From 0e896753fc9f7a8392d518d3d3c3774efe657be1 Mon Sep 17 00:00:00 2001 From: akozlovets098 Date: Wed, 6 Dec 2023 17:02:38 +0200 Subject: [PATCH] Fix Tailscale.Network selectors to be able to reach attribute of the object in array --- .../greynoise/advanced/noise_advanced.yml | 16 ++++++++-------- .../greynoise/advanced/riot_advanced.yml | 16 ++++++++-------- lookup_tables/greynoise/basic/noise_basic.yml | 16 ++++++++-------- lookup_tables/greynoise/basic/riot_basic.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_asn.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_asn_datalake.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_location.yml | 16 ++++++++-------- .../ipinfo/ipinfo_location_datalake.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_privacy.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_privacy_datalake.yml | 16 ++++++++-------- lookup_tables/tor/tor_exit_nodes.yml | 16 ++++++++-------- 11 files changed, 88 insertions(+), 88 deletions(-) diff --git a/lookup_tables/greynoise/advanced/noise_advanced.yml b/lookup_tables/greynoise/advanced/noise_advanced.yml index 857e8be39..a09f5d3c3 100644 --- a/lookup_tables/greynoise/advanced/noise_advanced.yml +++ b/lookup_tables/greynoise/advanced/noise_advanced.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/greynoise/advanced/riot_advanced.yml b/lookup_tables/greynoise/advanced/riot_advanced.yml index a598d1bd8..ae82a0797 100644 --- a/lookup_tables/greynoise/advanced/riot_advanced.yml +++ b/lookup_tables/greynoise/advanced/riot_advanced.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/greynoise/basic/noise_basic.yml b/lookup_tables/greynoise/basic/noise_basic.yml index 72ca271fe..dcb235596 100644 --- a/lookup_tables/greynoise/basic/noise_basic.yml +++ b/lookup_tables/greynoise/basic/noise_basic.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/greynoise/basic/riot_basic.yml b/lookup_tables/greynoise/basic/riot_basic.yml index 737c464cb..0705637d2 100644 --- a/lookup_tables/greynoise/basic/riot_basic.yml +++ b/lookup_tables/greynoise/basic/riot_basic.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_asn.yml b/lookup_tables/ipinfo/ipinfo_asn.yml index 18b4c9ba6..a9f7602d7 100644 --- a/lookup_tables/ipinfo/ipinfo_asn.yml +++ b/lookup_tables/ipinfo/ipinfo_asn.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_asn_datalake.yml b/lookup_tables/ipinfo/ipinfo_asn_datalake.yml index e287e31cc..de1b02e2f 100644 --- a/lookup_tables/ipinfo/ipinfo_asn_datalake.yml +++ b/lookup_tables/ipinfo/ipinfo_asn_datalake.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_location.yml b/lookup_tables/ipinfo/ipinfo_location.yml index 6faeb21ec..9aff65042 100644 --- a/lookup_tables/ipinfo/ipinfo_location.yml +++ b/lookup_tables/ipinfo/ipinfo_location.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_location_datalake.yml b/lookup_tables/ipinfo/ipinfo_location_datalake.yml index cdbcdd6fb..da657eeb9 100644 --- a/lookup_tables/ipinfo/ipinfo_location_datalake.yml +++ b/lookup_tables/ipinfo/ipinfo_location_datalake.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_privacy.yml b/lookup_tables/ipinfo/ipinfo_privacy.yml index 861f4fb3d..da7781172 100644 --- a/lookup_tables/ipinfo/ipinfo_privacy.yml +++ b/lookup_tables/ipinfo/ipinfo_privacy.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml b/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml index d6d5ef06e..5e4b45faa 100644 --- a/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml +++ b/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/tor/tor_exit_nodes.yml b/lookup_tables/tor/tor_exit_nodes.yml index 5c5be4295..9e1011174 100644 --- a/lookup_tables/tor/tor_exit_nodes.yml +++ b/lookup_tables/tor/tor_exit_nodes.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.event.virtualTraffic.srcIp" - - "$.event.virtualTraffic.dstIp" - - "$.event.subnetTraffic.srcIp" - - "$.event.subnetTraffic.dstIp" - - "$.event.exitTraffic.srcIp" - - "$.event.exitTraffic.dstIp" - - "$.event.physicalTraffic.srcIp" - - "$.event.physicalTraffic.dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip"