lower debug here, fix logging there

2023-12-06 10:48:03 +01:00 · 2023-12-06 10:48:03 +01:00 · dce1f3cd8c
parent 00d899ee8e
commit dce1f3cd8c
2 changed files with 11 additions and 11 deletions
--- a/pkg/acquisition/modules/appsec/appsec_runner.go
+++ b/pkg/acquisition/modules/appsec/appsec_runner.go
@ -197,7 +197,7 @@ func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error {
 }

 func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
-	r.logger.Infof("Processing out of band rules")
+	r.logger.Debugf("Processing out of band rules")
 	tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
 	r.AppsecRuntime.OutOfBandTx = tx
 	err := r.processRequest(tx, request)
--- a/pkg/acquisition/modules/appsec/utils.go
+++ b/pkg/acquisition/modules/appsec/utils.go
@ -53,16 +53,16 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
 	alert.EventsCount = ptr.Of(int32(1))
 	alert.Labels = []string{"appsec"} //don't know what to do about this
 	alert.Leakspeed = ptr.Of("")
-	msg := fmt.Sprintf("Application Security Engine alert: %s", inEvt.Appsec.MatchedRules.GetName())
-	alert.Message = &msg
 	alert.Scenario = ptr.Of(inEvt.Appsec.MatchedRules.GetName())
 	alert.ScenarioHash = ptr.Of(inEvt.Appsec.MatchedRules.GetHash())
 	alert.ScenarioVersion = ptr.Of(inEvt.Appsec.MatchedRules.GetVersion())
 	alert.Simulated = ptr.Of(false)
 	alert.Source = &source
+	msg := fmt.Sprintf("AppSec block: %s from %s (%s)", inEvt.Appsec.MatchedRules.GetName(),
+		alert.Source.IP, inEvt.Parsed["remediation_cmpt_ip"])
+	alert.Message = &msg
 	alert.StartAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
 	alert.StopAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
-
 	evt.Overflow.APIAlerts = []models.Alert{alert}
 	evt.Overflow.Alert = &alert
 	return &evt, nil
@ -76,13 +76,13 @@ func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.
 	//def needs fixing
 	evt.Stage = "s00-raw"
 	evt.Parsed = map[string]string{
-		"source_ip":   r.ClientIP,
-		"target_host": r.Host,
-		"target_uri":  r.URI,
-		"method":      r.Method,
-		"req_uuid":    r.Tx.ID(),
-		"source":      "crowdsec-appsec",
-
+		"source_ip":           r.ClientIP,
+		"target_host":         r.Host,
+		"target_uri":          r.URI,
+		"method":              r.Method,
+		"req_uuid":            r.Tx.ID(),
+		"source":              "crowdsec-appsec",
+		"remediation_cmpt_ip": r.RemoteAddrNormalized,
 		//TBD:
 		//http_status
 		//user_agent