Skip to content

Commit

Permalink
enhance: update geoip filter to ignore private range (#1051)
Browse files Browse the repository at this point in the history
  • Loading branch information
@LaurenceJJones
LaurenceJJones authored Jun 18, 2024
1 parent 54218f0 commit 86fa7b6
Show file tree
Hide file tree
Showing 6 changed files with 150 additions and 52 deletions.
8 changes: 6 additions & 2 deletions .index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6536,7 +6536,7 @@
"crowdsecurity/geoip-enrich": {
"path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml",
"stage": "s02-enrich",
"version": "0.3",
"version": "0.4",
"versions": {
"0.1": {
"digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6",
Expand All @@ -6549,10 +6549,14 @@
"0.3": {
"digest": "91e2f0d42c0fd57198485ce0d9caa4d53c7a99756e202cb4221b8151ec8aef1a",
"deprecated": false
},
"0.4": {
"digest": "09ccb22bbb74ca4982954f233f53e6cd005e09f27e252804e3a0b3da0389bf86",
"deprecated": false
}
},
"long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L21tZGIvR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvbW1kYi9HZW9MaXRlMi1BU04ubW1kYikKCg==",
"content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9tbWRiL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L21tZGIvR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=",
"content": "ZmlsdGVyOiB8CiAgbGV0IGlwdjZDaGVjayA9IElzSVBWNihldnQuTWV0YS5zb3VyY2VfaXApOwogICJzb3VyY2VfaXAiIGluIGV2dC5NZXRhICYmCiAgKAogICAgbm90IGlwdjZDaGVjayAmJgogICAgbm90IChJcEluUmFuZ2UoZXZ0Lk1ldGEuc291cmNlX2lwLCAiMTI3LjAuMC4wLzgiKSB8fCBJcEluUmFuZ2UoZXZ0Lk1ldGEuc291cmNlX2lwLCAiMTkyLjE2OC4wLjAvMTYiKSB8fCBJcEluUmFuZ2UoZXZ0Lk1ldGEuc291cmNlX2lwLCAiMTcyLjE2LjAuMC8xMiIpIHx8IElwSW5SYW5nZShldnQuTWV0YS5zb3VyY2VfaXAsICIxMC4wLjAuMC84IikpCiAgKSB8fAogICgKICAgIGlwdjZDaGVjayAmJgogICAgbm90IChJcEluUmFuZ2UoZXZ0Lk1ldGEuc291cmNlX2lwLCAiOjoxLzEyOCIpIHx8IElwSW5SYW5nZShldnQuTWV0YS5zb3VyY2VfaXAsICJmZDAwOjovOCIpIHx8IElwSW5SYW5nZShldnQuTWV0YS5zb3VyY2VfaXAsICJmYzAwOjovNyIpKQogICkKCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9tbWRiL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L21tZGIvR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=",
"description": "Populate event with geoloc info : as, country, coords, source range.",
"author": "crowdsecurity",
"labels": null
Expand Down
2 changes: 2 additions & 0 deletions .tests/geoip-enrich/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ parsers:
- crowdsecurity/syslog-logs
- crowdsecurity/sshd-logs
- ./.tests/geoip-enrich/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml #we don't use the actual parser because we need to change the download URLs for the MMDBs
- crowdsecurity/dateparse-enrich

#manual parsers
scenarios:
- ""
Expand Down
Loading

0 comments on commit 86fa7b6

Please sign in to comment.