Update WAF detection event type and rule key name in LogConsumerService

This change modifies the event type from "waf_detection" to "ruleScope" and updates the rule key name to reflect the attack type instead of the rule name. Additionally, the relation type has been changed from "timeline" to "Discovery" for improved clarity in event categorization.

Update WAF detection event type and rule key name in LogConsumerService
This change modifies the event type from "waf_detection" to "ruleScope" and updates the rule key name to reflect the attack type instead of the rule name. Additionally, the relation type has been changed from "timeline" to "Discovery" for improved clarity in event categorization.
240e1555 · qiuqunfeng · 962041ba · 240e1555
Commit 240e1555 authored Jun 21, 2025 by qiuqunfeng
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

internal/service/log_consumer.go internal/service/log_consumer.go +3 -3

No files found.
--- a/internal/service/log_consumer.go
+++ b/internal/service/log_consumer.go
@@ -236,12 +236,12 @@ func (s *LogConsumerService) genWafDetectionEvent(wafDetectionMessage model.WafD
 	// }
 	event := model.Event{
 		ID:          id.Str(),
-		Type:        "waf_detection",
+		Type:        "ruleScope",
 		Description: attackedLog.AttackType,
 		RuleKeys: []model.RuleKey{
 			{
 				Version1: 0,
-				Name:     attackedLog.RuleName,
+				Name:     attackedLog.AttackType,
 				Category: "WAF",
 			},
 		},
@@ -288,7 +288,7 @@ func (s *LogConsumerService) genWafDetectionEvent(wafDetectionMessage model.WafD
 			},
 		},
 		Relation: model.Relation{
-			Type: "timeline",
+			Type: "Discovery",
 		},
 		CreatedAt: attackedLog.AttackTime,
 		UpdatedAt: attackedLog.AttackTime,