Merge branch 'main' into fix/infoblox_ddi_format

SEKOIA-IO · Dec 11, 2024 · f532a0c · f532a0c
2 parents 9e8bada + 27fe310
commit f532a0c
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 0 deletions.
diff --git a/HarfangLab/harfanglab/_meta/fields.yml b/HarfangLab/harfanglab/_meta/fields.yml
@@ -953,6 +953,11 @@ action.properties.param9:
   name: action.properties.param9
   type: keyword
 
+harfanglab.agent_ids:
+  description: ''
+  name: harfanglab.agent_ids
+  type: keyword
+
 harfanglab.aggregation_key:
   description: The key to the events aggregation
   name: harfanglab.aggregation_key

diff --git a/HarfangLab/harfanglab/ingest/parser.yml b/HarfangLab/harfanglab/ingest/parser.yml
@@ -142,6 +142,10 @@ stages:
           organization.id: "{{json_event.message.tenant}}"
           url.original: "{{json_event.message.details_url_request.url}}"
 
+      - set:
+          harfanglab.agent_ids: "{{json_event.message.agents | map(attribute='agent_id') | list}}"
+        filter: "{{json_event.message.agents | length > 0}}"
+
   network_info:
     actions:
       - set:

diff --git a/HarfangLab/harfanglab/tests/threat_critical.json b/HarfangLab/harfanglab/tests/threat_critical.json
@@ -13,6 +13,9 @@
       "name": "harfanglab"
     },
     "harfanglab": {
+      "agent_ids": [
+        "af5e2f63-becd-4660-ade8-30d04c0dd044"
+      ],
       "count": {
         "rules": 1,
         "users_impacted": 0

diff --git a/HarfangLab/harfanglab/tests/threat_log.json b/HarfangLab/harfanglab/tests/threat_log.json
@@ -13,6 +13,10 @@
       "name": "harfanglab"
     },
     "harfanglab": {
+      "agent_ids": [
+        "215fe295-905f-4a8d-8347-e9d438d4e415",
+        "999ba0c7-96b8-4c57-bf0e-63b24813c873"
+      ],
       "count": {
         "rules": 4,
         "users_impacted": 3