Updating BFA scenario

Updating BFA scenario as we have update regex pattern to replace placeholder
cs-rohit-khune · Mar 4, 2022 · 64c656e · 64c656e
1 parent c62f0a2
commit 64c656e
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fortisoar-soc-simulator/scenarios/default/scenario_record.json b/fortisoar-soc-simulator/scenarios/default/scenario_record.json
@@ -73,7 +73,7 @@
                 "source": "Syslog",
                 "status": "Open",
                 "severity": "low",
-                "sourceIp": "{TR_MALICIOUS_IP}",
+                "sourceIp": "<<TR_MALICIOUS_IP>>",
                 "sourceType": "linux_secure",
                 "sourcedata": "{\"host\":\"marketing.server.1\",\"rhost\":\"43.225.46.25\",\"pid\":\"5654\",\"_confstr\":\"source::/var/log/secure|host::ip-10-1-3-106|linux_secure\",\"date_zone\":\"local\",\"_eventtype_color\":\"\",\"_indextime\":\"1500279602\",\"euid\":\"0\",\"timeendpos\":\"16\",\"date_hour\":\"8\",\"source\":\"/var/log/secure\",\"process\":\"sshd\",\"date_wday\":\"monday\",\"_serial\":\"8\",\"_kv\":\"1\",\"punct\":\"__::_----_[]:_(:):__;_=_=_=_=_=_=...__=\",\"_sourcetype\":\"linux_secure\",\"_raw\":\"Jul 17 08:20:02 192.168.60.172 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.225.46.25 user=root\",\"_si\":[\"10.1.3.32\",\"main\"],\"securonix_server\":\"10.1.3.32\",\"sourcetype\":\"linux_secure\",\"date_month\":\"july\",\"index\":\"main\",\"timestartpos\":\"0\",\"eventtype\":\"\",\"user\":\"root\",\"date_mday\":\"17\",\"linecount\":\"\",\"tty\":\"ssh\",\"event_id\":\"3F3CBAA2-CB55-4976-95EA-3627677F1EE3@@main@@00f9a277c2dce41ac744d522c35f8ccb\",\"uid\":\"0\",\"_time\":\"1500279602\",\"date_minute\":\"20\",\"date_year\":\"2017\",\"date_second\":\"2\"}",
                 "description": "<p>Suspicious Login Failures on asset marketing.server.1 from 43.225.46.25&nbsp;</p>",
@@ -420,4 +420,4 @@
       }
     ],
     "type": "scenario"
-  }
+  }