[appsec / parsers] Add expr helper or event function that can add custom Alert context at runtime

[LaurenceJJones]

Currently if you want to add Alert context you can only do this from events that generate from a overflown scenario.

However, some alerts get sent without an overflown scenario (AppSec), the idea is to add either an expr or a event level function that adds alert context metadata.

The function will need to check if the key already exists and push to the slice.

[github-actions]

@LaurenceJJones: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

1. Check Crowdsec Documentation to see if your issue can be self resolved.
2. You can also join our Discord.
3. Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[github-actions]

@LaurenceJJones: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

• /kind feature
• /kind enhancement
• /kind refactoring
• /kind bug
• /kind packaging

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[buixor]

/kind feature

[LaurenceJJones]

An example of custom metadata would be to add the Host header that is passed to the AppSec component or any other data maybe a cookie value so you can trace the user.