This commit is contained in:
12
main.go
12
main.go
@@ -3553,7 +3553,7 @@ INSERT INTO event_logs (
|
||||
target_user, target_domain, subject_user, subject_domain,
|
||||
workstation, src_ip, src_port, logon_type, process_name,
|
||||
authentication_package, logon_process, status_text, sub_status_text,
|
||||
failure_reason, ts, msg, msg_sha256
|
||||
failure_reason, ts, received_at, msg, msg_sha256
|
||||
) VALUES
|
||||
`)
|
||||
|
||||
@@ -3561,7 +3561,7 @@ INSERT INTO event_logs (
|
||||
if i > 0 {
|
||||
sb.WriteString(",")
|
||||
}
|
||||
sb.WriteString("(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)")
|
||||
sb.WriteString("(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,UTC_TIMESTAMP(6),?,?)")
|
||||
|
||||
norm := NormalizeEventXML(item.Message)
|
||||
|
||||
@@ -5499,7 +5499,6 @@ WHERE enabled = 1
|
||||
}
|
||||
|
||||
func (d *detector) insertDetection(ctx context.Context, det Detection) (bool, error) {
|
||||
|
||||
suppressed, err := d.isDetectionSuppressed(ctx, det)
|
||||
if err != nil {
|
||||
return false, err
|
||||
@@ -5510,9 +5509,10 @@ func (d *detector) insertDetection(ctx context.Context, det Detection) (bool, er
|
||||
|
||||
const q = `
|
||||
INSERT IGNORE INTO detections
|
||||
(rule_name, severity, hostname, channel_name, event_id, score, window_start, window_end, summary, details_json)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
(rule_name, severity, hostname, channel_name, event_id, score, window_start, window_end, summary, details_json, created_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, UTC_TIMESTAMP(6))
|
||||
`
|
||||
|
||||
res, err := d.db.ExecContext(ctx, q,
|
||||
det.RuleName,
|
||||
det.Severity,
|
||||
@@ -5528,10 +5528,12 @@ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
affected, err := res.RowsAffected()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return affected > 0, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user