Add RuleKeys to WAF detection event in LogConsumerService

This update enhances the genWafDetectionEvent function by including RuleKeys with version, name, and category details for improved event context. Additionally, an informational log statement has been added to track WAF events during processing.

Add RuleKeys to WAF detection event in LogConsumerService
This update enhances the genWafDetectionEvent function by including RuleKeys with version, name, and category details for improved event context. Additionally, an informational log statement has been added to track WAF events during processing.
9c859945 · qiuqunfeng · 40dc9fd0 · 9c859945
Commit 9c859945 authored Jun 17, 2025 by qiuqunfeng
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

internal/service/log_consumer.go internal/service/log_consumer.go +8 -1

No files found.
--- a/internal/service/log_consumer.go
+++ b/internal/service/log_consumer.go
@@ -152,7 +152,13 @@ func (s *LogConsumerService) genWafDetectionEvent(wafDetectionMessage model.WafD
 		ID:          id.Str(),
 		Type:        "waf_detection",
 		Description: "waf detection",
-		RuleKeys:    []model.RuleKey{},
+		RuleKeys: []model.RuleKey{
+			{
+				Version1: 0,
+				Name:     attackedLog.RuleName,
+				Category: "WAF",
+			},
+		},
 		Scopes: map[string][]model.Scope{
 			"cluster": {
 				{
@@ -257,6 +263,7 @@ func (s *LogConsumerService) Handle(ctx context.Context, message []byte) error {
 			log.Err(err).Str("message.Value", string(message)).Msg("gen waf detection event fails")
 			continue
 		}
+		log.Info().Msgf("waf event: %+v", event)
 		bulkIndexEvent := es.NewBulkIndexRequest().Index(ESIndexEvents)
 		bulkableRequests = append(bulkableRequests, bulkIndexEvent.Id(event.ID).Doc(event))
 	}