github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/geoip-enrich/base-grok.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/geoip-enrich/base-grok.yaml (about)

     1  filter: "'source_ip' in evt.Meta"
     2  name: tests/geoip-enrich
     3  debug: true
     4  description: "Populate event with geoloc info : as, country, coords, source range."
     5  statics:
     6    - method: GeoIpCity
     7      expression: evt.Meta.source_ip
     8    - meta: IsoCode
     9      expression: evt.Enriched.IsoCode
    10    - meta: IsInEU
    11      expression: evt.Enriched.IsInEU
    12    - meta: GeoCoords
    13      expression: evt.Enriched.GeoCoords
    14    - method: GeoIpASN
    15      expression: evt.Meta.source_ip
    16    - meta: ASNNumber
    17      expression: evt.Enriched.ASNNumber
    18    - meta: ASNOrg
    19      expression: evt.Enriched.ASNOrg
    20    - method: IpToRange
    21      expression: evt.Meta.source_ip
    22    - meta: SourceRange
    23      expression: evt.Enriched.SourceRange