Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filterx parse leef 2.0 #343

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Filterx parse leef 2.0 #343

wants to merge 7 commits into from

Commits on Oct 16, 2024

  1. csv-scanner: add take-rest method to access the remaining part of csv… 

    … data without using expected columns mode

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    ede2dd5 View commit details
    Browse the repository at this point in the history

  2. modules/cef/filterx: Enhance event-parser common module with context … 

    …for improved thread safety. This was required to accommodate the dynamic parsing of the optional delimiter field in LEEF 2.0.

Additionally, introduce optional arguments named `field_separator` and `value_separator` in the filterx function to enforce specific separators.

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    1f98d7d View commit details
    Browse the repository at this point in the history

  3. modules/cef/filterx: Updated the usage message for the parse_cef fi… 

    …lterx function.

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    e8acda5 View commit details
    Browse the repository at this point in the history

  4. modules/cef/filterx: The parse_leef filterx function now supports L… 

    …EEF 2.0 version.

Changes include:
- Updated usage message
- Enhanced version parsing
- Added optional 'delimiter' field to parse and configure the LEEF extension's pair separator based on the specified delimiter value.

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    4b97758 View commit details
    Browse the repository at this point in the history

  5. modules/cef/filterx: Refactor unit test helpers 

    - Moved to a separate unit to improve organization due to their size
- Implemented `va_args` functions for more flexible construction of filterx function arguments
- Generalized helper functions to reduce code duplication in CEF/LEEF tests

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    e3d338e View commit details
    Browse the repository at this point in the history

  6. modules/cef/filterx: Rework CEF unit tests 

    - Utilize the updated test helpers module
- Include additional tests for enforcing pair-separator and value-separator functionality

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    53e260c View commit details
    Browse the repository at this point in the history

  7. modules/cef/filterx: Add LEEF unit tests 

    - Utilize the updated test helpers module
- Include additional tests for enforcing pair-separator and value-separator functionality
- Add extra tests for parsing and utilizing the optional `delimiter` field in LEEF 2.0

Signed-off-by: shifter <shifter@axoflow.com>
    @bshifter
    bshifter committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    79f13cb View commit details
    Browse the repository at this point in the history