From d9775ae2d65699861e156fe8e89b15fc85b4c817 Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Fri, 24 May 2024 15:11:21 +0200 Subject: [PATCH] fix(Ubika): extract the attack family --- Ubika/ubika-cloud-protector-alerts/_meta/fields.yml | 5 +++++ Ubika/ubika-cloud-protector-alerts/ingest/parser.yml | 1 + Ubika/ubika-cloud-protector-alerts/tests/test_detection.json | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Ubika/ubika-cloud-protector-alerts/_meta/fields.yml b/Ubika/ubika-cloud-protector-alerts/_meta/fields.yml index add6bfb42..e6188726e 100644 --- a/Ubika/ubika-cloud-protector-alerts/_meta/fields.yml +++ b/Ubika/ubika-cloud-protector-alerts/_meta/fields.yml @@ -2,3 +2,8 @@ ubika.cloud_protector.application_id: description: Website server name name: ubika.cloud_protector.application_id type: keyword + +ubika.cloud_protector.attack_family: + description: The nature of the attack + name: ubika.cloud_protector.attack_family + type: keyword diff --git a/Ubika/ubika-cloud-protector-alerts/ingest/parser.yml b/Ubika/ubika-cloud-protector-alerts/ingest/parser.yml index ea3e6fdf7..23798d465 100644 --- a/Ubika/ubika-cloud-protector-alerts/ingest/parser.yml +++ b/Ubika/ubika-cloud-protector-alerts/ingest/parser.yml @@ -30,3 +30,4 @@ stages: rule.id: "{{ parsed_event.message.rule_id.strip() }}" ubika.cloud_protector.application_id: "{{ parsed_event.message.application_id }}" + ubika.cloud_protector.attack_family: "{{ parsed_event.message.attack_family }}" diff --git a/Ubika/ubika-cloud-protector-alerts/tests/test_detection.json b/Ubika/ubika-cloud-protector-alerts/tests/test_detection.json index 517b49f04..f948d6fd8 100644 --- a/Ubika/ubika-cloud-protector-alerts/tests/test_detection.json +++ b/Ubika/ubika-cloud-protector-alerts/tests/test_detection.json @@ -38,7 +38,8 @@ }, "ubika": { "cloud_protector": { - "application_id": "www.some-app.com" + "application_id": "www.some-app.com", + "attack_family": "Information Disclosure" } }, "url": {