crowdsec/pkg/parser/tests/reverse-dns-enrich/base-grok.yaml

#filter: "evt.Overflow.Labels.remediation == 'true'"
name: tests/rdns
description: "Lookup the DNS assiocated to the source IP only for overflows"
statics:
  - method: reverse_dns
    expression: evt.Enriched.IpToResolve
  - meta: did_dns_succeeded
    expression: 'evt.Enriched.reverse_dns == "" ? "no" : "yes"'
initial import 2020-05-15 09:39:16 +00:00			`#filter: "evt.Overflow.Labels.remediation == 'true'"`
			`name: tests/rdns`
			`description: "Lookup the DNS assiocated to the source IP only for overflows"`
			`statics:`
			`- method: reverse_dns`
			`expression: evt.Enriched.IpToResolve`
			`- meta: did_dns_succeeded`
			`expression: 'evt.Enriched.reverse_dns == "" ? "no" : "yes"'`