Joren/Barracuda_CGFW_Wazuh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change to srcip so the geolocation works

Browse Source
This commit is contained in:
Joren
2025-03-06 10:43:32 +01:00
parent c8b795d9ea
commit 731eeed1c2
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
decoder.xml
View File

@@ -27,13 +27,13 @@
<decoder name="cgfw-firewall-activity-fields"> <decoder name="cgfw-firewall-activity-fields">
<parent>cgfw-firewall-activity</parent> <parent>cgfw-firewall-activity</parent>
<regex type="pcre2">srcIP=([\d\.]+)</regex> <regex type="pcre2">srcIP=([\d\.]+)</regex>
<order>SourceIP</order> <order>srcip</order>
</decoder> </decoder>
<decoder name="cgfw-firewall-activity-fields"> <decoder name="cgfw-firewall-activity-fields">
<parent>cgfw-firewall-activity</parent> <parent>cgfw-firewall-activity</parent>
<regex type="pcre2">srcPort=([\d\s]+)</regex> <regex type="pcre2">srcPort=([\d\s]+)</regex>
<order>SourcePort</order> <order>srcport</order>
</decoder> </decoder>
<decoder name="cgfw-firewall-activity-fields"> <decoder name="cgfw-firewall-activity-fields">
@@ -45,13 +45,13 @@
<decoder name="cgfw-firewall-activity-fields"> <decoder name="cgfw-firewall-activity-fields">
<parent>cgfw-firewall-activity</parent> <parent>cgfw-firewall-activity</parent>
<regex type="pcre2">dstIP=([\d\.]+)</regex> <regex type="pcre2">dstIP=([\d\.]+)</regex>
<order>DestinationIP</order> <order>dstip</order>
</decoder> </decoder>
<decoder name="cgfw-firewall-activity-fields"> <decoder name="cgfw-firewall-activity-fields">
<parent>cgfw-firewall-activity</parent> <parent>cgfw-firewall-activity</parent>
<regex type="pcre2">dstPort=([\w\s]+)</regex> <regex type="pcre2">dstPort=([\w\s]+)</regex>
<order>DestinationPort</order> <order>dstport</order>
</decoder> </decoder>
<decoder name="cgfw-firewall-activity-fields"> <decoder name="cgfw-firewall-activity-fields">