GitLab

Update log consumer to use fixed resource kind "Deployment" in WAF detection event naming for improved clarity in log entries.

Enhance LogConsumerService to include region name in log processing, updating configuration structure and initialization to support new regionName parameter.

This update introduces a new function, serverityFromAttackAction, to determine the severity level based on the attack action (warn, block, pass). The severity for generated WAF detection signals and events is now dynamically set using this function, enhancing the accuracy of event categorization.

This change modifies the event type from "waf_detection" to "ruleScope" and updates the rule key name to reflect the attack type instead of the rule name. Additionally, the relation type has been changed from "timeline" to "Discovery" for improved clarity in event categorization.

This update introduces a new Signal struct to encapsulate details related to WAF detections, including severity, tags, and context. The genWafDetectionSignal function has been implemented to generate signals based on attacked logs, improving the overall detection process. Additionally, the handling of bulk indexing for signals has been integrated into the existing workflow, ensuring that signals are properly indexed alongside events.

Refactor WAF detection event structure in LogConsumerService to improve clarity and detail. The genWafDetectionEvent function now includes action and request details in a nested format, enhancing the context of the generated events.

This update introduces a severity level of 6 to the generated WAF detection events, enhancing the event context for better categorization and analysis of detected attacks.

Refactor WAF detection logic in LogConsumerService to restore functionality for generating WAF detections and events. This update re-enables the processing of attacked logs and improves error handling, ensuring that failures during detection generation are logged for better visibility.

Update WAF detection event timestamps in LogConsumerService to use attack time from attacked logs. This change ensures accurate event timing for better context in generated events.

This update enhances the genWafDetectionEvent function by including RuleKeys with version, name, and category details for improved event context. Additionally, an informational log statement has been added to track WAF events during processing.

Enhance WAF detection event handling in LogConsumerService by adding attack URL and action details to the event context. The genWafDetectionEvent function now processes attacked logs more comprehensively, improving the overall event generation logic and error handling.

Enhance WAF detection event generation in LogConsumerService by adding attacked log details. The genWafDetectionEvent function now accepts an additional parameter for attacked logs, allowing for more comprehensive event context, including attack IP, time, application, and payload information.

Refactor WAF service listener deletion logic to include namespace and region code in the query, enhancing specificity and accuracy in service management. Additionally, remove redundant action check in WAF detection generation to simplify error handling.

Comment out WAF detection and event generation logic in LogConsumerService to simplify handling and improve readability. This change prepares the code for future enhancements while maintaining the current functionality.

This update replaces direct assignment of WAF detection properties with a new method for generating WAF detections and events, enhancing code clarity and maintainability. Additionally, error handling has been improved to log failures during the generation process, ensuring better visibility into issues that may arise.

Refactor API router and WAF handling to support additional parameters and improve configuration management

This update modifies the SetRouters and SetWafRouter functions to accept new parameters, including a debug flag and a region URL map, enhancing the flexibility of the API routing. Additionally, a new SetApiRouters function is introduced for better organization of API routes. The configuration management has been streamlined by moving configuration imports to the internal package, ensuring a more consistent structure across the application.

This update introduces the ability to set the log level dynamically based on the LOG_LEVEL environment variable, allowing for better control over logging verbosity. Additionally, the Elasticsearch client creation has been refactored to utilize configuration settings from a JSON file, enhancing the application's configurability. The previous LoadConfig function has been replaced with a more structured approach, and unnecessary code has been removed to streamline the log consumer service.

- Simplify the update process for WAF service attack numbers by directly incrementing the attack_num field in the database.
- Remove redundant queries and error handling for improved code clarity and efficiency.
- Update attack log filter to clarify the purpose of the AttackApp field as the gateway name.
- Adjust the WAF service to correctly reference the gateway name in workload creation and modify attack log queries for consistency.

- Include informative log message when starting Kafka message consumption
- Enhance observability of log consumer service startup process

- Implement dynamic Kafka authentication mechanism (PLAIN/SCRAM)
- Add environment variable-based Kafka broker and authentication configuration
- Modify log consumer service to support flexible Kafka connection setup
- Update Elasticsearch store initialization with new index template
- Extend WAF service types to support listener name and hosts

- Add log consumer service to process WAF detection messages
- Implement message handling with JSON unmarshaling
- Save WAF detection logs to Elasticsearch
- Update WAF service attack number in database
- Modify ESStore to support bulk indexing with channel-based approach
- Add constants for Kafka topics and Elasticsearch indices

- Introduced new API endpoint and service method to enable/disable WAF for multiple listeners
- Updated router, controller, and service to support bulk listener WAF operations
- Added new request type `EnableListenerWafsReq` to handle multiple listener configurations
- Implemented logic to add or remove WAF configurations for specific listeners based on input