appsec-logs Log Parser

« appsec-logs »
v0.5 by crowdsecurity
Log parser

Parse Appsec events

Installation

cscli parsers install crowdsecurity/appsec-logs

YAML Configuration

1onsuccess: next_stage
2format: 3.0
3#debug: true
4filter: "evt.Parsed.program == 'appsec'"
5name: crowdsecurity/appsec-logs
6description: "Parse Appsec events"
7statics:
8  - meta: service
9    value: appsec
10  - meta: source_ip
11    expression: "evt.Parsed.source_ip"
12  - meta: target_host
13    expression: "evt.Parsed.target_host"
14  - meta: request_uuid
15    expression: "evt.Parsed.req_uuid"
16  - meta: target_uri
17    expression: "evt.Parsed.target_uri"
18#was the request blocked ?
19  - meta: log_type
20    expression: |
21      evt.Appsec.HasInBandMatches ? "appsec-block" : "appsec-info"
22  - meta: rule_name
23    expression: evt.Appsec.GetName()
24  - meta: rule_ids
25    expression: Sprintf("%+v", evt.Appsec.GetRuleIDs())
26  - meta: remediation_cmpt_ip
27    expression: "evt.Parsed.remediation_cmpt_ip"
28

Hub configuration

« appsec-logs »v0.5 by crowdsecurityLog parser

« appsec-logs »
v0.5 by crowdsecurity
Log parser