Sep_24_2023-Dev

components/security_apps/layer_7_access_control/layer_7_access_control.cc

@@ -74,7 +74,7 @@ public:
     getCrowdsecEventId() const
     {
         if (!crowdsec_event_id) return genError("Empty ID");
-        return LogField("externalVendorRecommendationId", crowdsec_event_id);
+        return LogField("externalVendorRecommendationId", to_string(crowdsec_event_id));
     }
 
     bool isMalicious() const { return type == "ban"; }
@@ -280,6 +280,8 @@ Layer7AccessControl::Impl::generateLog(const string &source_ip, const Intelligen
         << LogField("sourceIP", source_ip)
         << LogField("externalVendorName", "CrowdSec")
         << LogField("waapIncidentType", "CrowdSec")
+        << LogField("practiceSubType", "Web Access Control")
+        << LogField("practiceType", "Access Control")
         << ip_reputation.getCrowdsecEventId()
         << ip_reputation.getType()
         << ip_reputation.getOrigin()

components/security_apps/layer_7_access_control/layer_7_access_control_ut/layer_7_access_control_ut.cc

@@ -248,7 +248,7 @@ Layer7AccessControlTest::verifyReport(
     EXPECT_THAT(log, HasSubstr("\"destinationIP\": \"5.6.7.8\""));
     EXPECT_THAT(log, HasSubstr("\"externalVendorName\": \"CrowdSec\""));
     EXPECT_THAT(log, HasSubstr("\"waapIncidentType\": \"CrowdSec\""));
-    EXPECT_THAT(log, HasSubstr("\"externalVendorRecommendationId\": 2253734"));
+    EXPECT_THAT(log, HasSubstr("\"externalVendorRecommendationId\": \"2253734\""));
     EXPECT_THAT(log, HasSubstr("\"externalVendorRecommendedAction\": \"ban\""));
     EXPECT_THAT(log, HasSubstr("\"externalVendorRecommendationOrigin\": \"cscli\""));
     EXPECT_THAT(log, HasSubstr("\"externalVendorRecommendedAffectedScope\": \"1.2.3.4\""));