(feature+fix) Add source to suricata ingestor. Correct endpoint for gcp mirroring (metlo-labs#62)

AHarmlessPyro · web-flow · commit 06512d525be2 · 2022-10-30T11:45:28.000+05:30
diff --git a/backend/src/suricata_setup/gcp-services/gcp_setup.ts b/backend/src/suricata_setup/gcp-services/gcp_setup.ts
@@ -840,8 +840,7 @@ export async function push_files({
   id,
   instance_url,
   ...rest
-}: RESPONSE["data"]): Promise<RESPONSE> {
-  const endpoint = "api/v1/log-request/single"
+}: RESPONSE["data"]): Promise<RESPONSE> {  
   const instance_name = instance_url.split("/").at(-1)
   let [key, raw] = createApiKey(`Metlo-collector-${id}`)
   key.for = API_KEY_TYPE.GCP
@@ -863,7 +862,7 @@ export async function push_files({
 
     put_data_file(
       format(filepath_ingestor_in, [
-        `${process.env.BACKEND_URL}/${endpoint}`,
+        `${process.env.BACKEND_URL}`,
         raw,
       ]),
       filepath_ingestor_out,
diff --git a/ingestors/suricata/interface.ts b/ingestors/suricata/interface.ts
@@ -119,6 +119,7 @@ export interface RESPONSE {
     sourcePort: number
     destination: string
     destinationPort: number
+    metloSource: string,
   }
 }
 
diff --git a/ingestors/suricata/utils.ts b/ingestors/suricata/utils.ts
@@ -89,6 +89,7 @@ export function prepareResponse(
       sourcePort: alert.src_port,
       destination: alert.dest_ip,
       destinationPort: alert.dest_port,
+      metloSource: "suricata"
     },
   }
   return resp

Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,7 @@ export function prepareResponse(`
`89`	`89`	`sourcePort: alert.src_port,`
`90`	`90`	`destination: alert.dest_ip,`
`91`	`91`	`destinationPort: alert.dest_port,`
	`92`	`+ metloSource: "suricata"`
`92`	`93`	`},`
`93`	`94`	`}`
`94`	`95`	`return resp`