From c485a6dc5788c7c17e0d3df5a06470f9e39398f3 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 20:55:41 -0400 Subject: [PATCH 01/21] Create calibre-web.yaml --- collections/Jgigantino31/calibre-web.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 collections/Jgigantino31/calibre-web.yaml diff --git a/collections/Jgigantino31/calibre-web.yaml b/collections/Jgigantino31/calibre-web.yaml new file mode 100644 index 00000000000..8f029d96f7f --- /dev/null +++ b/collections/Jgigantino31/calibre-web.yaml @@ -0,0 +1,12 @@ +parsers: + - Jgigantino31/calibre-web-logs + - crowdsecurity/calibre-web-whitelist +scenarios: + - Jgigantino31/calibre-web-bf +description: "Calibre-Web Support : parser and brute-force detection" +author: Jgigantino31 +tags: + - linux + - brute-force + - calibre-web + - calibre-web-automated From 1767ae3f24f2e7a7fe0f867b7b4125974efacba1 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 20:59:58 -0400 Subject: [PATCH 02/21] Create calibre-web.md --- collections/Jgigantino31/calibre-web.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 collections/Jgigantino31/calibre-web.md diff --git a/collections/Jgigantino31/calibre-web.md b/collections/Jgigantino31/calibre-web.md new file mode 100644 index 00000000000..74cebf67a33 --- /dev/null +++ b/collections/Jgigantino31/calibre-web.md @@ -0,0 +1,18 @@ +A collection to defend [Calibre-Web](https://github.com/janeczku/calibre-web) instance against common attacks : + - Calibre-Web parser + - Calibre-Web bruteforce detection + +This collection also works when using the extension of Calibre-Web known as [Calibre-Web-Automated](https://github.com/crocodilestick/Calibre-Web-Automated). + +## Acquisition template + +Example acquisition for this collection : + +If using LOG_FILE environment variable: +```yaml +--- +filenames: + - /var/log/calibre-web/calibre-web.log +labels: + type: calibre-web +``` From da547949f26056f9a07b2c4a102cb0c9197e169f Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:03:22 -0400 Subject: [PATCH 03/21] Create calibre-web-logs.md --- parsers/s01-parse/Jgigantino31/calibre-web-logs.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 parsers/s01-parse/Jgigantino31/calibre-web-logs.md diff --git a/parsers/s01-parse/Jgigantino31/calibre-web-logs.md b/parsers/s01-parse/Jgigantino31/calibre-web-logs.md new file mode 100644 index 00000000000..6dfa9a26319 --- /dev/null +++ b/parsers/s01-parse/Jgigantino31/calibre-web-logs.md @@ -0,0 +1,9 @@ +Parser for [Calibre-Web](https://github.com/janeczku/calibre-web) Logs. + +```yaml +--- +filenames: + - /var/log/calibre-web/calibre-web.log +labels: + type: calibre-web +``` From 29c00e5301fdf5f707d187e328992bab301fe52d Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:06:27 -0400 Subject: [PATCH 04/21] Create calibre-web-logs.yaml --- .../Jgigantino31/calibre-web-logs.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 parsers/s01-parse/Jgigantino31/calibre-web-logs.yaml diff --git a/parsers/s01-parse/Jgigantino31/calibre-web-logs.yaml b/parsers/s01-parse/Jgigantino31/calibre-web-logs.yaml new file mode 100644 index 00000000000..acda965ff8d --- /dev/null +++ b/parsers/s01-parse/Jgigantino31/calibre-web-logs.yaml @@ -0,0 +1,24 @@ +onsuccess: next_stage +#debug: false +name: Jgigantino31/calibre-web-logs +description: "Parse calibre-web logs" +filter: "evt.Parsed.program == 'calibre-web'" +pattern_syntax: + CALIBREWEB_CUSTOMDATE: "%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}" +nodes: + - grok: + pattern: '(\[%{CALIBREWEB_CUSTOMDATE:timestamp}.*\])?.*Login failed for user "%{HTTPDUSER:username}" IP-address: %{IP:source_ip}' + apply_on: message + statics: + - meta: log_type + value: calibre-web_failed_auth + +statics: + - meta: service + value: calibre-web + - meta: user + expression: "evt.Parsed.username" + - meta: source_ip + expression: "evt.Parsed.source_ip" + - target: evt.StrTime + expression: evt.Parsed.timestamp From 369ba10d2553758158d2945b9bf4a90ed778747b Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:10:45 -0400 Subject: [PATCH 05/21] Create calibre-web-whitelist.yaml --- .../s02-enrich/crowdsecurity/calibre-web-whitelist.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.yaml diff --git a/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.yaml b/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.yaml new file mode 100644 index 00000000000..f1052bfd7dc --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.yaml @@ -0,0 +1,7 @@ +name: crowdsecurity/calibre-web-whitelist +description: "Whitelist events from calibre-web" +filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']" +whitelist: + reason: "Calibre-Web whitelist" + expression: + - evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path matches '^\\/cover\\/(\\d+)\\/md\\?c=(\\d+)$' # When loading book covers From cc9b36eaf54de9d539f88c31cb6aec972269168a Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:16:56 -0400 Subject: [PATCH 06/21] Create calibre-web-whitelist.md --- parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md diff --git a/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md b/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md new file mode 100644 index 00000000000..08f97ba83bd --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md @@ -0,0 +1,4 @@ +## Calibre-Web Whitelist + +### Loading Book Covers +When loading the homepage of an Calibre-Web instance, requests for all book covers shown on the homepage are made (``/cover//md?c=``). Since the book covers have no extension, they are not considered static files and will trigger http-crawl-non_statics if this whitelist is not used once there are more than ~40 books shown on the homepage. From 2141f138f8b9167cf6bd17d7d8cda14a840d492b Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:17:11 -0400 Subject: [PATCH 07/21] Update calibre-web-whitelist.md --- parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md b/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md index 08f97ba83bd..159795ef1b8 100644 --- a/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md +++ b/parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.md @@ -1,4 +1,4 @@ ## Calibre-Web Whitelist ### Loading Book Covers -When loading the homepage of an Calibre-Web instance, requests for all book covers shown on the homepage are made (``/cover//md?c=``). Since the book covers have no extension, they are not considered static files and will trigger http-crawl-non_statics if this whitelist is not used once there are more than ~40 books shown on the homepage. +When loading the homepage of a Calibre-Web instance, requests for all book covers shown on the homepage are made (``/cover//md?c=``). Since the book covers have no extension, they are not considered static files and will trigger http-crawl-non_statics if this whitelist is not used once there are more than ~40 books shown on the homepage. From 1dc4fdd7d3943f10735566857dd0e1e1988e83e1 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:22:57 -0400 Subject: [PATCH 08/21] Create calibre-web-bf.yaml --- scenarios/Jgigantino31/calibre-web-bf.yaml | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 scenarios/Jgigantino31/calibre-web-bf.yaml diff --git a/scenarios/Jgigantino31/calibre-web-bf.yaml b/scenarios/Jgigantino31/calibre-web-bf.yaml new file mode 100644 index 00000000000..7cfa66adead --- /dev/null +++ b/scenarios/Jgigantino31/calibre-web-bf.yaml @@ -0,0 +1,40 @@ +# calibre-web BF scan +name: Jgigantino31/calibre-web-bf +description: "Detect calibre-web bruteforce" +filter: "evt.Meta.log_type == 'calibre-web_failed_auth'" +#debug: true +type: leaky +groupby: evt.Meta.source_ip +leakspeed: 20s +capacity: 5 +blackhole: 1m +labels: + service: calibre-web + behavior: "http:bruteforce" + spoofable: 0 + confidence: 3 + classification: + - attack.T1110 + label: "Calibre-Web Bruteforce" + remediation: true +--- +# calibre-web user-enum +type: leaky +name: Jgigantino31/calibre-web-bf_user-enum +description: "Detect calibre-web user enum bruteforce" +filter: "evt.Meta.log_type == 'calibre-web_failed_auth'" +groupby: evt.Meta.source_ip +distinct: evt.Meta.user +leakspeed: 1m +capacity: 5 +blackhole: 1m +labels: + service: calibre-web + behavior: "http:bruteforce" + spoofable: 0 + confidence: 3 + classification: + - attack.T1589 + - attack.T1110 + label: "Calibre-Web User Enumeration" + remediation: true From d755b51f3a7ccbf8a956f6eb15dff727273d7209 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:23:29 -0400 Subject: [PATCH 09/21] Create calibre-web-bf.md --- scenarios/Jgigantino31/calibre-web-bf.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 scenarios/Jgigantino31/calibre-web-bf.md diff --git a/scenarios/Jgigantino31/calibre-web-bf.md b/scenarios/Jgigantino31/calibre-web-bf.md new file mode 100644 index 00000000000..8809f1dc0f5 --- /dev/null +++ b/scenarios/Jgigantino31/calibre-web-bf.md @@ -0,0 +1,4 @@ +Detect failed calibre-web authentications: + + - leakspeed of 20s, capacity of 5 on same target user + - leakspeed of 1m, capacity of 5 unique distinct users From 03bb4f975bc05faf62cfb41282f4217f74d650bb Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:29:55 -0400 Subject: [PATCH 10/21] Create config.yaml --- .tests/calibre-web-bf/config.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .tests/calibre-web-bf/config.yaml diff --git a/.tests/calibre-web-bf/config.yaml b/.tests/calibre-web-bf/config.yaml new file mode 100644 index 00000000000..b6a95566755 --- /dev/null +++ b/.tests/calibre-web-bf/config.yaml @@ -0,0 +1,13 @@ +parsers: +- crowdsecurity/syslog-logs +- crowdsecurity/dateparse-enrich +- ./parsers/s01-parse/Jgigantino31/calibre-web-logs.yaml +scenarios: +- ./scenarios/Jgigantino31/calibre-web-bf.yaml +postoverflows: +- "" +log_file: calibre-web-bf.log +log_type: calibre-web +labels: {} +ignore_parsers: true +override_statics: [] From 3a44bc4f2561525de1515bbf7c4ca13330ebcc84 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:31:46 -0400 Subject: [PATCH 11/21] Create calibre-web-bf.log --- .tests/calibre-web-bf/calibre-web-bf.log | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .tests/calibre-web-bf/calibre-web-bf.log diff --git a/.tests/calibre-web-bf/calibre-web-bf.log b/.tests/calibre-web-bf/calibre-web-bf.log new file mode 100644 index 00000000000..d31ddd7cc63 --- /dev/null +++ b/.tests/calibre-web-bf/calibre-web-bf.log @@ -0,0 +1,6 @@ +[2025-07-17 13:17:11,562] WARN {cps.web:1475} Login failed for user "test4@example.org" IP-address: 127.0.0.1 +[2025-07-17 13:17:13,861] WARN {cps.web:1475} Login failed for user "test5" IP-address: 127.0.0.1 +[2025-07-17 13:17:16,148] WARN {cps.web:1475} Login failed for user "test6" IP-address: 127.0.0.1 +[2025-07-17 13:17:20,401] WARN {cps.web:1475} Login failed for user "test7@example.net" IP-address: 127.0.0.1 +[2025-07-17 13:17:23,493] WARN {cps.web:1475} Login failed for user "test8" IP-address: 127.0.0.1 +[2025-07-17 13:17:26,291] WARN {cps.web:1475} Login failed for user "test9" IP-address: 127.0.0.1 From 79951d0ac0fe174e0bbd85779718ceb74633b661 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:32:05 -0400 Subject: [PATCH 12/21] Create parser.assert --- .tests/calibre-web-bf/parser.assert | 1 + 1 file changed, 1 insertion(+) create mode 100644 .tests/calibre-web-bf/parser.assert diff --git a/.tests/calibre-web-bf/parser.assert b/.tests/calibre-web-bf/parser.assert new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/.tests/calibre-web-bf/parser.assert @@ -0,0 +1 @@ + From f6439899769c516d68691e223ddb7d6fc06a79d4 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:35:02 -0400 Subject: [PATCH 13/21] Create scenario.assert --- .tests/calibre-web-bf/scenario.assert | 101 ++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 .tests/calibre-web-bf/scenario.assert diff --git a/.tests/calibre-web-bf/scenario.assert b/.tests/calibre-web-bf/scenario.assert new file mode 100644 index 00000000000..60d645c7877 --- /dev/null +++ b/.tests/calibre-web-bf/scenario.assert @@ -0,0 +1,101 @@ +len(results) == 2 +"127.0.0.1" in results[0].Overflow.GetSources() +results[0].Overflow.Sources["127.0.0.1"].IP == "127.0.0.1" +results[0].Overflow.Sources["127.0.0.1"].Range == "" +results[0].Overflow.Sources["127.0.0.1"].GetScope() == "Ip" +results[0].Overflow.Sources["127.0.0.1"].GetValue() == "127.0.0.1" +basename(results[0].Overflow.Alert.Events[0].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "calibre-web_failed_auth" +results[0].Overflow.Alert.Events[0].GetMeta("service") == "calibre-web" +results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "127.0.0.1" +results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2025-07-17T13:17:11.562Z" +results[0].Overflow.Alert.Events[0].GetMeta("user") == "test4@example.org" +basename(results[0].Overflow.Alert.Events[1].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "calibre-web_failed_auth" +results[0].Overflow.Alert.Events[1].GetMeta("service") == "calibre-web" +results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "127.0.0.1" +results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2025-07-17T13:17:13.861Z" +results[0].Overflow.Alert.Events[1].GetMeta("user") == "test5" +basename(results[0].Overflow.Alert.Events[2].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "calibre-web_failed_auth" +results[0].Overflow.Alert.Events[2].GetMeta("service") == "calibre-web" +results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "127.0.0.1" +results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2025-07-17T13:17:16.148Z" +results[0].Overflow.Alert.Events[2].GetMeta("user") == "test6" +basename(results[0].Overflow.Alert.Events[3].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "calibre-web_failed_auth" +results[0].Overflow.Alert.Events[3].GetMeta("service") == "calibre-web" +results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "127.0.0.1" +results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2025-07-17T13:17:20.401Z" +results[0].Overflow.Alert.Events[3].GetMeta("user") == "test7@example.net" +basename(results[0].Overflow.Alert.Events[4].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "calibre-web_failed_auth" +results[0].Overflow.Alert.Events[4].GetMeta("service") == "calibre-web" +results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "127.0.0.1" +results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2025-07-17T13:17:23.493Z" +results[0].Overflow.Alert.Events[4].GetMeta("user") == "test8" +basename(results[0].Overflow.Alert.Events[5].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "calibre-web_failed_auth" +results[0].Overflow.Alert.Events[5].GetMeta("service") == "calibre-web" +results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "127.0.0.1" +results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2025-07-17T13:17:26.291Z" +results[0].Overflow.Alert.Events[5].GetMeta("user") == "test9" +results[0].Overflow.Alert.GetScenario() == "Jgigantino31/calibre-web-bf_user-enum" +results[0].Overflow.Alert.Remediation == true +results[0].Overflow.Alert.GetEventsCount() == 6 +"127.0.0.1" in results[1].Overflow.GetSources() +results[1].Overflow.Sources["127.0.0.1"].IP == "127.0.0.1" +results[1].Overflow.Sources["127.0.0.1"].Range == "" +results[1].Overflow.Sources["127.0.0.1"].GetScope() == "Ip" +results[1].Overflow.Sources["127.0.0.1"].GetValue() == "127.0.0.1" +basename(results[1].Overflow.Alert.Events[0].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[1].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[0].GetMeta("log_type") == "calibre-web_failed_auth" +results[1].Overflow.Alert.Events[0].GetMeta("service") == "calibre-web" +results[1].Overflow.Alert.Events[0].GetMeta("source_ip") == "127.0.0.1" +results[1].Overflow.Alert.Events[0].GetMeta("timestamp") == "2025-07-17T13:17:11.562Z" +results[1].Overflow.Alert.Events[0].GetMeta("user") == "test4@example.org" +basename(results[1].Overflow.Alert.Events[1].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[1].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[1].GetMeta("log_type") == "calibre-web_failed_auth" +results[1].Overflow.Alert.Events[1].GetMeta("service") == "calibre-web" +results[1].Overflow.Alert.Events[1].GetMeta("source_ip") == "127.0.0.1" +results[1].Overflow.Alert.Events[1].GetMeta("timestamp") == "2025-07-17T13:17:13.861Z" +results[1].Overflow.Alert.Events[1].GetMeta("user") == "test5" +basename(results[1].Overflow.Alert.Events[2].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[1].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[2].GetMeta("log_type") == "calibre-web_failed_auth" +results[1].Overflow.Alert.Events[2].GetMeta("service") == "calibre-web" +results[1].Overflow.Alert.Events[2].GetMeta("source_ip") == "127.0.0.1" +results[1].Overflow.Alert.Events[2].GetMeta("timestamp") == "2025-07-17T13:17:16.148Z" +results[1].Overflow.Alert.Events[2].GetMeta("user") == "test6" +basename(results[1].Overflow.Alert.Events[3].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[1].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[3].GetMeta("log_type") == "calibre-web_failed_auth" +results[1].Overflow.Alert.Events[3].GetMeta("service") == "calibre-web" +results[1].Overflow.Alert.Events[3].GetMeta("source_ip") == "127.0.0.1" +results[1].Overflow.Alert.Events[3].GetMeta("timestamp") == "2025-07-17T13:17:20.401Z" +results[1].Overflow.Alert.Events[3].GetMeta("user") == "test7@example.net" +basename(results[1].Overflow.Alert.Events[4].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[1].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[4].GetMeta("log_type") == "calibre-web_failed_auth" +results[1].Overflow.Alert.Events[4].GetMeta("service") == "calibre-web" +results[1].Overflow.Alert.Events[4].GetMeta("source_ip") == "127.0.0.1" +results[1].Overflow.Alert.Events[4].GetMeta("timestamp") == "2025-07-17T13:17:23.493Z" +results[1].Overflow.Alert.Events[4].GetMeta("user") == "test8" +basename(results[1].Overflow.Alert.Events[5].GetMeta("datasource_path")) == "calibre-web-bf.log" +results[1].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[5].GetMeta("log_type") == "calibre-web_failed_auth" +results[1].Overflow.Alert.Events[5].GetMeta("service") == "calibre-web" +results[1].Overflow.Alert.Events[5].GetMeta("source_ip") == "127.0.0.1" +results[1].Overflow.Alert.Events[5].GetMeta("timestamp") == "2025-07-17T13:17:26.291Z" +results[1].Overflow.Alert.Events[5].GetMeta("user") == "test9" +results[1].Overflow.Alert.GetScenario() == "Jgigantino31/calibre-web-bf" +results[1].Overflow.Alert.Remediation == true +results[1].Overflow.Alert.GetEventsCount() == 6 From a96fe43fae826b7817e685a172c79a2adaeb3e5f Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:36:13 -0400 Subject: [PATCH 14/21] Create config.yaml --- .tests/calibre-web-logs/config.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .tests/calibre-web-logs/config.yaml diff --git a/.tests/calibre-web-logs/config.yaml b/.tests/calibre-web-logs/config.yaml new file mode 100644 index 00000000000..0cf939096e0 --- /dev/null +++ b/.tests/calibre-web-logs/config.yaml @@ -0,0 +1,13 @@ +parsers: +- crowdsecurity/syslog-logs +- crowdsecurity/dateparse-enrich +- ./parsers/s01-parse/Jgigantino31/calibre-web-logs.yaml +scenarios: +- "" +postoverflows: +- "" +log_file: calibre-web-logs.log +log_type: calibre-web +labels: {} +ignore_parsers: false +override_statics: [] From f7cf1e8d064512a1fd9607e97f6f9c1b93d82afa Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:37:48 -0400 Subject: [PATCH 15/21] Create calibre-web-logs.log --- .tests/calibre-web-logs/calibre-web-logs.log | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .tests/calibre-web-logs/calibre-web-logs.log diff --git a/.tests/calibre-web-logs/calibre-web-logs.log b/.tests/calibre-web-logs/calibre-web-logs.log new file mode 100644 index 00000000000..d31ddd7cc63 --- /dev/null +++ b/.tests/calibre-web-logs/calibre-web-logs.log @@ -0,0 +1,6 @@ +[2025-07-17 13:17:11,562] WARN {cps.web:1475} Login failed for user "test4@example.org" IP-address: 127.0.0.1 +[2025-07-17 13:17:13,861] WARN {cps.web:1475} Login failed for user "test5" IP-address: 127.0.0.1 +[2025-07-17 13:17:16,148] WARN {cps.web:1475} Login failed for user "test6" IP-address: 127.0.0.1 +[2025-07-17 13:17:20,401] WARN {cps.web:1475} Login failed for user "test7@example.net" IP-address: 127.0.0.1 +[2025-07-17 13:17:23,493] WARN {cps.web:1475} Login failed for user "test8" IP-address: 127.0.0.1 +[2025-07-17 13:17:26,291] WARN {cps.web:1475} Login failed for user "test9" IP-address: 127.0.0.1 From 0d3b66a60cc45bd2e4f67db1ae198534bae018f7 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:38:06 -0400 Subject: [PATCH 16/21] Create scenario.assert --- .tests/calibre-web-logs/scenario.assert | 1 + 1 file changed, 1 insertion(+) create mode 100644 .tests/calibre-web-logs/scenario.assert diff --git a/.tests/calibre-web-logs/scenario.assert b/.tests/calibre-web-logs/scenario.assert new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/.tests/calibre-web-logs/scenario.assert @@ -0,0 +1 @@ + From 0a226614863a79e72c88505013ff8f321fa1dc15 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:41:00 -0400 Subject: [PATCH 17/21] Create parser.assert --- .tests/calibre-web-logs/parser.assert | 216 ++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 .tests/calibre-web-logs/parser.assert diff --git a/.tests/calibre-web-logs/parser.assert b/.tests/calibre-web-logs/parser.assert new file mode 100644 index 00000000000..44958474980 --- /dev/null +++ b/.tests/calibre-web-logs/parser.assert @@ -0,0 +1,216 @@ +len(results) == 4 +len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 6 +results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "[2025-07-17 13:17:11,562] WARN {cps.web:1475} Login failed for user \"test4@example.org\" IP-address: 127.0.0.1" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "calibre-web" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "[2025-07-17 13:17:13,861] WARN {cps.web:1475} Login failed for user \"test5\" IP-address: 127.0.0.1" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "calibre-web" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "[2025-07-17 13:17:16,148] WARN {cps.web:1475} Login failed for user \"test6\" IP-address: 127.0.0.1" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "calibre-web" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "[2025-07-17 13:17:20,401] WARN {cps.web:1475} Login failed for user \"test7@example.net\" IP-address: 127.0.0.1" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "calibre-web" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "[2025-07-17 13:17:23,493] WARN {cps.web:1475} Login failed for user \"test8\" IP-address: 127.0.0.1" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "calibre-web" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "[2025-07-17 13:17:26,291] WARN {cps.web:1475} Login failed for user \"test9\" IP-address: 127.0.0.1" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "calibre-web" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false +len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 6 +results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false +len(results["s01-parse"]["Jgigantino31/calibre-web-logs"]) == 6 +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Success == true +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Parsed["message"] == "[2025-07-17 13:17:11,562] WARN {cps.web:1475} Login failed for user \"test4@example.org\" IP-address: 127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Parsed["program"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Parsed["timestamp"] == "2025-07-17 13:17:11,562" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Parsed["username"] == "test4@example.org" +basename(results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Meta["service"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Meta["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Meta["user"] == "test4@example.org" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][0].Evt.Whitelisted == false +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Success == true +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Parsed["message"] == "[2025-07-17 13:17:13,861] WARN {cps.web:1475} Login failed for user \"test5\" IP-address: 127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Parsed["program"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Parsed["timestamp"] == "2025-07-17 13:17:13,861" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Parsed["username"] == "test5" +basename(results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Meta["service"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Meta["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Meta["user"] == "test5" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][1].Evt.Whitelisted == false +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Success == true +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Parsed["message"] == "[2025-07-17 13:17:16,148] WARN {cps.web:1475} Login failed for user \"test6\" IP-address: 127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Parsed["program"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Parsed["timestamp"] == "2025-07-17 13:17:16,148" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Parsed["username"] == "test6" +basename(results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Meta["service"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Meta["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Meta["user"] == "test6" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][2].Evt.Whitelisted == false +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Success == true +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Parsed["message"] == "[2025-07-17 13:17:20,401] WARN {cps.web:1475} Login failed for user \"test7@example.net\" IP-address: 127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Parsed["program"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Parsed["timestamp"] == "2025-07-17 13:17:20,401" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Parsed["username"] == "test7@example.net" +basename(results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Meta["service"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Meta["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Meta["user"] == "test7@example.net" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][3].Evt.Whitelisted == false +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Success == true +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Parsed["message"] == "[2025-07-17 13:17:23,493] WARN {cps.web:1475} Login failed for user \"test8\" IP-address: 127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Parsed["program"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Parsed["timestamp"] == "2025-07-17 13:17:23,493" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Parsed["username"] == "test8" +basename(results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Meta["service"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Meta["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Meta["user"] == "test8" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][4].Evt.Whitelisted == false +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Success == true +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Parsed["message"] == "[2025-07-17 13:17:26,291] WARN {cps.web:1475} Login failed for user \"test9\" IP-address: 127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Parsed["program"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Parsed["timestamp"] == "2025-07-17 13:17:26,291" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Parsed["username"] == "test9" +basename(results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Meta["service"] == "calibre-web" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Meta["source_ip"] == "127.0.0.1" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Meta["user"] == "test9" +results["s01-parse"]["Jgigantino31/calibre-web-logs"][5].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 6 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "[2025-07-17 13:17:11,562] WARN {cps.web:1475} Login failed for user \"test4@example.org\" IP-address: 127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["timestamp"] == "2025-07-17 13:17:11,562" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["username"] == "test4@example.org" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2025-07-17T13:17:11.562Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["user"] == "test4@example.org" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2025-07-17T13:17:11.562Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "[2025-07-17 13:17:13,861] WARN {cps.web:1475} Login failed for user \"test5\" IP-address: 127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["timestamp"] == "2025-07-17 13:17:13,861" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["username"] == "test5" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2025-07-17T13:17:13.861Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["user"] == "test5" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2025-07-17T13:17:13.861Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "[2025-07-17 13:17:16,148] WARN {cps.web:1475} Login failed for user \"test6\" IP-address: 127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["timestamp"] == "2025-07-17 13:17:16,148" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["username"] == "test6" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2025-07-17T13:17:16.148Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["user"] == "test6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2025-07-17T13:17:16.148Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "[2025-07-17 13:17:20,401] WARN {cps.web:1475} Login failed for user \"test7@example.net\" IP-address: 127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["timestamp"] == "2025-07-17 13:17:20,401" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["username"] == "test7@example.net" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2025-07-17T13:17:20.401Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["user"] == "test7@example.net" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2025-07-17T13:17:20.401Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "[2025-07-17 13:17:23,493] WARN {cps.web:1475} Login failed for user \"test8\" IP-address: 127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["timestamp"] == "2025-07-17 13:17:23,493" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["username"] == "test8" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2025-07-17T13:17:23.493Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["user"] == "test8" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2025-07-17T13:17:23.493Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "[2025-07-17 13:17:26,291] WARN {cps.web:1475} Login failed for user \"test9\" IP-address: 127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["timestamp"] == "2025-07-17 13:17:26,291" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["username"] == "test9" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "calibre-web_failed_auth" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "calibre-web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "127.0.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2025-07-17T13:17:26.291Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["user"] == "test9" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2025-07-17T13:17:26.291Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false +len(results["success"][""]) == 0 From 510c10c002f54ee9023dfdc242bd99d2c7341e88 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:42:03 -0400 Subject: [PATCH 18/21] Create config.yaml --- .tests/calibre-web-whitelist/config.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .tests/calibre-web-whitelist/config.yaml diff --git a/.tests/calibre-web-whitelist/config.yaml b/.tests/calibre-web-whitelist/config.yaml new file mode 100644 index 00000000000..423c7c73396 --- /dev/null +++ b/.tests/calibre-web-whitelist/config.yaml @@ -0,0 +1,14 @@ +parsers: +- crowdsecurity/syslog-logs +- crowdsecurity/dateparse-enrich +- crowdsecurity/nginx-logs +- ./parsers/s02-enrich/crowdsecurity/calibre-web-whitelist.yaml +scenarios: +- "" +postoverflows: +- "" +log_file: calibre-web-logs.log +log_type: nginx +labels: {} +ignore_parsers: false +override_statics: [] From 00fe3c403930eb83689df09160122214c0cb013a Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:45:06 -0400 Subject: [PATCH 19/21] Create calibre-web-logs.log --- .../calibre-web-whitelist/calibre-web-logs.log | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .tests/calibre-web-whitelist/calibre-web-logs.log diff --git a/.tests/calibre-web-whitelist/calibre-web-logs.log b/.tests/calibre-web-whitelist/calibre-web-logs.log new file mode 100644 index 00000000000..ca522984319 --- /dev/null +++ b/.tests/calibre-web-whitelist/calibre-web-logs.log @@ -0,0 +1,16 @@ +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/5/md?c=1746230055 HTTP/2.0" 200 109757 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/2/md?c=1746229514 HTTP/2.0" 200 34495 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/6/md?c=1746230232 HTTP/2.0" 200 32426 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/16/md?c=1746230890 HTTP/2.0" 200 35377 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/17/md?c=1746230912 HTTP/2.0" 200 49219 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/15/md?c=1746230869 HTTP/2.0" 304 22011 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/14/md?c=1746230851 HTTP/2.0" 200 18407 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/13/md?c=1746230829 HTTP/2.0" 200 20910 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/12/md?c=1746230811 HTTP/2.0" 200 25723 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/11/md?c=1746230788 HTTP/2.0" 304 81038 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/10/md?c=1746230719 HTTP/2.0" 200 89354 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/9/md?c=1746230698 HTTP/2.0" 200 218189 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/8/md?c=1746230614 HTTP/2.0" 200 92527 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/7/md?c=1746230534 HTTP/2.0" 304 112247 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/4/md?c=1746230023 HTTP/2.0" 200 113781 "" "" +2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] "GET /cover/3/md?c=1746229880 HTTP/2.0" 200 95108 "" "" From 7831669a235a117dab8b4c21c3969ce0e6670df9 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:45:23 -0400 Subject: [PATCH 20/21] Create scenario.assert --- .tests/calibre-web-whitelist/scenario.assert | 1 + 1 file changed, 1 insertion(+) create mode 100644 .tests/calibre-web-whitelist/scenario.assert diff --git a/.tests/calibre-web-whitelist/scenario.assert b/.tests/calibre-web-whitelist/scenario.assert new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/.tests/calibre-web-whitelist/scenario.assert @@ -0,0 +1 @@ + From bf8848a3092e5faf55022a6814c39553a70b21d9 Mon Sep 17 00:00:00 2001 From: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com> Date: Sun, 20 Jul 2025 21:49:26 -0400 Subject: [PATCH 21/21] Create parser.assert --- .tests/calibre-web-whitelist/parser.assert | 1143 ++++++++++++++++++++ 1 file changed, 1143 insertions(+) create mode 100644 .tests/calibre-web-whitelist/parser.assert diff --git a/.tests/calibre-web-whitelist/parser.assert b/.tests/calibre-web-whitelist/parser.assert new file mode 100644 index 00000000000..21e370e48b8 --- /dev/null +++ b/.tests/calibre-web-whitelist/parser.assert @@ -0,0 +1,1143 @@ +len(results) == 4 +len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 16 +results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/5/md?c=1746230055 HTTP/2.0\" 200 109757 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/2/md?c=1746229514 HTTP/2.0\" 200 34495 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/6/md?c=1746230232 HTTP/2.0\" 200 32426 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/16/md?c=1746230890 HTTP/2.0\" 200 35377 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/17/md?c=1746230912 HTTP/2.0\" 200 49219 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/15/md?c=1746230869 HTTP/2.0\" 304 22011 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/14/md?c=1746230851 HTTP/2.0\" 200 18407 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][7].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/13/md?c=1746230829 HTTP/2.0\" 200 20910 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][8].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/12/md?c=1746230811 HTTP/2.0\" 200 25723 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][9].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/11/md?c=1746230788 HTTP/2.0\" 304 81038 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][10].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/10/md?c=1746230719 HTTP/2.0\" 200 89354 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][11].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/9/md?c=1746230698 HTTP/2.0\" 200 218189 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][12].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/8/md?c=1746230614 HTTP/2.0\" 200 92527 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][13].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/7/md?c=1746230534 HTTP/2.0\" 304 112247 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][14].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/4/md?c=1746230023 HTTP/2.0\" 200 113781 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][15].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/3/md?c=1746229880 HTTP/2.0\" 200 95108 \"\" \"\"" +results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["program"] == "nginx" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Whitelisted == false +len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 16 +results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][7].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][8].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][9].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][10].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][11].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][12].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][13].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][14].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][15].Success == false +len(results["s01-parse"]["crowdsecurity/nginx-logs"]) == 16 +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["body_bytes_sent"] == "109757" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/5/md?c=1746230055 HTTP/2.0\" 200 109757 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["request"] == "/cover/5/md?c=1746230055" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_path"] == "/cover/5/md?c=1746230055" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["body_bytes_sent"] == "34495" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/2/md?c=1746229514 HTTP/2.0\" 200 34495 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["request"] == "/cover/2/md?c=1746229514" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_path"] == "/cover/2/md?c=1746229514" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["body_bytes_sent"] == "32426" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/6/md?c=1746230232 HTTP/2.0\" 200 32426 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["request"] == "/cover/6/md?c=1746230232" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_path"] == "/cover/6/md?c=1746230232" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["body_bytes_sent"] == "35377" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/16/md?c=1746230890 HTTP/2.0\" 200 35377 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["request"] == "/cover/16/md?c=1746230890" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_path"] == "/cover/16/md?c=1746230890" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["body_bytes_sent"] == "49219" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/17/md?c=1746230912 HTTP/2.0\" 200 49219 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["request"] == "/cover/17/md?c=1746230912" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_path"] == "/cover/17/md?c=1746230912" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["body_bytes_sent"] == "22011" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/15/md?c=1746230869 HTTP/2.0\" 304 22011 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["request"] == "/cover/15/md?c=1746230869" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["status"] == "304" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_path"] == "/cover/15/md?c=1746230869" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_status"] == "304" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["body_bytes_sent"] == "18407" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/14/md?c=1746230851 HTTP/2.0\" 200 18407 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["request"] == "/cover/14/md?c=1746230851" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["http_path"] == "/cover/14/md?c=1746230851" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["body_bytes_sent"] == "20910" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/13/md?c=1746230829 HTTP/2.0\" 200 20910 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["request"] == "/cover/13/md?c=1746230829" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["http_path"] == "/cover/13/md?c=1746230829" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][7].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["body_bytes_sent"] == "25723" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/12/md?c=1746230811 HTTP/2.0\" 200 25723 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["request"] == "/cover/12/md?c=1746230811" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["http_path"] == "/cover/12/md?c=1746230811" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][8].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["body_bytes_sent"] == "81038" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/11/md?c=1746230788 HTTP/2.0\" 304 81038 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["request"] == "/cover/11/md?c=1746230788" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["status"] == "304" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["http_path"] == "/cover/11/md?c=1746230788" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["http_status"] == "304" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][9].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["body_bytes_sent"] == "89354" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/10/md?c=1746230719 HTTP/2.0\" 200 89354 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["request"] == "/cover/10/md?c=1746230719" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["http_path"] == "/cover/10/md?c=1746230719" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][10].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["body_bytes_sent"] == "218189" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/9/md?c=1746230698 HTTP/2.0\" 200 218189 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["request"] == "/cover/9/md?c=1746230698" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["http_path"] == "/cover/9/md?c=1746230698" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][11].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["body_bytes_sent"] == "92527" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/8/md?c=1746230614 HTTP/2.0\" 200 92527 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["request"] == "/cover/8/md?c=1746230614" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["http_path"] == "/cover/8/md?c=1746230614" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][12].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["body_bytes_sent"] == "112247" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/7/md?c=1746230534 HTTP/2.0\" 304 112247 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["request"] == "/cover/7/md?c=1746230534" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["status"] == "304" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["http_path"] == "/cover/7/md?c=1746230534" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["http_status"] == "304" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][13].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["body_bytes_sent"] == "113781" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/4/md?c=1746230023 HTTP/2.0\" 200 113781 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["request"] == "/cover/4/md?c=1746230023" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["http_path"] == "/cover/4/md?c=1746230023" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][14].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["body_bytes_sent"] == "95108" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/3/md?c=1746229880 HTTP/2.0\" 200 95108 \"\" \"\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["request"] == "/cover/3/md?c=1746229880" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Parsed["verb"] == "GET" +basename(results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["http_path"] == "/cover/3/md?c=1746229880" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["http_status"] == "200" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s01-parse"]["crowdsecurity/nginx-logs"][15].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"]) == 16 +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["body_bytes_sent"] == "109757" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/5/md?c=1746230055 HTTP/2.0\" 200 109757 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["request"] == "/cover/5/md?c=1746230055" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["http_path"] == "/cover/5/md?c=1746230055" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][0].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["body_bytes_sent"] == "34495" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/2/md?c=1746229514 HTTP/2.0\" 200 34495 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["request"] == "/cover/2/md?c=1746229514" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["http_path"] == "/cover/2/md?c=1746229514" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][1].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["body_bytes_sent"] == "32426" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/6/md?c=1746230232 HTTP/2.0\" 200 32426 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["request"] == "/cover/6/md?c=1746230232" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["http_path"] == "/cover/6/md?c=1746230232" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][2].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["body_bytes_sent"] == "35377" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/16/md?c=1746230890 HTTP/2.0\" 200 35377 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["request"] == "/cover/16/md?c=1746230890" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["http_path"] == "/cover/16/md?c=1746230890" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][3].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["body_bytes_sent"] == "49219" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/17/md?c=1746230912 HTTP/2.0\" 200 49219 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["request"] == "/cover/17/md?c=1746230912" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["http_path"] == "/cover/17/md?c=1746230912" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][4].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["body_bytes_sent"] == "22011" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/15/md?c=1746230869 HTTP/2.0\" 304 22011 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["request"] == "/cover/15/md?c=1746230869" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["status"] == "304" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["http_path"] == "/cover/15/md?c=1746230869" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["http_status"] == "304" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][5].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["body_bytes_sent"] == "18407" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/14/md?c=1746230851 HTTP/2.0\" 200 18407 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["request"] == "/cover/14/md?c=1746230851" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["http_path"] == "/cover/14/md?c=1746230851" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][6].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["body_bytes_sent"] == "20910" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/13/md?c=1746230829 HTTP/2.0\" 200 20910 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["request"] == "/cover/13/md?c=1746230829" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["http_path"] == "/cover/13/md?c=1746230829" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][7].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["body_bytes_sent"] == "25723" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/12/md?c=1746230811 HTTP/2.0\" 200 25723 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["request"] == "/cover/12/md?c=1746230811" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["http_path"] == "/cover/12/md?c=1746230811" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][8].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["body_bytes_sent"] == "81038" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/11/md?c=1746230788 HTTP/2.0\" 304 81038 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["request"] == "/cover/11/md?c=1746230788" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["status"] == "304" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["http_path"] == "/cover/11/md?c=1746230788" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["http_status"] == "304" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][9].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["body_bytes_sent"] == "89354" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/10/md?c=1746230719 HTTP/2.0\" 200 89354 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["request"] == "/cover/10/md?c=1746230719" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["http_path"] == "/cover/10/md?c=1746230719" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][10].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["body_bytes_sent"] == "218189" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/9/md?c=1746230698 HTTP/2.0\" 200 218189 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["request"] == "/cover/9/md?c=1746230698" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["http_path"] == "/cover/9/md?c=1746230698" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][11].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["body_bytes_sent"] == "92527" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/8/md?c=1746230614 HTTP/2.0\" 200 92527 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["request"] == "/cover/8/md?c=1746230614" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["http_path"] == "/cover/8/md?c=1746230614" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][12].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["body_bytes_sent"] == "112247" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/7/md?c=1746230534 HTTP/2.0\" 304 112247 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["request"] == "/cover/7/md?c=1746230534" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["status"] == "304" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["http_path"] == "/cover/7/md?c=1746230534" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["http_status"] == "304" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][13].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["body_bytes_sent"] == "113781" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/4/md?c=1746230023 HTTP/2.0\" 200 113781 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["request"] == "/cover/4/md?c=1746230023" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["http_path"] == "/cover/4/md?c=1746230023" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][14].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Success == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["body_bytes_sent"] == "95108" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/3/md?c=1746229880 HTTP/2.0\" 200 95108 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["request"] == "/cover/3/md?c=1746229880" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["http_path"] == "/cover/3/md?c=1746229880" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/calibre-web-whitelist"][15].Evt.WhitelistReason == "Calibre-Web whitelist" +len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 16 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "109757" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/5/md?c=1746230055 HTTP/2.0\" 200 109757 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["request"] == "/cover/5/md?c=1746230055" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_path"] == "/cover/5/md?c=1746230055" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "34495" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/2/md?c=1746229514 HTTP/2.0\" 200 34495 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["request"] == "/cover/2/md?c=1746229514" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_path"] == "/cover/2/md?c=1746229514" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "32426" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/6/md?c=1746230232 HTTP/2.0\" 200 32426 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["request"] == "/cover/6/md?c=1746230232" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_path"] == "/cover/6/md?c=1746230232" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "35377" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/16/md?c=1746230890 HTTP/2.0\" 200 35377 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["request"] == "/cover/16/md?c=1746230890" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_path"] == "/cover/16/md?c=1746230890" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "49219" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/17/md?c=1746230912 HTTP/2.0\" 200 49219 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request"] == "/cover/17/md?c=1746230912" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_path"] == "/cover/17/md?c=1746230912" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["body_bytes_sent"] == "22011" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/15/md?c=1746230869 HTTP/2.0\" 304 22011 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request"] == "/cover/15/md?c=1746230869" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["status"] == "304" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_path"] == "/cover/15/md?c=1746230869" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_status"] == "304" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["body_bytes_sent"] == "18407" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/14/md?c=1746230851 HTTP/2.0\" 200 18407 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["request"] == "/cover/14/md?c=1746230851" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_path"] == "/cover/14/md?c=1746230851" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["body_bytes_sent"] == "20910" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/13/md?c=1746230829 HTTP/2.0\" 200 20910 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["request"] == "/cover/13/md?c=1746230829" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["http_path"] == "/cover/13/md?c=1746230829" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["body_bytes_sent"] == "25723" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/12/md?c=1746230811 HTTP/2.0\" 200 25723 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["request"] == "/cover/12/md?c=1746230811" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["http_path"] == "/cover/12/md?c=1746230811" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["body_bytes_sent"] == "81038" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/11/md?c=1746230788 HTTP/2.0\" 304 81038 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["request"] == "/cover/11/md?c=1746230788" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["status"] == "304" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["http_path"] == "/cover/11/md?c=1746230788" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["http_status"] == "304" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["body_bytes_sent"] == "89354" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/10/md?c=1746230719 HTTP/2.0\" 200 89354 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["request"] == "/cover/10/md?c=1746230719" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["http_path"] == "/cover/10/md?c=1746230719" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["body_bytes_sent"] == "218189" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/9/md?c=1746230698 HTTP/2.0\" 200 218189 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["request"] == "/cover/9/md?c=1746230698" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["http_path"] == "/cover/9/md?c=1746230698" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["body_bytes_sent"] == "92527" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/8/md?c=1746230614 HTTP/2.0\" 200 92527 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["request"] == "/cover/8/md?c=1746230614" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["http_path"] == "/cover/8/md?c=1746230614" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["body_bytes_sent"] == "112247" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/7/md?c=1746230534 HTTP/2.0\" 304 112247 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["request"] == "/cover/7/md?c=1746230534" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["status"] == "304" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["http_path"] == "/cover/7/md?c=1746230534" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["http_status"] == "304" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["body_bytes_sent"] == "113781" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/4/md?c=1746230023 HTTP/2.0\" 200 113781 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["request"] == "/cover/4/md?c=1746230023" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["http_path"] == "/cover/4/md?c=1746230023" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.WhitelistReason == "Calibre-Web whitelist" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["body_bytes_sent"] == "95108" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [18/Jul/2025:12:09:08 -0400] \"GET /cover/3/md?c=1746229880 HTTP/2.0\" 200 95108 \"\" \"\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["request"] == "/cover/3/md?c=1746229880" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["time_local"] == "18/Jul/2025:12:09:08 -0400" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["verb"] == "GET" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_path"]) == "calibre-web-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["http_path"] == "/cover/3/md?c=1746229880" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["http_status"] == "200" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Enriched["MarshaledTime"] == "2025-07-18T12:09:08-04:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Whitelisted == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.WhitelistReason == "Calibre-Web whitelist" +len(results["success"][""]) == 0