Skip to content

Add parser to allow all IPv6 address in a /64 to be combined into one shared bucket #1420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Add parser to allow all IPv6 address in a /64 to be combined into one shared bucket #1420

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
c50407a
Create ipv6_shared_buckets.md
Jgigantino31 Jul 20, 2025
ecde1fe
Create ipv6_shared_buckets.yaml
Jgigantino31 Jul 20, 2025
7cecceb
Update ipv6_shared_buckets.md
Jgigantino31 Jul 20, 2025
ca85c3a
Update ipv6_shared_buckets.md
Jgigantino31 Jul 20, 2025
184c055
Update ipv6_shared_buckets.md
Jgigantino31 Jul 20, 2025
7120c09
Create config.yaml
Jgigantino31 Jul 20, 2025
03a5cff
Create ipv6-parser.log
Jgigantino31 Jul 20, 2025
6db48c2
Create parser.assert
Jgigantino31 Jul 20, 2025
6423012
Create scenario.assert
Jgigantino31 Jul 20, 2025
2f8e28d
Update config.yaml
Jgigantino31 Jul 20, 2025
14343b1
Update scenario.assert
Jgigantino31 Jul 20, 2025
614903e
Update parser.assert
Jgigantino31 Jul 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .tests/ipv6-parser/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
parsers:
- crowdsecurity/nginx-logs
- crowdsecurity/syslog-logs
- crowdsecurity/dateparse-enrich
- ./parsers/s02-enrich/crowdsecurity/ipv6_shared_buckets.yaml
scenarios:
- crowdsecurity/http-bad-user-agent
postoverflows:
- crowdsecurity/ipv6_to_range
log_file: ipv6-parser.log
log_type: nginx
labels: {}
ignore_parsers: false
override_statics: []
2 changes: 2 additions & 0 deletions .tests/ipv6-parser/ipv6-parser.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] "HEAD / HTTP/1.1" 200 0 "-" "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] "GET / HTTP/1.1" 200 10918 "-" "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
170 changes: 170 additions & 0 deletions .tests/ipv6-parser/parser.assert
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
len(results) == 5
len(results["s00-enrich"]["crowdsecurity/ipv6_to_range"]) == 1
results["s00-enrich"]["crowdsecurity/ipv6_to_range"][0].Success == true
results["s00-enrich"]["crowdsecurity/ipv6_to_range"][0].Evt.Whitelisted == false
len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 2
results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"HEAD / HTTP/1.1\" 200 0 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)\""
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "nginx"
basename(results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"GET / HTTP/1.1\" 200 10918 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)\""
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "nginx"
basename(results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 2
results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
len(results["s01-parse"]["crowdsecurity/nginx-logs"]) == 2
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Success == true
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["body_bytes_sent"] == "0"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_referer"] == "-"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_version"] == "1.1"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"HEAD / HTTP/1.1\" 200 0 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)\""
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["program"] == "nginx"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_addr"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_user"] == "-"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["request"] == "/"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["status"] == "200"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["time_local"] == "29/Sep/2021:14:11:34 +0200"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["verb"] == "HEAD"
basename(results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_type"] == "file"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_path"] == "/"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_status"] == "200"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_verb"] == "HEAD"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["log_type"] == "http_access-log"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["service"] == "http"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["source_ip"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Whitelisted == false
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Success == true
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["body_bytes_sent"] == "10918"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_referer"] == "-"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_version"] == "1.1"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"GET / HTTP/1.1\" 200 10918 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)\""
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["program"] == "nginx"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_addr"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_user"] == "-"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["request"] == "/"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["status"] == "200"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["time_local"] == "29/Sep/2021:14:11:34 +0200"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["verb"] == "GET"
basename(results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_type"] == "file"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_path"] == "/"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_status"] == "200"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_verb"] == "GET"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["log_type"] == "http_access-log"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["service"] == "http"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["source_ip"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Whitelisted == false
len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 2
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "0"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_referer"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_version"] == "1.1"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"HEAD / HTTP/1.1\" 200 0 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)\""
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "nginx"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_addr"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_user"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["request"] == "/"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["status"] == "200"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_local"] == "29/Sep/2021:14:11:34 +0200"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["verb"] == "HEAD"
basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_path"] == "/"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "200"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_verb"] == "HEAD"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "http_access-log"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "10918"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_referer"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_version"] == "1.1"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"GET / HTTP/1.1\" 200 10918 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)\""
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "nginx"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_addr"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_user"] == "-"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["request"] == "/"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["status"] == "200"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time_local"] == "29/Sep/2021:14:11:34 +0200"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["verb"] == "GET"
basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_path"] == "/"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_status"] == "200"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_verb"] == "GET"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "http_access-log"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "http"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
len(results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"]) == 2
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Success == true
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["body_bytes_sent"] == "0"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["http_referer"] == "-"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["http_version"] == "1.1"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"HEAD / HTTP/1.1\" 200 0 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)\""
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["program"] == "nginx"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["remote_addr"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["remote_user"] == "-"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["request"] == "/"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["status"] == "200"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["time_local"] == "29/Sep/2021:14:11:34 +0200"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Parsed["verb"] == "HEAD"
basename(results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["datasource_type"] == "file"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["http_path"] == "/"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["http_status"] == "200"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:Port Check)"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["http_verb"] == "HEAD"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["log_type"] == "http_access-log"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["service"] == "http"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["source_ip"] == "2001:db8:85a3::"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Meta["timestamp"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Enriched["MarshaledTime"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][0].Evt.Whitelisted == false
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Success == true
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["body_bytes_sent"] == "10918"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["http_referer"] == "-"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["http_version"] == "1.1"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["message"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334 - - [29/Sep/2021:14:11:34 +0200] \"GET / HTTP/1.1\" 200 10918 \"-\" \"Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)\""
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["program"] == "nginx"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["remote_addr"] == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["remote_user"] == "-"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["request"] == "/"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["status"] == "200"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["time_local"] == "29/Sep/2021:14:11:34 +0200"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Parsed["verb"] == "GET"
basename(results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["datasource_path"]) == "ipv6-parser.log"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["datasource_type"] == "file"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["http_path"] == "/"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["http_status"] == "200"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:getinfo)"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["http_verb"] == "GET"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["log_type"] == "http_access-log"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["service"] == "http"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["source_ip"] == "2001:db8:85a3::"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Meta["timestamp"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Enriched["MarshaledTime"] == "2021-09-29T14:11:34+02:00"
results["s02-enrich"]["crowdsecurity/ipv6_shared_buckets"][1].Evt.Whitelisted == false
len(results["success"][""]) == 0
Loading