Skip to content

Commit

Permalink
fix(parsers/openappsec): update real sourceIP field (#1181)
Browse files Browse the repository at this point in the history 
* fix(parsers/openappsec): update real sourceIP field
  • Loading branch information
@he2ss
he2ss authored Nov 29, 2024
1 parent 3ed05ea commit a2d5f2e
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
8 changes: 6 additions & 2 deletions .index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9574,15 +9574,19 @@
"openappsec/openappsec-logs": {
"path": "parsers/s01-parse/openappsec/openappsec-logs.yaml",
"stage": "s01-parse",
"version": "0.1",
"version": "0.2",
"versions": {
"0.1": {
"digest": "9d3a2398563eddd828a5503aebdcfaf12d895f65fe2f6d75b121d9f87fd52f1f",
"deprecated": false
},
"0.2": {
"digest": "b2dc1c54de5ac8185e8ac4ee319ff44f325ff19b638aa76037d11c9eb2e7aa07",
"deprecated": false
}
},
"long_description": "QSBwYXJzZXIgZm9yIFtvcGVuLWFwcHNlY10oaHR0cHM6Ly93d3cub3BlbmFwcHNlYy5pby8pIHdhZiBsb2dzLiBJdCBzdXBwb3J0cyBsb2dzIGZyb20gdGhlIHByZXZlbnRpb24gYWN0aW9uLg==",
"content": "bmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBvcGVuYXBwc2VjIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnb3BlbmFwcHNlYycgJiYgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnZXZlbnRBdWRpZW5jZScpID09ICdTZWN1cml0eScgJiYgTG93ZXIoSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnZXZlbnRTZXZlcml0eScpKSBpbiBbJ2NyaXRpY2FsJywgJ2hpZ2gnXSAmJiBMb3dlcihKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdldmVudERhdGEucHJhY3RpY2VTdWJUeXBlJykpIGluIFsnd2ViIGFwcGxpY2F0aW9uJywnd2ViIGFwaSddIiAgCmRlYnVnOiBmYWxzZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBvcGVuYXBwc2VjCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG9wZW5hcHBzZWNfc2VjdXJpdHlfbG9nCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lRm9ybWF0CiAgICB2YWx1ZTogIjIwMDYtMDEtMDJUMTU6MDQ6MDUiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFRpbWUiKQogIC0gbWV0YTogZXZlbnRfbmFtZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnROYW1lIikKICAtIG1ldGE6IGV2ZW50X3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFNldmVyaXR5IikKICAtIG1ldGE6IGV2ZW50X3ByaW9yaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFByaW9yaXR5IikKICAtIG1ldGE6IGV2ZW50X2F1ZGllbmNlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudEF1ZGllbmNlIikKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnREYXRhLnNvdXJjZUlQIikKICAtIG1ldGE6IGV2ZW50X2NvbmZpZGVuY2UKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS5ldmVudENvbmZpZGVuY2UiKQogIC0gbWV0YTogc2VjdXJpdHlfYWN0aW9uCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEuc2VjdXJpdHlBY3Rpb24iKQogIC0gbWV0YTogc291cmNlX2lkZW50aWZpZXIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS5odHRwU291cmNlSWQiKQogIC0gbWV0YTogbWF0Y2hlZF9zYW1wbGUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS5tYXRjaGVkU2FtcGxlIikKICAtIG1ldGE6IG1hdGNoZWRfcGFyYW1ldGVyCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEubWF0Y2hlZFBhcmFtZXRlciIpCiAgLSBtZXRhOiBtYXRjaGVkX2xvY2F0aW9uCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEubWF0Y2hlZExvY2F0aW9uIikKICAtIG1ldGE6IGluY2lkZW50X3R5cGUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS53YWFwSW5jaWRlbnRUeXBlIik=",
"content": "bmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBvcGVuYXBwc2VjIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnb3BlbmFwcHNlYycgJiYgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnZXZlbnRBdWRpZW5jZScpID09ICdTZWN1cml0eScgJiYgTG93ZXIoSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnZXZlbnRTZXZlcml0eScpKSBpbiBbJ2NyaXRpY2FsJywgJ2hpZ2gnXSAmJiBMb3dlcihKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdldmVudERhdGEucHJhY3RpY2VTdWJUeXBlJykpIGluIFsnd2ViIGFwcGxpY2F0aW9uJywnd2ViIGFwaSddIiAgCmRlYnVnOiBmYWxzZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBvcGVuYXBwc2VjCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG9wZW5hcHBzZWNfc2VjdXJpdHlfbG9nCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lRm9ybWF0CiAgICB2YWx1ZTogIjIwMDYtMDEtMDJUMTU6MDQ6MDUiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFRpbWUiKQogIC0gbWV0YTogZXZlbnRfbmFtZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnROYW1lIikKICAtIG1ldGE6IGV2ZW50X3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFNldmVyaXR5IikKICAtIG1ldGE6IGV2ZW50X3ByaW9yaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFByaW9yaXR5IikKICAtIG1ldGE6IGV2ZW50X2F1ZGllbmNlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudEF1ZGllbmNlIikKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnREYXRhLmh0dHBTb3VyY2VJZCIpCiAgLSBtZXRhOiBldmVudF9jb25maWRlbmNlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEuZXZlbnRDb25maWRlbmNlIikKICAtIG1ldGE6IHNlY3VyaXR5X2FjdGlvbgogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnREYXRhLnNlY3VyaXR5QWN0aW9uIikKICAtIG1ldGE6IHNvdXJjZV9pZGVudGlmaWVyCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEuaHR0cFNvdXJjZUlkIikKICAtIG1ldGE6IG1hdGNoZWRfc2FtcGxlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEubWF0Y2hlZFNhbXBsZSIpCiAgLSBtZXRhOiBtYXRjaGVkX3BhcmFtZXRlcgogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnREYXRhLm1hdGNoZWRQYXJhbWV0ZXIiKQogIC0gbWV0YTogbWF0Y2hlZF9sb2NhdGlvbgogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnREYXRhLm1hdGNoZWRMb2NhdGlvbiIpCiAgLSBtZXRhOiBpbmNpZGVudF90eXBlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEud2FhcEluY2lkZW50VHlwZSIp",
"description": "Parse openappsec logs",
"author": "openappsec",
"labels": null
Expand Down
2 changes: 1 addition & 1 deletion parsers/s01-parse/openappsec/openappsec-logs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ statics:
- meta: event_audience
expression: JsonExtract(evt.Parsed.message, "eventAudience")
- meta: source_ip
expression: JsonExtract(evt.Parsed.message, "eventData.sourceIP")
expression: JsonExtract(evt.Parsed.message, "eventData.httpSourceId")
- meta: event_confidence
expression: JsonExtract(evt.Parsed.message, "eventData.eventConfidence")
- meta: security_action
Expand Down

0 comments on commit a2d5f2e

Please sign in to comment.