bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/tests/geoip-enrich/base-grok.yaml

bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/tests/geoip-enrich/base-grok.yaml (about)

     1  filter: "'source_ip' in evt.Meta"
     2  name: tests/geoip-enrich
     3  description: "Populate event with geoloc info : as, country, coords, source range."
     4  statics:
     5    - method: GeoIpCity
     6      expression: evt.Meta.source_ip
     7    - meta: IsoCode
     8      expression: evt.Enriched.IsoCode
     9    - meta: IsInEU
    10      expression: evt.Enriched.IsInEU
    11    - meta: GeoCoords
    12      expression: evt.Enriched.GeoCoords
    13    - method: GeoIpASN
    14      expression: evt.Meta.source_ip
    15    - meta: ASNNumber
    16      expression: evt.Enriched.ASNNumber
    17    - meta: ASNOrg
    18      expression: evt.Enriched.ASNOrg
    19    - method: IpToRange
    20      expression: evt.Meta.source_ip
    21    - meta: SourceRange
    22      expression: evt.Enriched.SourceRange