mirror of
https://github.com/crowdsecurity/crowdsec.git
synced 2025-05-15 13:53:58 +02:00
6fb962a941
* Allow parsers to capture data in a cache, that can be later accessed via expr helpers (fake multi-line support)
26 lines
471 B
YAML
26 lines
471 B
YAML
#these are the events we input into parser
|
|
lines:
|
|
- Meta:
|
|
test: test1
|
|
source_ip: 1.0.0.1
|
|
- Meta:
|
|
test: test2
|
|
source_ip: 192.168.0.1
|
|
#these are the results we expect from the parser
|
|
results:
|
|
- Process: true
|
|
Enriched:
|
|
IsInEU: false
|
|
ASNOrg: "Google Inc."
|
|
Meta:
|
|
source_ip: 1.0.0.1
|
|
- Process: true
|
|
Enriched:
|
|
IsInEU: false
|
|
IsoCode:
|
|
ASNOrg:
|
|
Meta:
|
|
source_ip: 192.168.0.1
|
|
|
|
|
|
|