From c936c1cfb63ed289f5533a6f582c8fe28c798217 Mon Sep 17 00:00:00 2001 From: Thibault Koechlin Date: Mon, 18 Nov 2024 10:57:44 +0100 Subject: [PATCH 1/4] add alert context for appsec/waf --- contexts/crowdsecurity/appsec_base.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/contexts/crowdsecurity/appsec_base.yaml b/contexts/crowdsecurity/appsec_base.yaml index 85bc472269d..c8163938428 100644 --- a/contexts/crowdsecurity/appsec_base.yaml +++ b/contexts/crowdsecurity/appsec_base.yaml @@ -3,3 +3,15 @@ context: - evt.Meta.rule_name target_uri: - evt.Meta.target_uri + id: + - match.id + name: + - match.name + method: + - match.method + uri: + - match.uri + matched_zones: + - match.matched_zones + msg: + - match.msg From 6f339a7af1c1eaa15c28b16737386add551b51f7 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 18 Nov 2024 09:58:31 +0000 Subject: [PATCH 2/4] Update index --- .index.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.index.json b/.index.json index e3b13bcd0ea..2826073c847 100644 --- a/.index.json +++ b/.index.json @@ -6229,7 +6229,7 @@ "contexts": { "crowdsecurity/appsec_base": { "path": "contexts/crowdsecurity/appsec_base.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "df177378b9b01c6c8b67ff5085eda9325c67b337e31d60c4ea95f743783a5e24", @@ -6238,9 +6238,13 @@ "0.2": { "digest": "c6df9994a6e82165afa99df96993af81e12d6740e57a8955b96a0bc0a428e2aa", "deprecated": false + }, + "0.3": { + "digest": "0d7cb4a7b264644894ea555ddba401c780152b72ef62e7cd99610114cfa0fd3b", + "deprecated": false } }, - "content": "Y29udGV4dDoKICBydWxlczoKICAgIC0gZXZ0Lk1ldGEucnVsZV9uYW1lCiAgdGFyZ2V0X3VyaToKICAgIC0gZXZ0Lk1ldGEudGFyZ2V0X3VyaQo=", + "content": "Y29udGV4dDoKICBydWxlczoKICAgIC0gZXZ0Lk1ldGEucnVsZV9uYW1lCiAgdGFyZ2V0X3VyaToKICAgIC0gZXZ0Lk1ldGEudGFyZ2V0X3VyaQogIGlkOgogICAtIG1hdGNoLmlkCiAgbmFtZToKICAgLSBtYXRjaC5uYW1lCiAgbWV0aG9kOgogICAtIG1hdGNoLm1ldGhvZAogIHVyaToKICAgLSBtYXRjaC51cmkKICBtYXRjaGVkX3pvbmVzOgogICAtIG1hdGNoLm1hdGNoZWRfem9uZXMKICBtc2c6CiAgIC0gbWF0Y2gubXNnCg==", "author": "crowdsecurity", "labels": null }, From 1f07257a2cc47d3be4ed747e830eb754dbf2967c Mon Sep 17 00:00:00 2001 From: Thibault Koechlin Date: Mon, 18 Nov 2024 13:55:37 +0100 Subject: [PATCH 3/4] target_uri --- contexts/crowdsecurity/appsec_base.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contexts/crowdsecurity/appsec_base.yaml b/contexts/crowdsecurity/appsec_base.yaml index c8163938428..f1edbeb1f0e 100644 --- a/contexts/crowdsecurity/appsec_base.yaml +++ b/contexts/crowdsecurity/appsec_base.yaml @@ -3,14 +3,13 @@ context: - evt.Meta.rule_name target_uri: - evt.Meta.target_uri + - match.uri id: - match.id name: - match.name method: - match.method - uri: - - match.uri matched_zones: - match.matched_zones msg: From 0319c77430424b35a9d6db2b593a6aad099b3873 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 18 Nov 2024 12:58:56 +0000 Subject: [PATCH 4/4] Update index --- .index.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.index.json b/.index.json index 2826073c847..56e143402f0 100644 --- a/.index.json +++ b/.index.json @@ -6229,7 +6229,7 @@ "contexts": { "crowdsecurity/appsec_base": { "path": "contexts/crowdsecurity/appsec_base.yaml", - "version": "0.3", + "version": "0.4", "versions": { "0.1": { "digest": "df177378b9b01c6c8b67ff5085eda9325c67b337e31d60c4ea95f743783a5e24", @@ -6242,9 +6242,13 @@ "0.3": { "digest": "0d7cb4a7b264644894ea555ddba401c780152b72ef62e7cd99610114cfa0fd3b", "deprecated": false + }, + "0.4": { + "digest": "9523c172a9aebbb4422d9cd39eb4ad89221053e522223f7c65ba0bf92f8fa8ff", + "deprecated": false } }, - "content": "Y29udGV4dDoKICBydWxlczoKICAgIC0gZXZ0Lk1ldGEucnVsZV9uYW1lCiAgdGFyZ2V0X3VyaToKICAgIC0gZXZ0Lk1ldGEudGFyZ2V0X3VyaQogIGlkOgogICAtIG1hdGNoLmlkCiAgbmFtZToKICAgLSBtYXRjaC5uYW1lCiAgbWV0aG9kOgogICAtIG1hdGNoLm1ldGhvZAogIHVyaToKICAgLSBtYXRjaC51cmkKICBtYXRjaGVkX3pvbmVzOgogICAtIG1hdGNoLm1hdGNoZWRfem9uZXMKICBtc2c6CiAgIC0gbWF0Y2gubXNnCg==", + "content": "Y29udGV4dDoKICBydWxlczoKICAgIC0gZXZ0Lk1ldGEucnVsZV9uYW1lCiAgdGFyZ2V0X3VyaToKICAgIC0gZXZ0Lk1ldGEudGFyZ2V0X3VyaQogICAgLSBtYXRjaC51cmkKICBpZDoKICAgLSBtYXRjaC5pZAogIG5hbWU6CiAgIC0gbWF0Y2gubmFtZQogIG1ldGhvZDoKICAgLSBtYXRjaC5tZXRob2QKICBtYXRjaGVkX3pvbmVzOgogICAtIG1hdGNoLm1hdGNoZWRfem9uZXMKICBtc2c6CiAgIC0gbWF0Y2gubXNnCg==", "author": "crowdsecurity", "labels": null },