diff --git a/README.md b/README.md index fa35dee..4cac185 100644 --- a/README.md +++ b/README.md @@ -439,6 +439,7 @@ The event forwarded to Falco Sidekick instance includes the following informatio * **`teler.caller`**: Identifies the application source that invoked teler-waf. * **`teler.id`**: Represents a unique identifier for the rejected request. * **`teler.threat`**: Specifies the category of the threat. + * **`teler.listen_addr`**: Denotes the network address on which teler-waf is listening for incoming requests. * **`request.body`**: Contains the body of the associated request. * **`request.headers`**: Lists the headers from the associated request. * **`request.ip_addr`**: Discloses the IP address of the associated request. diff --git a/falcosidekick.go b/falcosidekick.go index c06a745..abe3b87 100644 --- a/falcosidekick.go +++ b/falcosidekick.go @@ -29,6 +29,7 @@ type falcoEvent struct { Caller string `json:"teler.caller"` ID string `json:"teler.id"` Threat string `json:"teler.threat"` + ListenAddr string `json:"teler.listen_addr"` RequestBody string `json:"request.body"` RequestHeaders string `json:"request.headers"` RequestIPAddr string `json:"request.ip_addr"` diff --git a/teler.go b/teler.go index 18880c7..b300c9f 100644 --- a/teler.go +++ b/teler.go @@ -431,6 +431,7 @@ func (t *Teler) sendLogs(r *http.Request, k threat.Threat, id string, msg string event.OutputFields.Caller = t.caller event.OutputFields.ID = id event.OutputFields.Threat = cat + event.OutputFields.ListenAddr = listenAddr event.OutputFields.RequestBody = string(body) event.OutputFields.RequestHeaders = string(jsonHeaders) event.OutputFields.RequestIPAddr = ipAddr