Skip to content

Commit

Permalink
add missing test asserts for cloudfront (#1000)
Browse files Browse the repository at this point in the history
  • Loading branch information
@blotus
blotus authored Mar 12, 2024
1 parent 4dff2db commit 517087b
Show file tree
Hide file tree
Showing 3 changed files with 115 additions and 3 deletions.
8 changes: 6 additions & 2 deletions .index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5290,15 +5290,19 @@
"crowdsecurity/aws-cloudfront": {
"path": "parsers/s01-parse/crowdsecurity/aws-cloudfront.yaml",
"stage": "s01-parse",
"version": "0.1",
"version": "0.2",
"versions": {
"0.1": {
"digest": "795f0501182540325f30f3ca69ac7237653549989a65838d0c218fc03589ddcc",
"deprecated": false
},
"0.2": {
"digest": "62f22527304c1287f7c52b28b5fcbba9c4a7c18fdbf4299414c77b15f7bf5f8b",
"deprecated": false
}
},
"long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciBmb3IgQVdTIENsb3VkRnJvbnQgYWNjZXNzIGxvZ3MuCgojIFVzYWdlCgpDbG91ZGZyb250IGRlbGl2ZXJzIGxvZ3MgdG8gUzMsIHNvIHlvdSBjYW4gdXNlIGNyb3dkc2VjIFtTMyBkYXRhc291cmNlXShodHRwczovL2RvY3MuY3Jvd2RzZWMubmV0L2RvY3MvbmV4dC9kYXRhX3NvdXJjZXMvczMvKSB0byByZWFkIHRoZSBsb2dzLgoKQW4gZXhhbXBsZSBvZiB0aGUgY29uZmlndXJhdGlvbiBpczoKCmBgYHlhbWwKc291cmNlOiBzMwpwb2xsaW5nX21ldGhvZDogc3FzCnNxc19uYW1lOiBteS1xdWV1ZQpzcXNfZm9ybWF0OiBzM25vdGlmaWNhdGlvbgphd3NfcmVnaW9uOiBldS13ZXN0LTEKdXNlX3RpbWVfbWFjaGluZTogdHJ1ZQpsYWJlbHM6CiAgdHlwZTogYXdzLWNsb3VkZnJvbnQKYGBgCgpCZWNhdXNlIENsb3VkRnJvbnQgd2lsbCBub3QgZGVsaXZlciB0aGUgbG9ncyBpbiByZWFsIHRpbWUsIHlvdSAqbXVzdCogc2V0IHRoZSBgdXNlX3RpbWVfbWFjaGluZWAgb3B0aW9uIHRvIGZvcmNlIGNyb3dkc2VjIHRvIHVzZSB0aGUgdGltZXN0YW1wIGluIHRoZSBsb2cgaXRzZWxmLCBvciB5b3UgYXJlIHZlcnkgbGlrZWx5IHRvIHJ1biBpbnRvIGZhbHNlIHBvc2l0aXZlcy4=",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdhd3MtY2xvdWRmcm9udCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkZnJvbnQKZGVzY3JpcHRpb246ICJQYXJzZSBBV1MgQ2xvdWRGcm9udCBhY2Nlc3MgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAnJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU0yOm1vbnRofS0le01PTlRIREFZOmRheX1ccysle1RJTUU6dGltZX1ccysle0RBVEE6eF9lZGdlX2xvY2F0aW9ufVxzKyV7TlVNQkVSOnNjX2J5dGVzfVxzKyV7SVA6Y19pcH1ccysle1dPUkQ6Y3NfbWV0aG9kfVxzKyV7SE9TVE5BTUU6Y3NfaG9zdH1ccysle0RBVEE6Y3NfdXJpX3N0ZW19XHMrJXtOVU1CRVI6c2Nfc3RhdHVzfVxzKyV7REFUQTpjc19yZWZlcmVyfVxzKyV7REFUQTpjc191c2VyX2FnZW50fVxzKyV7REFUQTpjc191cmlfcXVlcnl9XHMrJXtEQVRBOmNzX2Nvb2tpZX1ccysle1dPUkQ6eF9lZGdlX3Jlc3VsdF90eXBlfVxzKyV7REFUQTp4X2VkZ2VfcmVxdWVzdF9pZH1ccysle0hPU1ROQU1FOnhfaG9zdF9oZWFkZXJ9XHMrJXtXT1JEOmNzX3Byb3RvY29sfVxzKyV7TlVNQkVSOmNzX2J5dGVzfVxzKyV7TlVNQkVSOnRpbWVfdGFrZW59XHMrJXtEQVRBOnhfZm9yd2FyZGVkX2Zvcn1ccysle0RBVEE6c3NsX3Byb3RvY29sfVxzKyV7REFUQTpzc2xfY2lwaGVyfVxzKyV7V09SRDp4X2VkZ2VfcmVzcG9uc2VfcmVzdWx0X3R5cGV9XHMrJXtEQVRBOmNzX3Byb3RvY29sX3ZlcnNpb259XHMrJXtEQVRBOmZsZV9zdGF0dXN9XHMrJXtEQVRBOmZsZV9lbmNyeXB0ZWRfZmllbGRzfVxzKyV7TlVNQkVSOmNfcG9ydH1ccysle05VTUJFUjp0aW1lX3RvX2ZpcnN0X2J5dGV9XHMrJXtXT1JEOnhfZWRnZV9kZXRhaWxlZF9yZXN1bHRfdHlwZX1ccysle0RBVEE6c2NfY29udGVudF90eXBlfVxzKyV7TlVNQkVSOnNjX2NvbnRlbnRfbGVufVxzKyV7REFUQTpzY19yYW5nZV9zdGFydH1ccysle0RBVEE6c2NfcmFuZ2VfZW5kfScKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBodHRwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC55ZWFyICsgJy0nICsgZXZ0LlBhcnNlZC5tb250aCArICctJyArIGV2dC5QYXJzZWQuZGF5ICsgJ1QnICsgZXZ0LlBhcnNlZC50aW1lIgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuY19pcCIKICAgIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc2Nfc3RhdHVzIgogICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgZXhwcmVzc2lvbjogfAogICAgICAgIGV2dC5QYXJzZWQuY3NfdXJpX3F1ZXJ5ID09ICItIiA/IGV2dC5QYXJzZWQuY3NfdXJpX3N0ZW0gOiBldnQuUGFyc2VkLmNzX3VyaV9zdGVtICsgJz8nICsgZXZ0LlBhcnNlZC5jc191cmlfcXVlcnkKICAgIC0gbWV0YTogaHR0cF92ZXJiCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNzX21ldGhvZCIKICAgIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNzX3VzZXJfYWdlbnQi",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdhd3MtY2xvdWRmcm9udCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkZnJvbnQKZGVzY3JpcHRpb246ICJQYXJzZSBBV1MgQ2xvdWRGcm9udCBhY2Nlc3MgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAnJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU0yOm1vbnRofS0le01PTlRIREFZOmRheX1ccysle1RJTUU6dGltZX1ccysle0RBVEE6eF9lZGdlX2xvY2F0aW9ufVxzKyV7TlVNQkVSOnNjX2J5dGVzfVxzKyV7SVA6Y19pcH1ccysle1dPUkQ6Y3NfbWV0aG9kfVxzKyV7SE9TVE5BTUU6Y3NfaG9zdH1ccysle0RBVEE6Y3NfdXJpX3N0ZW19XHMrJXtOVU1CRVI6c2Nfc3RhdHVzfVxzKyV7REFUQTpjc19yZWZlcmVyfVxzKyV7REFUQTpjc191c2VyX2FnZW50fVxzKyV7REFUQTpjc191cmlfcXVlcnl9XHMrJXtEQVRBOmNzX2Nvb2tpZX1ccysle1dPUkQ6eF9lZGdlX3Jlc3VsdF90eXBlfVxzKyV7REFUQTp4X2VkZ2VfcmVxdWVzdF9pZH1ccysle0hPU1ROQU1FOnhfaG9zdF9oZWFkZXJ9XHMrJXtXT1JEOmNzX3Byb3RvY29sfVxzKyV7TlVNQkVSOmNzX2J5dGVzfVxzKyV7TlVNQkVSOnRpbWVfdGFrZW59XHMrJXtEQVRBOnhfZm9yd2FyZGVkX2Zvcn1ccysle0RBVEE6c3NsX3Byb3RvY29sfVxzKyV7REFUQTpzc2xfY2lwaGVyfVxzKyV7V09SRDp4X2VkZ2VfcmVzcG9uc2VfcmVzdWx0X3R5cGV9XHMrJXtEQVRBOmNzX3Byb3RvY29sX3ZlcnNpb259XHMrJXtEQVRBOmZsZV9zdGF0dXN9XHMrJXtEQVRBOmZsZV9lbmNyeXB0ZWRfZmllbGRzfVxzKyV7TlVNQkVSOmNfcG9ydH1ccysle05VTUJFUjp0aW1lX3RvX2ZpcnN0X2J5dGV9XHMrJXtXT1JEOnhfZWRnZV9kZXRhaWxlZF9yZXN1bHRfdHlwZX1ccysle0RBVEE6c2NfY29udGVudF90eXBlfVxzKyV7TlVNQkVSOnNjX2NvbnRlbnRfbGVufVxzKyV7REFUQTpzY19yYW5nZV9zdGFydH1ccysle0RBVEE6c2NfcmFuZ2VfZW5kfScKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBodHRwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC55ZWFyICsgJy0nICsgZXZ0LlBhcnNlZC5tb250aCArICctJyArIGV2dC5QYXJzZWQuZGF5ICsgJ1QnICsgZXZ0LlBhcnNlZC50aW1lICsgJ1onIgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuY19pcCIKICAgIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc2Nfc3RhdHVzIgogICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgZXhwcmVzc2lvbjogfAogICAgICAgIGV2dC5QYXJzZWQuY3NfdXJpX3F1ZXJ5ID09ICItIiA/IGV2dC5QYXJzZWQuY3NfdXJpX3N0ZW0gOiBldnQuUGFyc2VkLmNzX3VyaV9zdGVtICsgJz8nICsgZXZ0LlBhcnNlZC5jc191cmlfcXVlcnkKICAgIC0gbWV0YTogaHR0cF92ZXJiCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNzX21ldGhvZCIKICAgIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNzX3VzZXJfYWdlbnQi",
"description": "Parse AWS CloudFront access logs",
"author": "crowdsecurity",
"labels": null
Expand Down
108 changes: 108 additions & 0 deletions .tests/aws-cloudfront-logs/parser.assert
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
len(results) == 4
len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 1
results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "2024-03-12 15:22:28 CDG50-P2 703 1.2.3.4 GET d6rcaj0q1hys9.cloudfront.net /testseb 400 - curl/7.81.0 query_param=42 - Error 375WZmnR4hhhnlZKNn0D_LvkWhAqvWvBsUqySq8f_GOoAPP3k8R8fw== hub-cdn.crowdsec.net https 62 0.113 - TLSv1.3 TLS_AES_128_GCM_SHA256 Error HTTP/2.0 - - 51754 0.113 Error text/plain;%20charset=utf-8 20 - -"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "aws-cloudfront"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "aws-cloudfront-logs.log"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 1
results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
len(results["s01-parse"]["crowdsecurity/aws-cloudfront"]) == 1
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Success == true
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["c_ip"] == "1.2.3.4"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["c_port"] == "51754"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_bytes"] == "62"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_cookie"] == "-"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_host"] == "d6rcaj0q1hys9.cloudfront.net"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_method"] == "GET"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_protocol"] == "https"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_protocol_version"] == "HTTP/2.0"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_referer"] == "-"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_uri_query"] == "query_param=42"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_uri_stem"] == "/testseb"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["cs_user_agent"] == "curl/7.81.0"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["day"] == "12"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["fle_encrypted_fields"] == "-"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["fle_status"] == "-"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["message"] == "2024-03-12 15:22:28 CDG50-P2 703 1.2.3.4 GET d6rcaj0q1hys9.cloudfront.net /testseb 400 - curl/7.81.0 query_param=42 - Error 375WZmnR4hhhnlZKNn0D_LvkWhAqvWvBsUqySq8f_GOoAPP3k8R8fw== hub-cdn.crowdsec.net https 62 0.113 - TLSv1.3 TLS_AES_128_GCM_SHA256 Error HTTP/2.0 - - 51754 0.113 Error text/plain;%20charset=utf-8 20 - -"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["month"] == "03"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["program"] == "aws-cloudfront"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["sc_bytes"] == "703"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["sc_content_len"] == "20"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["sc_content_type"] == "text/plain;%20charset=utf-8"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["sc_range_start"] == "-"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["sc_status"] == "400"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["ssl_cipher"] == "TLS_AES_128_GCM_SHA256"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["ssl_protocol"] == "TLSv1.3"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["time"] == "15:22:28"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["time_taken"] == "0.113"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["time_to_first_byte"] == "0.113"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_edge_detailed_result_type"] == "Error"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_edge_location"] == "CDG50-P2"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_edge_request_id"] == "375WZmnR4hhhnlZKNn0D_LvkWhAqvWvBsUqySq8f_GOoAPP3k8R8fw=="
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_edge_response_result_type"] == "Error"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_edge_result_type"] == "Error"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_forwarded_for"] == "-"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["x_host_header"] == "hub-cdn.crowdsec.net"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Parsed["year"] == "2024"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["datasource_path"] == "aws-cloudfront-logs.log"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["datasource_type"] == "file"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["http_path"] == "/testseb?query_param=42"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["http_status"] == "400"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["http_user_agent"] == "curl/7.81.0"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["http_verb"] == "GET"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["log_type"] == "http_access-log"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["service"] == "http"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Meta["source_ip"] == "1.2.3.4"
results["s01-parse"]["crowdsecurity/aws-cloudfront"][0].Evt.Whitelisted == false
len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 1
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["c_ip"] == "1.2.3.4"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["c_port"] == "51754"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_bytes"] == "62"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_cookie"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_host"] == "d6rcaj0q1hys9.cloudfront.net"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_method"] == "GET"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_protocol"] == "https"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_protocol_version"] == "HTTP/2.0"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_referer"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_uri_query"] == "query_param=42"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_uri_stem"] == "/testseb"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["cs_user_agent"] == "curl/7.81.0"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["day"] == "12"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["fle_encrypted_fields"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["fle_status"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "2024-03-12 15:22:28 CDG50-P2 703 1.2.3.4 GET d6rcaj0q1hys9.cloudfront.net /testseb 400 - curl/7.81.0 query_param=42 - Error 375WZmnR4hhhnlZKNn0D_LvkWhAqvWvBsUqySq8f_GOoAPP3k8R8fw== hub-cdn.crowdsec.net https 62 0.113 - TLSv1.3 TLS_AES_128_GCM_SHA256 Error HTTP/2.0 - - 51754 0.113 Error text/plain;%20charset=utf-8 20 - -"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["month"] == "03"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "aws-cloudfront"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sc_bytes"] == "703"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sc_content_len"] == "20"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sc_content_type"] == "text/plain;%20charset=utf-8"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sc_range_start"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sc_status"] == "400"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["ssl_cipher"] == "TLS_AES_128_GCM_SHA256"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["ssl_protocol"] == "TLSv1.3"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time"] == "15:22:28"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_taken"] == "0.113"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_to_first_byte"] == "0.113"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_edge_detailed_result_type"] == "Error"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_edge_location"] == "CDG50-P2"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_edge_request_id"] == "375WZmnR4hhhnlZKNn0D_LvkWhAqvWvBsUqySq8f_GOoAPP3k8R8fw=="
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_edge_response_result_type"] == "Error"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_edge_result_type"] == "Error"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_forwarded_for"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["x_host_header"] == "hub-cdn.crowdsec.net"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["year"] == "2024"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "aws-cloudfront-logs.log"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_path"] == "/testseb?query_param=42"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "400"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_user_agent"] == "curl/7.81.0"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_verb"] == "GET"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "http_access-log"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "1.2.3.4"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-03-12T15:22:28Z"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-03-12T15:22:28Z"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
2 changes: 1 addition & 1 deletion parsers/s01-parse/crowdsecurity/aws-cloudfront.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ statics:
- meta: log_type
value: http_access-log
- target: evt.StrTime
expression: "evt.Parsed.year + '-' + evt.Parsed.month + '-' + evt.Parsed.day + 'T' + evt.Parsed.time"
expression: "evt.Parsed.year + '-' + evt.Parsed.month + '-' + evt.Parsed.day + 'T' + evt.Parsed.time + 'Z'"
- meta: source_ip
expression: "evt.Parsed.c_ip"
- meta: http_status
Expand Down

0 comments on commit 517087b

Please sign in to comment.