lower debug here, fix logging there

This commit is contained in:
bui 2023-12-06 10:48:03 +01:00
parent 00d899ee8e
commit dce1f3cd8c
2 changed files with 11 additions and 11 deletions

View file

@ -197,7 +197,7 @@ func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error {
}
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error {
r.logger.Infof("Processing out of band rules")
r.logger.Debugf("Processing out of band rules")
tx := appsec.NewExtendedTransaction(r.AppsecOutbandEngine, request.UUID)
r.AppsecRuntime.OutOfBandTx = tx
err := r.processRequest(tx, request)

View file

@ -53,16 +53,16 @@ func AppsecEventGeneration(inEvt types.Event) (*types.Event, error) {
alert.EventsCount = ptr.Of(int32(1))
alert.Labels = []string{"appsec"} //don't know what to do about this
alert.Leakspeed = ptr.Of("")
msg := fmt.Sprintf("Application Security Engine alert: %s", inEvt.Appsec.MatchedRules.GetName())
alert.Message = &msg
alert.Scenario = ptr.Of(inEvt.Appsec.MatchedRules.GetName())
alert.ScenarioHash = ptr.Of(inEvt.Appsec.MatchedRules.GetHash())
alert.ScenarioVersion = ptr.Of(inEvt.Appsec.MatchedRules.GetVersion())
alert.Simulated = ptr.Of(false)
alert.Source = &source
msg := fmt.Sprintf("AppSec block: %s from %s (%s)", inEvt.Appsec.MatchedRules.GetName(),
alert.Source.IP, inEvt.Parsed["remediation_cmpt_ip"])
alert.Message = &msg
alert.StartAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
alert.StopAt = ptr.Of(time.Now().UTC().Format(time.RFC3339))
evt.Overflow.APIAlerts = []models.Alert{alert}
evt.Overflow.Alert = &alert
return &evt, nil
@ -76,13 +76,13 @@ func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.
//def needs fixing
evt.Stage = "s00-raw"
evt.Parsed = map[string]string{
"source_ip": r.ClientIP,
"target_host": r.Host,
"target_uri": r.URI,
"method": r.Method,
"req_uuid": r.Tx.ID(),
"source": "crowdsec-appsec",
"source_ip": r.ClientIP,
"target_host": r.Host,
"target_uri": r.URI,
"method": r.Method,
"req_uuid": r.Tx.ID(),
"source": "crowdsec-appsec",
"remediation_cmpt_ip": r.RemoteAddrNormalized,
//TBD:
//http_status
//user_agent