Skip to content

Commit

Permalink
update in accordance with update 4.10.1-1 wazuh
Browse files Browse the repository at this point in the history
  • Loading branch information
@bouddha-fr
bouddha-fr committed Jan 22, 2025
1 parent f320ed6 commit 101e72a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion parsers/s01-parse/bouddha/wazuh-logs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ statics:
evt.Unmarshaled.wazuh.type == 'response' &&
evt.Unmarshaled.wazuh.method == 'post' &&
evt.Unmarshaled.wazuh.statusCode in [401, '401'] &&
evt.Unmarshaled.wazuh.req.url == '/auth/login'
evt.Unmarshaled.wazuh.req.url == '/auth/login?dataSourceId='
) ? 'wazuh_failed_auth' : ''
- meta: timestamp
expression: evt.Unmarshaled.wazuh['@timestamp']
Expand Down

0 comments on commit 101e72a

Please sign in to comment.