Added user.name exists in Elastic query

certego · Sep 29, 2023 · 0f15e84 · 0f15e84
1 parent 5c68182
commit 0f15e84
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/buffalogs/impossible_travel/tasks.py b/buffalogs/impossible_travel/tasks.py
@@ -226,6 +226,7 @@ def exec_process_logs(start_date, end_date):
         .query("match", **{"event.category": "authentication"})
         .query("match", **{"event.outcome": "success"})
         .query("match", **{"event.type": "start"})
+        .query("exists", field="user.name")
         .exclude("terms", **{"user.name": config.ignored_users})
         .exclude("terms", **{"source.ip": config.ignored_ips})
     )