0x221E/siem-integrations
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Patch: Disable example wazuh request

Browse Source
This commit is contained in:
0x221E
2026-01-28 13:16:45 +01:00
parent ff493fd8eb
commit cb461b53a5
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
custom-iris.py
View File

@@ -23,7 +23,7 @@ def main():
alert_json = json.load(f) alert_json = json.load(f)
except Exception as e: except Exception as e:
sys.exit(1) sys.exit(1)
"""
alert_json = { alert_json = {
"timestamp": "2026-01-28T10:15:10.292+0000", "timestamp": "2026-01-28T10:15:10.292+0000",
"rule": { "rule": {
@@ -67,19 +67,19 @@ def main():
"name": "wazuh.manager" "name": "wazuh.manager"
}, },
"id": "1769595310.407300", "id": "1769595310.407300",
"full_log": "43.138.192.98 - - [28/Jan/2026:10:15:09 +0000] \"GET /wp-json/ HTTP/1.1\" 404 181 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36\"", "full_log": " - - [28/Jan/2026:10:15:09 +0000] \"GET /wp-json/ HTTP/1.1\" 404 181 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/\"",
"decoder": { "decoder": {
"name": "web-accesslog" "name": "web-accesslog"
}, },
"data": { "data": {
"protocol": "GET", "protocol": "GET",
"srcip": "43.138.192.98", "srcip": "43.*.*.*",
"id": "404", "id": "404",
"url": "/wp-json/" "url": "/wp-json/"
}, },
"location": "/var/log/nginx/access.log" "location": "/var/log/nginx/access.log"
} }
"""
client = iris_api.IrisClient(hook_url, api_key) client = iris_api.IrisClient(hook_url, api_key)
processor = alert.AlertProcessor() processor = alert.AlertProcessor()
formatted_alert = processor.process(alert_json) formatted_alert = processor.process(alert_json)