-
Notifications
You must be signed in to change notification settings - Fork 473
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alert context appsec #3288
Alert context appsec #3288
Conversation
@buixor: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
@buixor: There are no area labels on this PR. You can add as many areas as you see fit.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
todo: use expr lib |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3288 +/- ##
===========================================
+ Coverage 39.27% 58.31% +19.04%
===========================================
Files 480 349 -131
Lines 62217 37389 -24828
===========================================
- Hits 24437 21805 -2632
+ Misses 35124 13697 -21427
+ Partials 2656 1887 -769
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
/area appsec |
Testing PR: Added contents to
produces the following context with the request
Some things to note is the To test directly the reason for the PR I added the following to the context file:
Sending these 2 curl commands:
Produces the following contexts:
Example showing context on console |
👍 for keeping only Todo:
|
Add alert context support to appsec rules. Closes #3286
When we release 1.6.4, we should add the following alert context to the appsec collection(s) to be iso with what exists:
However, we're now exposing both
match
(types.MatchedRule
) andreq
(http.Request
) to the user's alert context rules. This allows extracting more relevant context:Todo: