add alert context for appsec/waf (#1164)

* add alert context for appsec/waf Co-authored-by: GitHub Action <[email protected]>
crowdsecurity · Nov 18, 2024 · 6315d04 · 6315d04
1 parent 10fb69b
commit 6315d04
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/.index.json b/.index.json
@@ -6229,7 +6229,7 @@
  "contexts": {
   "crowdsecurity/appsec_base": {
    "path": "contexts/crowdsecurity/appsec_base.yaml",
-   "version": "0.2",
+   "version": "0.4",
    "versions": {
     "0.1": {
      "digest": "df177378b9b01c6c8b67ff5085eda9325c67b337e31d60c4ea95f743783a5e24",
@@ -6238,9 +6238,17 @@
     "0.2": {
      "digest": "c6df9994a6e82165afa99df96993af81e12d6740e57a8955b96a0bc0a428e2aa",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "0d7cb4a7b264644894ea555ddba401c780152b72ef62e7cd99610114cfa0fd3b",
+     "deprecated": false
+    },
+    "0.4": {
+     "digest": "9523c172a9aebbb4422d9cd39eb4ad89221053e522223f7c65ba0bf92f8fa8ff",
+     "deprecated": false
     }
    },
-   "content": "Y29udGV4dDoKICBydWxlczoKICAgIC0gZXZ0Lk1ldGEucnVsZV9uYW1lCiAgdGFyZ2V0X3VyaToKICAgIC0gZXZ0Lk1ldGEudGFyZ2V0X3VyaQo=",
+   "content": "Y29udGV4dDoKICBydWxlczoKICAgIC0gZXZ0Lk1ldGEucnVsZV9uYW1lCiAgdGFyZ2V0X3VyaToKICAgIC0gZXZ0Lk1ldGEudGFyZ2V0X3VyaQogICAgLSBtYXRjaC51cmkKICBpZDoKICAgLSBtYXRjaC5pZAogIG5hbWU6CiAgIC0gbWF0Y2gubmFtZQogIG1ldGhvZDoKICAgLSBtYXRjaC5tZXRob2QKICBtYXRjaGVkX3pvbmVzOgogICAtIG1hdGNoLm1hdGNoZWRfem9uZXMKICBtc2c6CiAgIC0gbWF0Y2gubXNnCg==",
    "author": "crowdsecurity",
    "labels": null
   },

diff --git a/contexts/crowdsecurity/appsec_base.yaml b/contexts/crowdsecurity/appsec_base.yaml
@@ -3,3 +3,14 @@ context:
     - evt.Meta.rule_name
   target_uri:
     - evt.Meta.target_uri
+    - match.uri
+  id:
+   - match.id
+  name:
+   - match.name
+  method:
+   - match.method
+  matched_zones:
+   - match.matched_zones
+  msg:
+   - match.msg