From fbabd1c7523d00ce7bb694fcb6a87f84a678facc Mon Sep 17 00:00:00 2001 From: Kostas Papageorgiou Date: Thu, 14 Dec 2023 14:57:18 +0200 Subject: [PATCH] Reverted changes --- .../greynoise/advanced/noise_advanced.yml | 16 ++++++++-------- .../greynoise/advanced/riot_advanced.yml | 16 ++++++++-------- lookup_tables/greynoise/basic/noise_basic.yml | 16 ++++++++-------- lookup_tables/greynoise/basic/riot_basic.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_asn.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_asn_datalake.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_location.yml | 16 ++++++++-------- .../ipinfo/ipinfo_location_datalake.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_privacy.yml | 16 ++++++++-------- lookup_tables/ipinfo/ipinfo_privacy_datalake.yml | 16 ++++++++-------- lookup_tables/tor/tor_exit_nodes.yml | 16 ++++++++-------- 11 files changed, 88 insertions(+), 88 deletions(-) diff --git a/lookup_tables/greynoise/advanced/noise_advanced.yml b/lookup_tables/greynoise/advanced/noise_advanced.yml index 21701a9a3..a09f5d3c3 100644 --- a/lookup_tables/greynoise/advanced/noise_advanced.yml +++ b/lookup_tables/greynoise/advanced/noise_advanced.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/greynoise/advanced/riot_advanced.yml b/lookup_tables/greynoise/advanced/riot_advanced.yml index 11b0e185a..ae82a0797 100644 --- a/lookup_tables/greynoise/advanced/riot_advanced.yml +++ b/lookup_tables/greynoise/advanced/riot_advanced.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/greynoise/basic/noise_basic.yml b/lookup_tables/greynoise/basic/noise_basic.yml index b5aa3c9d9..dcb235596 100644 --- a/lookup_tables/greynoise/basic/noise_basic.yml +++ b/lookup_tables/greynoise/basic/noise_basic.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/greynoise/basic/riot_basic.yml b/lookup_tables/greynoise/basic/riot_basic.yml index fc2d7ff8a..0705637d2 100644 --- a/lookup_tables/greynoise/basic/riot_basic.yml +++ b/lookup_tables/greynoise/basic/riot_basic.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_asn.yml b/lookup_tables/ipinfo/ipinfo_asn.yml index 727c8a00b..a9f7602d7 100644 --- a/lookup_tables/ipinfo/ipinfo_asn.yml +++ b/lookup_tables/ipinfo/ipinfo_asn.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_asn_datalake.yml b/lookup_tables/ipinfo/ipinfo_asn_datalake.yml index 47ff4006a..de1b02e2f 100644 --- a/lookup_tables/ipinfo/ipinfo_asn_datalake.yml +++ b/lookup_tables/ipinfo/ipinfo_asn_datalake.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_location.yml b/lookup_tables/ipinfo/ipinfo_location.yml index 609dca40a..9aff65042 100644 --- a/lookup_tables/ipinfo/ipinfo_location.yml +++ b/lookup_tables/ipinfo/ipinfo_location.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_location_datalake.yml b/lookup_tables/ipinfo/ipinfo_location_datalake.yml index 55a608212..da657eeb9 100644 --- a/lookup_tables/ipinfo/ipinfo_location_datalake.yml +++ b/lookup_tables/ipinfo/ipinfo_location_datalake.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_privacy.yml b/lookup_tables/ipinfo/ipinfo_privacy.yml index 0e7a07f8e..da7781172 100644 --- a/lookup_tables/ipinfo/ipinfo_privacy.yml +++ b/lookup_tables/ipinfo/ipinfo_privacy.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml b/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml index 8ca337055..5e4b45faa 100644 --- a/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml +++ b/lookup_tables/ipinfo/ipinfo_privacy_datalake.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip" diff --git a/lookup_tables/tor/tor_exit_nodes.yml b/lookup_tables/tor/tor_exit_nodes.yml index d6e109e8a..9e1011174 100644 --- a/lookup_tables/tor/tor_exit_nodes.yml +++ b/lookup_tables/tor/tor_exit_nodes.yml @@ -424,14 +424,14 @@ LogTypeMap: - "$.content.userOriginIP" - LogType: Tailscale.Network Selectors: - - "$.virtualTraffic[].srcIp" - - "$.virtualTraffic[].dstIp" - - "$.subnetTraffic[].srcIp" - - "$.subnetTraffic[].dstIp" - - "$.exitTraffic[].srcIp" - - "$.exitTraffic[].dstIp" - - "$.physicalTraffic[].srcIp" - - "$.physicalTraffic[].dstIp" + - "$.event.virtualTraffic[].srcIp" + - "$.event.virtualTraffic[].dstIp" + - "$.event.subnetTraffic[].srcIp" + - "$.event.subnetTraffic[].dstIp" + - "$.event.exitTraffic[].srcIp" + - "$.event.exitTraffic[].dstIp" + - "$.event.physicalTraffic[].srcIp" + - "$.event.physicalTraffic[].dstIp" - LogType: Tines.Audit Selectors: - "request_ip"