Enhance WAF detection event handling in LogConsumerService by adding attack...

Enhance WAF detection event handling in LogConsumerService by adding attack URL and action details to the event context. The genWafDetectionEvent function now processes attacked logs more comprehensively, improving the overall event generation logic and error handling.

internal/service/log_consumer.go

@@ -204,9 +204,11 @@ func (s *LogConsumerService) genWafDetectionEvent(wafDetectionMessage model.WafD
 		Context: map[string]interface{}{
 			"attack_ip":   attackedLog.AttackIP,
 			"attack_time": attackedLog.AttackTime,
+			"attack_url":  attackedLog.AttackedURL,
 			"attack_app":  attackedLog.AttackedApp,
 			"attack_load": attackedLog.AttackLoad,
 			"rule_name":   attackedLog.RuleName,
+			"action":      attackedLog.Action,
 			"waf_body": map[string]interface{}{
 				"type":     "code",
 				"request":  attackedLog.ReqPkg,
@@ -247,15 +249,16 @@ func (s *LogConsumerService) Handle(ctx context.Context, message []byte) error {
 			continue
 		}
 
-		// event, err := s.genWafDetectionEvent(WafDetectionMessage)
-		// if err != nil {
-		// 	log.Err(err).Str("message.Value", string(message)).Msg("gen waf detection event fails")
-		// 	continue
-		// }
 		bulkIndexSignal := es.NewBulkIndexRequest().Index(EsIndexWafDetectionsAlias)
 		bulkableRequests = append(bulkableRequests, bulkIndexSignal.Id(wafDetection.WafDetectionAttackedLog.ID).Doc(wafDetection))
-		// bulkIndexEvent := es.NewBulkIndexRequest().Index(ESIndexEvents)
-		// bulkableRequests = append(bulkableRequests, bulkIndexEvent.Id(event.ID).Doc(event))
+
+		event, err := s.genWafDetectionEvent(WafDetectionMessage, WafDetectionMessage.AttackedLog[i])
+		if err != nil {
+			log.Err(err).Str("message.Value", string(message)).Msg("gen waf detection event fails")
+			continue
+		}
+		bulkIndexEvent := es.NewBulkIndexRequest().Index(ESIndexEvents)
+		bulkableRequests = append(bulkableRequests, bulkIndexEvent.Id(event.ID).Doc(event))
 	}
 
 	s.esStore.Save(ctx, bulkableRequests)