diff --git a/packages/opencanary/changelog.yml b/packages/opencanary/changelog.yml index e780a4d12d5..62cd1312ad1 100644 --- a/packages/opencanary/changelog.yml +++ b/packages/opencanary/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Fixes and issue where all source and destination details were removed if the source or destination port was an invalid "-1". + type: bugfix + link: https://github.com/elastic/integrations/pull/10288 - version: "0.1.0" changes: - description: Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. diff --git a/packages/opencanary/data_stream/events/_dev/test/pipeline/test-events.log-expected.json b/packages/opencanary/data_stream/events/_dev/test/pipeline/test-events.log-expected.json index 7a0057553e9..40886d1765f 100644 --- a/packages/opencanary/data_stream/events/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/opencanary/data_stream/events/_dev/test/pipeline/test-events.log-expected.json @@ -502,7 +502,7 @@ "id": "opencanary-1" }, "redis": { - "command": "\u0000\f\u0000\u0000\u0010\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000" + "command": "\u0000\u000c\u0000\u0000\u0010\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000" } }, "related": { @@ -887,6 +887,11 @@ "jdoe" ] }, + "source": { + "address": "192.168.0.10", + "domain": "Client1", + "ip": "192.168.0.10" + }, "tags": [ "preserve_original_event", "redact_passwords" diff --git a/packages/opencanary/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/opencanary/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 3a3d5d75a41..2927448dd64 100755 --- a/packages/opencanary/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/opencanary/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -655,7 +655,7 @@ processors: - redact: description: Redact any passwords in the log data tag: redact_event_original - if: 'ctx.tags?.contains("redact_passwords") && ctx.event?.original =~ /\"PASSWORD\": \"/' + if: 'ctx.tags != null && ctx.tags.contains("redact_passwords") && ctx.event?.original =~ /\"PASSWORD\": \"/' field: event.original patterns: - '"PASSWORD": "%{DATA:REDACTED}"' @@ -736,14 +736,14 @@ processors: - remove: description: Remove malformed source.* fields for LOG_BASE_MSG events tag: remove_source_port - field: source + field: source.port if: ctx.source?.port == -1 ignore_missing: true ignore_failure: true - remove: description: Remove malformed destination.* fields for LOG_BASE_MSG events tag: remove_destination_port - field: destination + field: destination.port if: ctx.destination?.port == -1 ignore_missing: true ignore_failure: true diff --git a/packages/opencanary/manifest.yml b/packages/opencanary/manifest.yml index 44bc0d76079..1d309c4f8f0 100644 --- a/packages/opencanary/manifest.yml +++ b/packages/opencanary/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.3 name: opencanary title: "OpenCanary" -version: "0.1.0" +version: "0.1.1" description: "This integration collects and parses logs from OpenCanary honeypots." type: integration categories: