alteredCoder
e0bd4dc928
fix linter
2023-08-24 12:11:54 +02:00
bui
4846701ed5
logging
2023-08-21 15:34:18 +02:00
mmetc
cd9d8f309d
CI: increase test sleep to fix flaky acquisition/file test under win ( #2410 )
...
* CI: increase test sleep to attempt fix for flaky windows acquitition/file test
* wip
2023-08-08 16:11:32 +02:00
Sebastien Blot
a4ee1e717e
try re2 for @rx operator
2023-08-02 11:47:35 +02:00
alteredCoder
885c283097
remove debug
2023-08-01 10:58:36 +02:00
alteredCoder
cbf06c25fb
fix outofband evt generation
2023-08-01 10:34:43 +02:00
alteredCoder
353926ec91
add debug
2023-07-31 18:47:54 +02:00
alteredCoder
4332598cd1
add debug
2023-07-31 18:44:32 +02:00
alteredCoder
da37b5566d
update
2023-07-31 18:35:35 +02:00
Sebastien Blot
711f0474d9
merge from master
2023-07-31 17:05:25 +02:00
Sebastien Blot
dd83bdea6b
revert previous bad merge
2023-07-31 17:00:06 +02:00
alteredCoder
fc8a0ee9d4
update
2023-07-31 15:06:42 +02:00
bui
4a38cb5bbb
logging
2023-07-31 14:47:48 +02:00
bui
e4e2bb5504
switch to properly compiled regexp to be able to bail out early
2023-07-31 14:45:21 +02:00
bui
a7cd86f725
allow to select what variables shouldd be tracked
2023-07-31 12:15:04 +02:00
mmetc
ffadd42779
update dependency on go-cs-lib; drop the pkg/ part ( #2393 )
2023-07-28 16:35:08 +02:00
Sebastien Blot
dd5e38a2c5
expose internal coraza vars in evt.Waap
2023-07-27 10:01:56 +02:00
Sebastien Blot
2f5a6fbb4f
wip
2023-07-27 09:22:26 +02:00
Sebastien Blot
792961d757
wip
2023-07-27 09:22:26 +02:00
Sebastien Blot
01ced8fb99
merge
2023-07-27 09:22:26 +02:00
alteredCoder
4993758b36
handle missing headers
2023-07-26 12:47:16 +02:00
bui
54fd2e4e70
fixed
2023-07-20 16:47:07 +02:00
alteredCoder
779ea2e262
fix
2023-07-19 18:19:14 +02:00
alteredCoder
472f40b9d4
fix
2023-07-19 18:18:24 +02:00
alteredCoder
ab2c152627
reduce verbosity
2023-07-19 14:39:57 +02:00
alteredCoder
7d8c931d00
add loggers
2023-07-19 14:35:02 +02:00
alteredCoder
8ba692b115
debug
2023-07-19 12:02:38 +02:00
alteredCoder
cd5cb55a7e
debug
2023-07-19 11:57:14 +02:00
alteredCoder
d946286e5c
remove spew
2023-07-19 11:50:42 +02:00
alteredCoder
e543523ba3
update ban remediation
2023-07-19 10:34:22 +02:00
bui
f7eaefa518
up
2023-07-18 18:12:17 +02:00
Sebastien Blot
ef4fe8f5d3
merge
2023-07-13 16:22:21 +02:00
blotus
57547c32c9
Aggregate WAF rules into a single event ( #2350 )
2023-07-13 16:20:04 +02:00
bui
a6ba0e869c
imp logging
2023-07-11 09:29:17 +02:00
bui
8baeb70998
add metrics
2023-07-10 18:00:19 +02:00
blotus
f9ca14f010
add object key in src for S3 acquis ( #2342 )
2023-07-07 10:09:18 +02:00
blotus
1295de928a
Properly match new files on windows when doing file acquisition ( #2329 )
2023-07-06 14:45:38 +02:00
alteredCoder
84b6570554
Revert "Merge remote-tracking branch 'origin' into coraza_poc_acquis"
...
This reverts commit 7098e971c7
, reversing
changes made to 13512891e4
.
2023-07-04 18:46:20 +02:00
alteredCoder
7098e971c7
Merge remote-tracking branch 'origin' into coraza_poc_acquis
2023-07-04 17:42:39 +02:00
alteredCoder
13512891e4
add waf_routines
2023-07-04 17:36:56 +02:00
mmetc
bd41f855cf
errors.Wrap -> fmt.Errorf ( #2317 )
2023-06-29 11:34:59 +02:00
mmetc
9beb5388cb
errors.Wrap -> fmt.Errorf; clean up imports ( #2301 )
2023-06-23 14:04:58 +02:00
mmetc
8bfeb7d90d
Update go dependencies ( #2293 )
...
- update fatih/color (fix windows issue)
- update mongo-driver (fix build issue)
- go.mod: merge two "require" blocks
- update semver dependency (same version as indirect dep), fix test checks in cscli setup
- remove gotest.tools dependency (use testify, cstest)
- update x/ exp, mod, sys dependencies
2023-06-22 11:31:41 +02:00
Sebastien Blot
3fe6e3be14
check for interruption and ignore empty messages
2023-06-16 16:52:01 +02:00
alteredCoder
877d4fc32d
update
2023-06-16 14:23:53 +02:00
alteredCoder
07b60233db
update waf
2023-06-16 12:19:44 +02:00
Sebastien Blot
9180ac7be9
wip
2023-06-15 22:51:57 +02:00
Sebastien Blot
805752dc62
wip
2023-06-13 17:08:48 +02:00
alteredCoder
40f65de7b9
optim
2023-06-13 16:31:30 +02:00
alteredCoder
fa172bed56
up
2023-06-13 15:41:32 +02:00
Sebastien Blot
a2e6359880
merge
2023-06-09 13:01:58 +02:00
Sebastien Blot
c46e2ccdad
up
2023-06-09 13:00:43 +02:00
alteredCoder
61e1cc29d5
update
2023-06-08 17:45:21 +02:00
Sebastien Blot
415e2dc68d
merge
2023-06-08 11:22:16 +02:00
bui
739d086325
up
2023-06-07 14:12:42 +02:00
bui
30455a8eb6
progress
2023-06-07 13:45:36 +02:00
bui
d123254949
wip
2023-06-06 18:28:06 +02:00
Thibault "bui" Koechlin
ee8b31348b
Merge branch 'master' into coraza_poc_acquis
2023-06-06 18:23:59 +02:00
Sebastien Blot
4a7e26af02
wip
2023-06-05 19:33:03 +02:00
Sebastien Blot
a7d80aacd6
merge coraza poc branch
2023-06-05 14:37:39 +02:00
Sebastien Blot
7078d79ce4
merge
2023-06-05 14:30:14 +02:00
Sebastien Blot
65884fb4be
wip
2023-06-05 14:22:35 +02:00
bui
44a5c81199
readme
2023-06-01 11:53:12 +02:00
bui
6d3b2b354b
up
2023-05-29 14:03:10 +02:00
mmetc
b2d3520519
decouple bouncer dependencies: use go-cs-lib in test code ( #2229 )
2023-05-25 15:37:44 +02:00
mmetc
025f14f879
merge system cert pool with own certs ( #2226 )
2023-05-25 10:10:58 +02:00
mmetc
534328ca30
decouple bouncer dependencies: use go-cs-lib/pkg/* ( #2216 )
...
* decouple bouncer dependencies: use go-cs-lib/pkg/trace
* decouple bouncer dependencies: use go-cs-lib/pkg/version
* decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch
* decouple bouncer dependencies: use go-cs-lib/pkg/csstring
* unused import
2023-05-23 10:52:47 +02:00
blotus
2701454f23
defaults to inotify to detect changes in file datasource to avoid too many call to stat() ( #2181 )
2023-05-09 10:03:55 +02:00
bui
cacdcd75b6
use fork
2023-05-04 11:05:41 +02:00
bui
53c73a5e05
up
2023-05-04 10:26:04 +02:00
Sebastien Blot
d335e74c81
wip
2023-05-03 16:35:28 +02:00
blotus
0279e549bd
check if the acquis tomb is dying while processing logs in replay mode for file/s3/docker ( #2152 )
2023-04-04 13:57:06 +02:00
Sebastien Blot
1d9891a244
wip
2023-04-04 11:49:00 +02:00
mmetc
3132aa54b7
Properly load k8s audit configuration ( #2158 )
2023-04-03 21:55:31 +02:00
mmetc
3fa555fb25
Rename k8s_audit to k8s-audit (easier to type, consistent with labels) ( #2153 )
2023-04-03 09:53:38 +02:00
blotus
61bea26486
Add transform
configuration option for acquisition ( #2144 )
2023-03-29 16:04:17 +02:00
blotus
1095f6c875
use expr.Function for custom functions instead of passing them in the env ( #2133 )
2023-03-28 10:49:01 +02:00
mmetc
d769fff1e8
File acquisition: log "file reopen" events instead of writing to stderr ( #2139 )
2023-03-24 11:24:36 +01:00
blotus
dc38e5ac00
S3 acquisition datasource ( #2130 )
2023-03-21 13:54:52 +01:00
Thibault "bui" Koechlin
618be9ff68
properly update the time structure within event ( #2122 )
...
* properly update the time structure within event to ensure it works in time-machine
* move LIVE and TIMEMACHINE to pkg/types : less code needs to import leakybucket package, and we avoid duplicating constants
2023-03-16 16:25:50 +01:00
Manuel Sabban
b451d190b7
try to make reproducible build work ( #2119 )
...
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2023-03-13 17:26:33 +01:00
mmetc
e161507d08
Lint (type inference): remove redundant type declarations ( #2111 )
2023-03-09 11:56:02 +01:00
mmetc
ba4396e52c
fix flaky parser unit test ( #1985 )
2023-01-12 17:03:25 +01:00
mmetc
2d81e751a1
fix parser test 2k23 ( #1971 )
2023-01-04 15:46:16 +01:00
blotus
fdda940ac0
Add Kubernetes audit acquisition ( #1767 )
2022-12-06 13:47:29 +01:00
mmetc
4a6a9c4355
acquisition: validate datasources before configuration (static checks) ( #1841 )
...
* acquisition: validate datasources before configuration (allow static configuration checks)
* remove comment
* import reviser, format
* error wrap
2022-11-30 17:36:56 +01:00
mmetc
104f5d1fe6
lint: error handling cleanup ( #1877 )
2022-11-29 09:16:07 +01:00
mmetc
895691dad1
enabled linters: gocritic, nilerr ( #1853 )
2022-11-07 10:36:50 +01:00
mmetc
02d2eab18c
update golangci-lint to 1.50 and fixes ( #1828 )
2022-10-26 15:11:37 +02:00
mmetc
2088bb1f91
fix for #1839 ( #1840 )
2022-10-26 11:02:12 +02:00
mmetc
1d9f861f28
unit tests: always capture testcase variable -> allow parallel testing ( #1797 )
2022-10-10 10:48:26 +02:00
Manuel Sabban
83841d801c
fork dlog to ease debian packaging on official repos ( #1790 )
...
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2022-10-06 13:40:31 +02:00
Shivam Sandbhor
65c0b9ebcf
Simplify one shot tests ( #1786 )
2022-10-06 11:57:26 +02:00
Shivam Sandbhor
b203b3f444
Fix flakey test in file_tests ( #1783 )
...
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2022-10-05 16:40:09 +02:00
mmetc
6120571421
fix & cleanup cloudwatch_test.go ( #1780 )
2022-10-04 09:48:59 +02:00
mmetc
edced6818a
cleanup + fix flaky tests in file_test.go, apic_test.go ( #1773 )
2022-09-30 16:01:42 +02:00
blotus
bfbe180101
Tighten windows sqlite database permissions ( #1769 )
2022-09-28 16:18:00 +02:00
Laurence Jones
21e5b0d6d0
Improvement: Docker one shot error message ( #1666 )
...
* In one shot, user would only specify one container?
2022-09-27 16:20:30 +02:00
Thibault "bui" Koechlin
9d199fd4a9
fix #1733 : add support for exclusion regexps ( #1735 )
...
* allow to specify a list of regular expressions to skip some specific files
2022-09-06 14:58:37 +02:00
mmetc
414282a2c9
golangci-lint 1.49 and related fixes ( #1736 )
2022-09-06 13:55:03 +02:00