | GitHub audit and security events |
| google_cloud_logs | Google Cloud Platform logs |
| google_workspace_admin_activity | Google Workspace admin events |
| google_workspace_login_activity | Google Workspace user login events |
| microsoft_azure_activity_logs | Microsoft Azure activity logs |
| microsoft_entra_id | Microsoft Entra ID (formerly Azure AD) events |
| microsoft_log_analytics_query | Microsoft Sentinel log analytics events |
| monad_logs_api | Monad API logs |
| monad_logs_pipeline | Monad pipeline execution logs |
| okta_system_log | Okta authentication and user management events |
| okta_users | Okta user information |
| slack_users | Slack user information |
| snowflake_users | Snowflake user information |
| tenable_assets | Tenable asset discovery data |
| tenable_vulnerability | Tenable vulnerability scan findings |
And many more. The full list contains over 50 different event types.
Implementation Details
The Event Generator uses pre-defined templates to create realistic synthetic data. Each template is based on the actual data structure of the corresponding service's API or logs.
The generator:
- Takes a specified record type and rate as input
- Loads the corresponding template for that record type
- Generates random but valid data following the template structure
- Emits events at the specified rate to your data pipeline
This allows for continuous generation of test data without requiring any external connections.
Example Configuration
{
"settings": {
"record_type": "okta_system_log",
"rate": 10
},
"secrets": {}
}
This configuration will generate 10 synthetic Okta system log events per second.