-
-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: ocsf audit logging #1089
feat: ocsf audit logging #1089
Conversation
…8/coraza into feature/OCSF_Audit_Logging
I think this is great. Being a existing format honestly feels this is better than our JSON format or the modsec one which I am not 100% sure fits in modern tooling. My only request here is that we should avoid changing the transaction to support a format. Audit log formats are pluggable and we should be able to either do everything with what we have or extend what we have to support new use cases but that does not include changing the internal API. |
Hey @durg78 ! We updated go to >= 1.21 today, if you want to rebase. |
Sync with corazawaf/coraza
Sync with main
I just now saw this. I'm working on the rebase now. |
…8/coraza into feature/OCSF_Audit_Logging
chore(goversion): upgrade minimum version to 1.22 (corazawaf#1145)
Would you mind rebasing the PR to fix the conflict and bringing in TinyGo's latest version (#1148 has been merged a few days ago)? I'm curious to see if the Tiny go test now works good |
Checks are passing now! 🎉 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some nits, looks good! 🚀
Co-authored-by: Matteo Pace <pace.matteo96@gmail.com>
…8/coraza into feature/OCSF_Audit_Logging
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Waiting on @M4tteoP's approval also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wish to understand a couple of fields that have been added to the AuditLogTransactionRequest interface
before approving this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Thanks for all the dedication around this PR @durg78!
Time to merge! |
Amazing work! |
Added OCSF (version 1.2.0) audit log format utilizing github.com/valllabh/ocsf-schema-golang.
The dependency for golangci-lint was updated from 1.54 to 1.59.1. Lint test was crashing, and updating it resolved the issue.
ocsf-schema-golang required an update from go 1.20 to 1.22. Consequently, reflect.StringHeader (used in internal/corazawaf/rule.go) was deprecated in go 1.21. This was causing lint check failures. I have created an exception for now, but this will need to be addressed.