Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: ocsf audit logging #1089

Merged
merged 36 commits into from
Sep 17, 2024
Merged

Conversation

durg78
Copy link
Contributor

@durg78 durg78 commented Jun 25, 2024

Added OCSF (version 1.2.0) audit log format utilizing github.com/valllabh/ocsf-schema-golang.

The dependency for golangci-lint was updated from 1.54 to 1.59.1. Lint test was crashing, and updating it resolved the issue.

ocsf-schema-golang required an update from go 1.20 to 1.22. Consequently, reflect.StringHeader (used in internal/corazawaf/rule.go) was deprecated in go 1.21. This was causing lint check failures. I have created an exception for now, but this will need to be addressed.

@durg78 durg78 requested a review from a team as a code owner June 25, 2024 13:42
coraza.conf-recommended Outdated Show resolved Hide resolved
.golangci.yml Outdated Show resolved Hide resolved
@jcchavezs
Copy link
Member

I think this is great. Being a existing format honestly feels this is better than our JSON format or the modsec one which I am not 100% sure fits in modern tooling. My only request here is that we should avoid changing the transaction to support a format. Audit log formats are pluggable and we should be able to either do everything with what we have or extend what we have to support new use cases but that does not include changing the internal API.

@fzipi fzipi changed the title Feature/ocsf audit logging feat: ocsf audit logging Jun 26, 2024
@fzipi
Copy link
Member

fzipi commented Jul 18, 2024

Hey @durg78 ! We updated go to >= 1.21 today, if you want to rebase.

@durg78
Copy link
Contributor Author

durg78 commented Sep 4, 2024

Hey @durg78 ! We updated go to >= 1.21 today, if you want to rebase.

I just now saw this. I'm working on the rebase now.

@M4tteoP
Copy link
Member

M4tteoP commented Sep 10, 2024

Would you mind rebasing the PR to fix the conflict and bringing in TinyGo's latest version (#1148 has been merged a few days ago)? I'm curious to see if the Tiny go test now works good

@fzipi
Copy link
Member

fzipi commented Sep 10, 2024

Checks are passing now! 🎉

Copy link
Member

@M4tteoP M4tteoP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some nits, looks good! 🚀

internal/auditlog/auditlog_test.go Outdated Show resolved Hide resolved
internal/auditlog/formats_ocsf.go Outdated Show resolved Hide resolved
internal/auditlog/formats_ocsf.go Outdated Show resolved Hide resolved
internal/seclang/directives.go Outdated Show resolved Hide resolved
@fzipi fzipi requested a review from M4tteoP September 12, 2024 18:45
Copy link
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Waiting on @M4tteoP's approval also.

Copy link
Member

@M4tteoP M4tteoP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wish to understand a couple of fields that have been added to the AuditLogTransactionRequest interface before approving this

internal/corazawaf/transaction.go Show resolved Hide resolved
experimental/plugins/plugintypes/auditlog.go Outdated Show resolved Hide resolved
Copy link
Member

@M4tteoP M4tteoP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks for all the dedication around this PR @durg78!

@fzipi
Copy link
Member

fzipi commented Sep 17, 2024

Time to merge!

@fzipi fzipi merged commit c2d37d5 into corazawaf:main Sep 17, 2024
8 checks passed
@durg78 durg78 deleted the feature/OCSF_Audit_Logging branch September 17, 2024 13:19
@jcchavezs
Copy link
Member

Amazing work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants