Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enhancement: add logdata to appsec AccumlateTxToEvent #3383

Merged

Conversation

LaurenceJJones
Copy link
Contributor

logdata is a macro expanded string where most providers (OWASP CRS) store informational context around the alert.

For example:

https://github.com/coreruleset/coreruleset/blob/f98b5f122570b6f9bf4665f3c49bb424a207c058/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf#L182-L201

The alert is stating unix command was attempted to be injected but you cannot see which command was injected until you expose the logdata field, this is useful to most users that want to know what was attempted and blocked.

Copy link

@LaurenceJJones: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

  • /kind feature
  • /kind enhancement
  • /kind refactoring
  • /kind fix
  • /kind chore
  • /kind dependencies
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

Copy link

@LaurenceJJones: There are no area labels on this PR. You can add as many areas as you see fit.

  • /area agent
  • /area local-api
  • /area cscli
  • /area appsec
  • /area security
  • /area configuration
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@LaurenceJJones
Copy link
Contributor Author

/kind enhancement
/area agent

Copy link

codecov bot commented Dec 27, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.60%. Comparing base (78f4b85) to head (2abb884).
Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3383      +/-   ##
==========================================
- Coverage   58.63%   58.60%   -0.03%     
==========================================
  Files         356      356              
  Lines       38214    38215       +1     
==========================================
- Hits        22405    22396       -9     
- Misses      13895    13903       +8     
- Partials     1914     1916       +2     
Flag Coverage Δ
bats 41.61% <0.00%> (-0.03%) ⬇️
unit-linux 33.09% <100.00%> (-0.04%) ⬇️
unit-windows 28.41% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@LaurenceJJones LaurenceJJones merged commit 5c0c4f9 into crowdsecurity:master Dec 27, 2024
17 checks passed
@LaurenceJJones LaurenceJJones deleted the appsec_add_logdata branch December 27, 2024 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/agent kind/enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants