Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alert context nids : suricata #974

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Alert context nids : suricata #974

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
813826a
add generic context for NIDS : signature and category
buixor Feb 15, 2024
dc01585
add context to suricata collection
buixor Feb 15, 2024
75de6e0
ensure we have signature and category fields for suricata logs + upda…
buixor Feb 15, 2024
41fa69b
Update index
actions-user Feb 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 28 additions & 4 deletions .index.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3525,15 +3525,19 @@
},
"crowdsecurity/suricata": {
"path": "collections/crowdsecurity/suricata.yaml",
"version": "0.1",
"version": "0.2",
"versions": {
"0.1": {
"digest": "6f5d4ed7c676be6082af86c8ff771a063808a5970cb56edb9c8161c9b8390466",
"deprecated": false
},
"0.2": {
"digest": "2a3c6adb7a3521d7b0e27d463e89b8e7c61ff4e539d8b01b2df36ca9c7b7fd28",
"deprecated": false
}
},
"long_description": "IyMgU3VyaWNhdGEgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciB0aGUgW1N1cmljYXRhXShodHRwczovL3N1cmljYXRhLmlvLykgSURTL0lQUy4KVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIDoKIC0gUGFyc2VycyBmb3IgU3VyaWNhdGEgbG9ncyAoYm90aCBgZmFzdC5sb2dgIGFuZCBgZXZlLmpzb25gIGZvcm1hdHMpCiAtIFNjZW5hcmlvcyBmb3IgU3VyaWNhdGEgYWxlcnRzIDoKICAgLSB0cmlnZ2VyIGJhbiBvbiAqTWFqb3IqIChzZXZlcml0eToxKSBydWxlcwogICAtIHRyaWdnZXIgYmFuIG9uID4yICoqZGlzdGluY3QqKiBydWxlcyBvZiBzZXZlcml0eSAyCgoKTm90ZTogVGVzdGVkIHdpdGggU3VyaWNhdGEgNgoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZTogL3Zhci9sb2cvc3VyaWNhdGEvZXZlLmpzb24KbGFiZWxzOgogIHR5cGU6IHN1cmljYXRhLWV2ZWxvZ3MKYGBgCgoqKm9yKioKCmBgYHlhbWwKZmlsZW5hbWU6IC92YXIvbG9nL3N1cmljYXRhL2Zhc3QubG9nCmxhYmVsczoKICB0eXBlOiBzdXJpY2F0YS1mYXN0bG9ncwpgYGAKCm5vdGVzIDoKIC0gVXNpbmcgYm90aCBhY3F1aXNpdGlvbnMgc2ltdWx0YW5lb3VzbHkgd2lsbCBsZWFkIHRvIGRvdWJsZSBkZWNpc2lvbnMgb3IgdW5wcmVkaWN0YWJsZSBiZWhhdmlvci4gYGV2ZS5qc29uYCBzaG91bGQgYmUgcHJlZmVycmVkLgogLSBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=",
"content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWFsZXJ0cwpkZXNjcmlwdGlvbjogInN1cmljYXRhIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGF1dG9tYXRpYyByZW1lZGlhdGlvbiBvbiBoaWdoL21ham9yIGFsZXJ0cyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3VyaWNhdGEKICAtIElEUwoK",
"content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWFsZXJ0cwpkZXNjcmlwdGlvbjogInN1cmljYXRhIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGF1dG9tYXRpYyByZW1lZGlhdGlvbiBvbiBoaWdoL21ham9yIGFsZXJ0cyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9uaWRzX2Jhc2UKdGFnczoKICAtIGxpbnV4CiAgLSBzdXJpY2F0YQogIC0gSURTCg==",
"description": "suricata support : parser and automatic remediation on high/major alerts",
"author": "crowdsecurity",
"labels": null,
Expand All @@ -3542,6 +3546,9 @@
],
"scenarios": [
"crowdsecurity/suricata-alerts"
],
"contexts": [
"crowdsecurity/nids_base"
]
},
"crowdsecurity/synology-dsm": {
Expand Down Expand Up @@ -4490,6 +4497,19 @@
"content": "I3RoaXMgY29udGV4dCBmaWxlIGlzIGludGVuZGVkIHRvIHByb3ZpZGUgbWluaW1hbCBhbmQgdXNlZnVsIGluZm9ybWF0aW9uIGFib3V0IEhUVFAgc2NlbmFyaW9zLgpjb250ZXh0OgogIHRhcmdldF91cmk6CiAgLSBldnQuTWV0YS5odHRwX3BhdGgKICB1c2VyX2FnZW50OgogIC0gZXZ0Lk1ldGEuaHR0cF91c2VyX2FnZW50CiAgbWV0aG9kOgogIC0gZXZ0Lk1ldGEuaHR0cF92ZXJiCiAgc3RhdHVzOgogICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cwo=",
"author": "crowdsecurity",
"labels": null
},
"crowdsecurity/nids_base": {
"path": "contexts/crowdsecurity/nids_base.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "9830156d56da2f4cb655cbb3f192e7f87298b34e3972666d49008ca82bfeef81",
"deprecated": false
}
},
"content": "Y29udGV4dDoKICBzaWduYXR1cmU6CiAgICAtIGV2dC5NZXRhLnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZQogIGNhdGVnb3J5OgogICAgLSBldnQuTWV0YS5zdXJpY2F0YV9hbGVydF9jYXRlZ29yeQo=",
"author": "crowdsecurity",
"labels": null
}
},
"parsers": {
Expand Down Expand Up @@ -6621,7 +6641,7 @@
"crowdsecurity/suricata-logs": {
"path": "parsers/s01-parse/crowdsecurity/suricata-logs.yaml",
"stage": "s01-parse",
"version": "0.6",
"version": "0.7",
"versions": {
"0.1": {
"digest": "8d2c360a278360d24fd5882646c89cea866ba21db80f1b02732b53f57469ee73",
Expand All @@ -6646,10 +6666,14 @@
"0.6": {
"digest": "b3a55203e30b26f2cc1765278545389d79551838bc28643cf21a3150fc2efed6",
"deprecated": false
},
"0.7": {
"digest": "3823832742ce7cdfee667b70d35793cace0285904ec26c2989add90fb15d1042",
"deprecated": false
}
},
"long_description": "IyMgU3VyaWNhdGEgbG9ncyBwYXJzZXIKClRoaXMgcGFyc2VyIHN1cHBvcnRzIGJvdGggZm9ybWF0cyA6CiAtIHRoZSBKU09OIGBldmUuanNvbmAgZm9ybWF0IChgdHlwZTogc3VyaWNhdGEtZXZlbG9nc2ApCiAtIHRoZSB0ZXh0IGBmYXN0LmxvZ2AgZm9ybWF0IChgdHlwZTogc3VyaWNhdGEtZmFzdGxvZ3NgKQoKVGhlIHBhcnNlciBvbmx5IHBhcnNlcyBsb2dzIHRoYXQgYXJlIGBhbGVydHNgLgo=",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3VyaWNhdGEtZmFzdGxvZ3MnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWZhc3Rsb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugc3VyaWNhdGEgZmFzdC5sb2ciCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX01BUktFUjogJ1xbXCpcKlxdJwogIFNVUklDQVRBX0RBVEU6ICcle0RBVEVfVVM6ZGF0ZX0tJXtUSU1FOnRpbWV9JwogIFNVUklDQVRBX1JVTEVfSUQ6ICdcWyV7TlVNQkVSOnN1cmljYXRhX3J1bGVfc2V2ZXJpdHl9OiV7TlVNQkVSOnJ1bGVfaWR9OiV7TlVNQkVSOnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9yZXZ9XF0nCmdyb2s6IAogIHBhdHRlcm46ICcle1NVUklDQVRBX0RBVEV9ICAle1NVUklDQVRBX01BUktFUn0gJXtTVVJJQ0FUQV9SVUxFX0lEfSAle0RBVEE6c3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlfSAle1NVUklDQVRBX01BUktFUn0gXFtDbGFzc2lmaWNhdGlvbjogJXtEQVRBOnN1cmljYXRhX2NsYXNzaWZpY2F0aW9ufVxdIFxbUHJpb3JpdHk6ICV7TlVNQkVSOnN1cmljYXRhX3ByaW9yaXR5fVxdIFx7JXtEQVRBOnByb3RvfVx9ICV7SVA6c291cmNlX2lwfTole05VTUJFUjpzb3VyY2VfcG9ydH0gXC0+ICV7SVA6ZGVzdF9pcH06JXtOVU1CRVI6ZGVzdF9wb3J0fScKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHN1cmljYXRhCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHN1cmljYXRhX2FsZXJ0CiAgLSBtZXRhOiBzdWJfbG9nX3R5cGUKICAgIHZhbHVlOiBzdXJpY2F0YV9hbGVydF9mYXN0X2xvZwogICAgICAjd2UgYnVpbGQgYmFjayBSRkMzMzM5IGZvcm1hdAogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnN1cmljYXRhX3RpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlICsgJyAnICsgZXZ0LlBhcnNlZC50aW1lCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUKICAtIG1ldGE6IHN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9pZAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlX2lkCiAgLSBtZXRhOiBzdXJpY2F0YV9ydWxlX3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6IHwKICBldnQuUGFyc2VkLnByb2dyYW0gPT0gInN1cmljYXRhLWV2ZWxvZ3MiICYmIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50X3R5cGUiKSA9PSAiYWxlcnQiCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtZXZlbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHN1cmljYXRhIGV2ZS5qc29uIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX0VWRV9UUzogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7U1VSSUNBVEFfRVZFX1RTOnRpbWV9KFwtfFwrKSV7SU5UfScKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZXN0YW1wIikKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBzdXJpY2F0YQogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzdXJpY2F0YV9hbGVydAogIC0gbWV0YTogc3ViX2xvZ190eXBlCiAgICB2YWx1ZTogc3VyaWNhdGFfYWxlcnRfZXZlX2pzb24KICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZSArICdaJwogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9mbG93X2lkCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJmbG93X2lkIikKICAtIHRhcmdldDogZXZ0Lk1ldGEuc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJzcmNfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLmRlc3RfaXAKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImRlc3RfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLmRlc3RfcG9ydAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZGVzdF9wb3J0IikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5wcm90bwogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicHJvdG8iKQogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9hbGVydF9zaWduYXR1cmVfaWQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNpZ25hdHVyZV9pZCIpCiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlX3JldgogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiYWxlcnQucmV2IikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdXJpY2F0YV9hbGVydF9zaWduYXR1cmUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNpZ25hdHVyZSIpCiAgLSB0YXJnZXQ6IGV2dC5NZXRhLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNldmVyaXR5IikKCgo=",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3VyaWNhdGEtZmFzdGxvZ3MnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWZhc3Rsb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugc3VyaWNhdGEgZmFzdC5sb2ciCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX01BUktFUjogJ1xbXCpcKlxdJwogIFNVUklDQVRBX0RBVEU6ICIle0RBVEVfVVM6ZGF0ZX0tJXtUSU1FOnRpbWV9IgogIFNVUklDQVRBX1JVTEVfSUQ6ICdcWyV7TlVNQkVSOnN1cmljYXRhX3J1bGVfc2V2ZXJpdHl9OiV7TlVNQkVSOnJ1bGVfaWR9OiV7TlVNQkVSOnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9yZXZ9XF0nCmdyb2s6CiAgcGF0dGVybjogJyV7U1VSSUNBVEFfREFURX0gICV7U1VSSUNBVEFfTUFSS0VSfSAle1NVUklDQVRBX1JVTEVfSUR9ICV7REFUQTpzdXJpY2F0YV9hbGVydF9zaWduYXR1cmV9ICV7U1VSSUNBVEFfTUFSS0VSfSBcW0NsYXNzaWZpY2F0aW9uOiAle0RBVEE6c3VyaWNhdGFfY2xhc3NpZmljYXRpb259XF0gXFtQcmlvcml0eTogJXtOVU1CRVI6c3VyaWNhdGFfcHJpb3JpdHl9XF0gXHsle0RBVEE6cHJvdG99XH0gJXtJUDpzb3VyY2VfaXB9OiV7TlVNQkVSOnNvdXJjZV9wb3J0fSBcLT4gJXtJUDpkZXN0X2lwfTole05VTUJFUjpkZXN0X3BvcnR9JwogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogc3VyaWNhdGEKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogc3VyaWNhdGFfYWxlcnQKICAtIG1ldGE6IHN1Yl9sb2dfdHlwZQogICAgdmFsdWU6CiAgICAgIHN1cmljYXRhX2FsZXJ0X2Zhc3RfbG9nCiAgICAgICN3ZSBidWlsZCBiYWNrIFJGQzMzMzkgZm9ybWF0CiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuc3VyaWNhdGFfdGltZXN0YW1wCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZSArICcgJyArIGV2dC5QYXJzZWQudGltZQogIC0gbWV0YTogc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlX2lkCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJ1bGVfaWQKICAtIG1ldGE6IHN1cmljYXRhX3J1bGVfc2V2ZXJpdHkKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc3VyaWNhdGFfcnVsZV9zZXZlcml0eQogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogIC0gbWV0YTogc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZQogIC0gbWV0YTogc3VyaWNhdGFfYWxlcnRfY2F0ZWdvcnkKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc3VyaWNhdGFfY2xhc3NpZmljYXRpb24KLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6IHwKICBldnQuUGFyc2VkLnByb2dyYW0gPT0gInN1cmljYXRhLWV2ZWxvZ3MiICYmIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50X3R5cGUiKSA9PSAiYWxlcnQiCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtZXZlbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHN1cmljYXRhIGV2ZS5qc29uIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX0VWRV9UUzogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0iCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7U1VSSUNBVEFfRVZFX1RTOnRpbWV9KFwtfFwrKSV7SU5UfScKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZXN0YW1wIikKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBzdXJpY2F0YQogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzdXJpY2F0YV9hbGVydAogIC0gbWV0YTogc3ViX2xvZ190eXBlCiAgICB2YWx1ZTogc3VyaWNhdGFfYWxlcnRfZXZlX2pzb24KICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZSArICdaJwogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9mbG93X2lkCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJmbG93X2lkIikKICAtIHRhcmdldDogZXZ0Lk1ldGEuc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJzcmNfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLmRlc3RfaXAKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImRlc3RfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLmRlc3RfcG9ydAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZGVzdF9wb3J0IikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5wcm90bwogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicHJvdG8iKQogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9hbGVydF9zaWduYXR1cmVfaWQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNpZ25hdHVyZV9pZCIpCiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlX3JldgogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiYWxlcnQucmV2IikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdXJpY2F0YV9hbGVydF9zaWduYXR1cmUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNpZ25hdHVyZSIpCiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuc3VyaWNhdGFfYWxlcnRfY2F0ZWdvcnkKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LmNhdGVnb3J5IikKICAtIHRhcmdldDogZXZ0Lk1ldGEuc3VyaWNhdGFfcnVsZV9zZXZlcml0eQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiYWxlcnQuc2V2ZXJpdHkiKQo=",
"description": "Parse suricata fast.log",
"author": "crowdsecurity",
"labels": null
Expand Down
Loading