-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
- Loading branch information
There are no files selected for viewing
Large diffs are not rendered by default.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
package metadata | ||
|
||
remap: functions: community_id: { | ||
category: "String" | ||
description: """ | ||
Used to generate an id based on the [Community ID Spec](\(urls.community_id_spec)). | ||
""" | ||
|
||
arguments: [ | ||
{ | ||
name: "source_ip" | ||
description: "The source IP address." | ||
required: true | ||
type: ["string"] | ||
}, | ||
{ | ||
name: "destination_ip" | ||
description: "The destination IP address." | ||
required: true | ||
type: ["string"] | ||
}, | ||
{ | ||
name: "protocol" | ||
description: "The protocol number." | ||
required: true | ||
type: ["integer"] | ||
}, | ||
{ | ||
name: "source_port" | ||
description: "The source port." | ||
required: false | ||
type: ["integer"] | ||
}, | ||
{ | ||
name: "destination_port" | ||
description: "The destination port." | ||
required: false | ||
type: ["integer"] | ||
}, | ||
{ | ||
name: "seed" | ||
description: "The custom seed number." | ||
required: false | ||
type: ["integer"] | ||
}, | ||
] | ||
internal_failure_reasons: [] | ||
return: types: ["string"] | ||
|
||
// examples: [ | ||
// { | ||
// title: "TCP" | ||
// source: #""" | ||
// community_id!(source_ip: "1.2.3.4", destination_ip: "5.6.7.8", source_port: 1122, destination_port: 3344, protocol: 6) | ||
// """# | ||
// return: "1:wCb3OG7yAFWelaUydu0D+125CLM=" | ||
// }, | ||
// { | ||
// title: "UDP" | ||
// #""" | ||
// community_id!(source_ip: "1.2.3.4", destination_ip: "5.6.7.8", source_port: 1122, destination_port: 3344, protocol: 17) | ||
// """# | ||
// return: "1:0Mu9InQx6z4ZiCZM/7HXi2WMhOg=" | ||
// }, | ||
// { | ||
// title: "ICMP" | ||
// #""" | ||
// community_id!(source_ip: "1.2.3.4", destination_ip: "5.6.7.8", source_port: 8, destination_port: 0, protocol: 1) | ||
// """# | ||
// return: "1:crodRHL2FEsHjbv3UkRrfbs4bZ0=" | ||
// }, | ||
// { | ||
// title: "RSVP" | ||
// #""" | ||
// community_id!(source_ip: "1.2.3.4", destination_ip: "5.6.7.8", protocol: 46) | ||
// """# | ||
// return: "1:ikv3kmf89luf73WPz1jOs49S768=" | ||
// }, | ||
// ] | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,7 +33,7 @@ remap: functions: parse_aws_vpc_flow_log: { | |
"""# | ||
return: { | ||
"version": 2 | ||
"account_id": 123456789010 | ||
"account_id": "123456789010" | ||
"interface_id": "eni-1235b8ca123456789" | ||
"srcaddr": null | ||
"dstaddr": null | ||
|
@@ -65,5 +65,43 @@ remap: functions: parse_aws_vpc_flow_log: { | |
"pkt_dstaddr": "203.0.113.5" | ||
} | ||
}, | ||
{ | ||
title: "Parse AWS VPC Flow including v5 fields" | ||
source: #""" | ||
parse_aws_vpc_flow_log!("5 52.95.128.179 10.0.0.71 80 34210 6 1616729292 1616729349 IPv4 14 15044 123456789012 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-0c50d5961bcb2d47b eni-1235b8ca123456789 ap-southeast-2 apse2-az3 - - ACCEPT 19 52.95.128.179 10.0.0.71 S3 - - ingress OK", | ||
format: "version srcaddr dstaddr srcport dstport protocol start end type packets bytes account_id vpc_id subnet_id instance_id interface_id region az_id sublocation_type sublocation_id action tcp_flags pkt_srcaddr pkt_dstaddr pkt_src_aws_service pkt_dst_aws_service traffic_path flow_direction log_status") | ||
Check failure Code scanning / check-spelling Unrecognized Spelling Error
sublocation is not a recognized word. (unrecognized-spelling)
Check failure Code scanning / check-spelling Unrecognized Spelling Error
sublocation is not a recognized word. (unrecognized-spelling)
|
||
"""# | ||
return: { | ||
"account_id": "123456789012" | ||
"action": "ACCEPT" | ||
"az_id": "apse2-az3" | ||
"bytes": 15044 | ||
"dstaddr": "10.0.0.71" | ||
"dstport": 34210 | ||
"end": 1616729349 | ||
"flow_direction": "ingress" | ||
"instance_id": "i-0c50d5961bcb2d47b" | ||
"interface_id": "eni-1235b8ca123456789" | ||
"log_status": "OK" | ||
"packets": 14 | ||
"pkt_dst_aws_service": null | ||
"pkt_dstaddr": "10.0.0.71" | ||
"pkt_src_aws_service": "S3" | ||
"pkt_srcaddr": "52.95.128.179" | ||
"protocol": 6 | ||
"region": "ap-southeast-2" | ||
"srcaddr": "52.95.128.179" | ||
"srcport": 80 | ||
"start": 1616729292 | ||
"sublocation_id": null | ||
Check failure Code scanning / check-spelling Unrecognized Spelling Error
sublocation is not a recognized word. (unrecognized-spelling)
|
||
"sublocation_type": null | ||
Check failure Code scanning / check-spelling Unrecognized Spelling Error
sublocation is not a recognized word. (unrecognized-spelling)
|
||
"subnet_id": "subnet-aaaaaaaa012345678" | ||
"tcp_flags": 19 | ||
"traffic_path": null | ||
"type": "IPv4" | ||
"version": 5 | ||
"vpc_id": "vpc-abcdefab012345678" | ||
} | ||
}, | ||
] | ||
} |
This file was deleted.