Event Generator
Generates synthetic events for testing pipeline functionality, transformations, and enrichments. This connector allows you to produce sample data that mimics real-world events from various security tools and platforms.
Overview
The Event Generator connector creates realistic synthetic data based on templates from over 50 different data sources including:
- AWS Security Hub Findings
- Crowdstrike security events
- Google Workspace activity logs
- Microsoft Defender alerts
- Okta system logs
- Slack user data
- Snowflake user activity
- And many more
This allows you to test your data pipelines, transformations, and detection rules without needing to connect to actual production systems.
Use Cases
- Pipeline Testing: Validate that your data pipelines are processing events correctly
- Transformation Testing: Verify that your data transformations produce the expected output
- Alert Testing: Test downstream detection rules and alerts
- Demo Environments: Create realistic data for demonstration environments
- Training: Provide sample data for training security analysts
Requirements
The Event Generator connector doesn't require any external credentials or API keys, making it a straightforward plug-and-play connector.
Configuration
The following configuration defines the input parameters for the Event Generator.
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Record Type | string | Yes | The type of record to generate. Must be one of the available template types (see list below). |
| Rate | integer | Yes | The rate at which to generate records (between 1 and 1000 per second). |
Secrets
None required.
Available Record Types
The Event Generator supports creating synthetic data for the following data sources:
| Record Type | Description |
|---|---|
| aws_securityhub_findings | AWS Security Hub vulnerability findings |
| box_events | Box file sharing activity events |
| box_users | Box user management events |
| cloudtrail | AWS CloudTrail audit logs |
| crowdstrike_detect_summaries | Crowdstrike EDR detection events |
| crowdstrike_event_stream | Crowdstrike endpoint security events |
| crowdstrike_falcon_data_replicator | Crowdstrike FDR events |
| duo_security_admin_logs | Duo Security admin activity logs |
| github_audit_logs | GitHub audit and security events |
| google_cloud_logs | Google Cloud Platform logs |
| google_workspace_admin_activity | Google Workspace admin events |
| google_workspace_login_activity | Google Workspace user login events |
| microsoft_azure_activity_logs | Microsoft Azure activity logs |
| microsoft_entra_id | Microsoft Entra ID (formerly Azure AD) events |
| microsoft_log_analytics_query | Microsoft Sentinel log analytics events |
| monad_logs_api | Monad API logs |
| monad_logs_pipeline | Monad pipeline execution logs |
| okta_system_log | Okta authentication and user management events |
| okta_users | Okta user information |
| slack_users | Slack user information |
| snowflake_users | Snowflake user information |
| tenable_assets | Tenable asset discovery data |
| tenable_vulnerability | Tenable vulnerability scan findings |
And many more. The full list contains over 50 different event types.
Implementation Details
The Event Generator uses pre-defined templates to create realistic synthetic data. Each template is based on the actual data structure of the corresponding service's API or logs.
The generator:
- Takes a specified record type and rate as input
- Loads the corresponding template for that record type
- Generates random but valid data following the template structure
- Emits events at the specified rate to your data pipeline
This allows for continuous generation of test data without requiring any external connections.
Example Configuration
Code
This configuration will generate 10 synthetic Okta system log events per second.