lower debug here, fix logging there
This commit is contained in:
parent
00d899ee8e
commit
dce1f3cd8c
|
@ -197,7 +197,7 @@ func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
|
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
|
||||||
r.logger.Infof("Processing out of band rules")
|
r.logger.Debugf("Processing out of band rules")
|
||||||
tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
|
tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
|
||||||
r.AppsecRuntime.OutOfBandTx = tx
|
r.AppsecRuntime.OutOfBandTx = tx
|
||||||
err := r.processRequest(tx, request)
|
err := r.processRequest(tx, request)
|
||||||
|
|
|
@ -53,16 +53,16 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
|
||||||
alert.EventsCount = ptr.Of(int32(1))
|
alert.EventsCount = ptr.Of(int32(1))
|
||||||
alert.Labels = []string{"appsec"} //don't know what to do about this
|
alert.Labels = []string{"appsec"} //don't know what to do about this
|
||||||
alert.Leakspeed = ptr.Of("")
|
alert.Leakspeed = ptr.Of("")
|
||||||
msg := fmt.Sprintf("Application Security Engine alert: %s", inEvt.Appsec.MatchedRules.GetName())
|
|
||||||
alert.Message = &msg
|
|
||||||
alert.Scenario = ptr.Of(inEvt.Appsec.MatchedRules.GetName())
|
alert.Scenario = ptr.Of(inEvt.Appsec.MatchedRules.GetName())
|
||||||
alert.ScenarioHash = ptr.Of(inEvt.Appsec.MatchedRules.GetHash())
|
alert.ScenarioHash = ptr.Of(inEvt.Appsec.MatchedRules.GetHash())
|
||||||
alert.ScenarioVersion = ptr.Of(inEvt.Appsec.MatchedRules.GetVersion())
|
alert.ScenarioVersion = ptr.Of(inEvt.Appsec.MatchedRules.GetVersion())
|
||||||
alert.Simulated = ptr.Of(false)
|
alert.Simulated = ptr.Of(false)
|
||||||
alert.Source = &source
|
alert.Source = &source
|
||||||
|
msg := fmt.Sprintf("AppSec block: %s from %s (%s)", inEvt.Appsec.MatchedRules.GetName(),
|
||||||
|
alert.Source.IP, inEvt.Parsed["remediation_cmpt_ip"])
|
||||||
|
alert.Message = &msg
|
||||||
alert.StartAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
|
alert.StartAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
|
||||||
alert.StopAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
|
alert.StopAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
|
||||||
|
|
||||||
evt.Overflow.APIAlerts = []models.Alert{alert}
|
evt.Overflow.APIAlerts = []models.Alert{alert}
|
||||||
evt.Overflow.Alert = &alert
|
evt.Overflow.Alert = &alert
|
||||||
return &evt, nil
|
return &evt, nil
|
||||||
|
@ -76,13 +76,13 @@ func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.
|
||||||
//def needs fixing
|
//def needs fixing
|
||||||
evt.Stage = "s00-raw"
|
evt.Stage = "s00-raw"
|
||||||
evt.Parsed = map[string]string{
|
evt.Parsed = map[string]string{
|
||||||
"source_ip": r.ClientIP,
|
"source_ip": r.ClientIP,
|
||||||
"target_host": r.Host,
|
"target_host": r.Host,
|
||||||
"target_uri": r.URI,
|
"target_uri": r.URI,
|
||||||
"method": r.Method,
|
"method": r.Method,
|
||||||
"req_uuid": r.Tx.ID(),
|
"req_uuid": r.Tx.ID(),
|
||||||
"source": "crowdsec-appsec",
|
"source": "crowdsec-appsec",
|
||||||
|
"remediation_cmpt_ip": r.RemoteAddrNormalized,
|
||||||
//TBD:
|
//TBD:
|
||||||
//http_status
|
//http_status
|
||||||
//user_agent
|
//user_agent
|
||||||
|
|
Loading…
Reference in a new issue