github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/reverse-dns-enrich/base-grok.yaml (about) 1 #filter: "evt.Overflow.Labels.remediation == 'true'" 2 name: tests/rdns 3 description: "Lookup the DNS assiocated to the source IP only for overflows" 4 statics: 5 - method: reverse_dns 6 expression: evt.Enriched.IpToResolve 7 - meta: did_dns_succeeded 8 expression: 'evt.Enriched.reverse_dns == "" ? "no" : "yes"'