lower debug here, fix logging there

pkg/acquisition/modules/appsec/appsec_runner.go

@@ -197,7 +197,7 @@ func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error {
 }
 
 func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
-	r.logger.Infof("Processing out of band rules")
+	r.logger.Debugf("Processing out of band rules")
 	tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
 	r.AppsecRuntime.OutOfBandTx = tx
 	err := r.processRequest(tx, request)

pkg/acquisition/modules/appsec/utils.go

@@ -53,16 +53,16 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
 	alert.EventsCount = ptr.Of(int32(1))
 	alert.Labels = []string{"appsec"} //don't know what to do about this
 	alert.Leakspeed = ptr.Of("")
-	msg := fmt.Sprintf("Application Security Engine alert: %s", inEvt.Appsec.MatchedRules.GetName())
-	alert.Message = &msg
 	alert.Scenario = ptr.Of(inEvt.Appsec.MatchedRules.GetName())
 	alert.ScenarioHash = ptr.Of(inEvt.Appsec.MatchedRules.GetHash())
 	alert.ScenarioVersion = ptr.Of(inEvt.Appsec.MatchedRules.GetVersion())
 	alert.Simulated = ptr.Of(false)
 	alert.Source = &source
+	msg := fmt.Sprintf("AppSec block: %s from %s (%s)", inEvt.Appsec.MatchedRules.GetName(),
+		alert.Source.IP, inEvt.Parsed["remediation_cmpt_ip"])
+	alert.Message = &msg
 	alert.StartAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
 	alert.StopAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
-
 	evt.Overflow.APIAlerts = []models.Alert{alert}
 	evt.Overflow.Alert = &alert
 	return &evt, nil
@@ -82,7 +82,7 @@ func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.
 		"method":              r.Method,
 		"req_uuid":            r.Tx.ID(),
 		"source":              "crowdsec-appsec",
-
+		"remediation_cmpt_ip": r.RemoteAddrNormalized,
 		//TBD:
 		//http_status
 		//user_agent