Skip to content

Commit 62979fe

Browse files
efd6efd6
committed
lastpass: reduce complexity of grok expressions
1 parent 5d5af17 commit 62979fe

File tree

1 file changed

+18
-18
lines changed
  • packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline

1 file changed

+18
-18
lines changed

packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -342,84 +342,84 @@ processors:
342342
ctx.event.action.contains('open secure note')
343343
)
344344
patterns:
345-
- "^Secure Note\\s+\\(%{DATA:lastpass.event_report.data.secure_note}\\)$"
346-
- "^Secure Note\\s+\\(%{DATA:lastpass.event_report.data.secure_note}\\)\\s+from\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
345+
- '^Secure Note\s+\(%{DATA:lastpass.event_report.data.secure_note}\)$'
346+
- '^Secure Note\s+\(%{DATA:lastpass.event_report.data.secure_note}\)\s+from\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
347347
ignore_failure: true
348348
- grok:
349349
field: lastpass.event_report.data.original
350350
if: ctx.event?.action?.contains('edit secure note') == true
351351
patterns:
352-
- "^Secure Note\\s+\\(%{DATA:lastpass.event_report.data.secure_note}\\)$"
352+
- '^Secure Note\s+\(%{DATA:lastpass.event_report.data.secure_note}\)$'
353353
ignore_failure: true
354354
- grok:
355355
field: lastpass.event_report.data.original
356356
if: ctx.event?.action?.contains('add to shared folder') == true
357357
patterns:
358-
- "^\\'%{DATA:lastpass.event_report.data.shared_folder_name}\\'\\s+\\'%{EMAILADDRESS:lastpass.event_report.data.user_email}\\'$"
358+
- "^'%{DATA:lastpass.event_report.data.shared_folder_name}'\\s+'%{EMAILADDRESS:lastpass.event_report.data.user_email}'$"
359359
ignore_failure: true
360360
- grok:
361361
field: lastpass.event_report.data.original
362362
if: ctx.event?.action?.contains('create group') == true
363363
patterns:
364-
- "^\\'%{DATA:lastpass.event_report.data.group_name}\\'$"
364+
- "^'%{DATA:lastpass.event_report.data.group_name}'$"
365365
ignore_failure: true
366366
- grok:
367367
field: lastpass.event_report.data.original
368368
if: ctx.event?.action?.contains('adding user to group') == true
369369
patterns:
370-
- "^%{EMAILADDRESS:lastpass.event_report.data.user_email}\\s+\\-\\s+%{DATA:lastpass.event_report.data.group_name}$"
370+
- '^%{EMAILADDRESS:lastpass.event_report.data.user_email}\s+\-\s+%{DATA:lastpass.event_report.data.group_name}$'
371371
ignore_failure: true
372372
- grok:
373373
field: lastpass.event_report.data.original
374374
if: ctx.event?.action?.contains('created lastpass account') == true
375375
patterns:
376-
- "^%{EMAILADDRESS:lastpass.event_report.data.user_email}\\s*\\-Shared\\-\\s*%{DATA:lastpass.event_report.data.shared_folder_name}$"
376+
- '^%{EMAILADDRESS:lastpass.event_report.data.user_email}\s*-Shared-\s*%{DATA:lastpass.event_report.data.shared_folder_name}$'
377377
ignore_failure: true
378378
- grok:
379379
field: lastpass.event_report.data.original
380380
if: ctx.event?.action?.contains('update folder permissions') == true
381381
patterns:
382-
- "^\\'%{DATA:lastpass.event_report.data.shared_folder_name}\\'\\s+\\'%{EMAILADDRESS:lastpass.event_report.data.user_email}\\'\\s+\\'Read only\\:%{DATA:lastpass.event_report.data.shared_folder_user_permissions.read_only}\\s+Admin\\:%{DATA:lastpass.event_report.data.shared_folder_user_permissions.admin}\\s+Hide PW\\:%{DATA:lastpass.event_report.data.shared_folder_user_permissions.hide_password}\\'$"
382+
- "^'%{DATA:lastpass.event_report.data.shared_folder_name}'\\s+'%{EMAILADDRESS:lastpass.event_report.data.user_email}'\\s+'Read only:%{DATA:lastpass.event_report.data.shared_folder_user_permissions.read_only}\\s+Admin:%{DATA:lastpass.event_report.data.shared_folder_user_permissions.admin}\\s+Hide PW:%{DATA:lastpass.event_report.data.shared_folder_user_permissions.hide_password}'$"
383383
ignore_failure: true
384384
- grok:
385385
field: lastpass.event_report.data.original
386386
if: ctx.event?.action?.contains('renamed shared folder') == true
387387
patterns:
388-
- "^\\'%{DATA:lastpass.event_report.data.shared_folder_name}\\'\\s+\\'%{DATA:lastpass.event_report.data.renamed_shared_folder_name}\\'$"
388+
- "^'%{DATA:lastpass.event_report.data.shared_folder_name}'\\s+'%{DATA:lastpass.event_report.data.renamed_shared_folder_name}'$"
389389
ignore_failure: true
390390
- grok:
391391
field: lastpass.event_report.data.original
392392
if: ctx.event?.action?.contains('move to shared folder') == true
393393
patterns:
394-
- "^\\s+to\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
395-
- "^%{GREEDYDATA:lastpass.event_report.data.site}\\s+to\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
394+
- '^\s+to\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
395+
- '^%{GREEDYDATA:lastpass.event_report.data.site}\s+to\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
396396
ignore_failure: true
397397
- grok:
398398
field: lastpass.event_report.data.original
399399
if: ctx.event?.action?.contains('move from shared folder') == true
400400
patterns:
401-
- "^ from INVALID SHARED FOLDER$"
402-
- "^\\s+from\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
403-
- "^%{GREEDYDATA:lastpass.event_report.data.site}\\s+from\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
401+
- '^ from INVALID SHARED FOLDER$'
402+
- '^\s+from\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
403+
- '^%{GREEDYDATA:lastpass.event_report.data.site}\s+from\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
404404
ignore_failure: true
405405
- grok:
406406
field: lastpass.event_report.data.original
407407
if: ctx.event?.action?.contains('delete shared sites') == true
408408
patterns:
409-
- "^\\s+from\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
410-
- "^%{GREEDYDATA:lastpass.event_report.data.deleted_site}\\s+from\\s+%{DATA:lastpass.event_report.data.shared_folder_name}$"
409+
- '^\s+from\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
410+
- '^%{GREEDYDATA:lastpass.event_report.data.deleted_site}\s+from\s+%{DATA:lastpass.event_report.data.shared_folder_name}$'
411411
ignore_failure: true
412412
- grok:
413413
field: _temp
414414
if: ctx.event?.action?.contains('limit shared folder') == true
415415
patterns:
416-
- "^%{DATA:lastpass.event_report.data.shared_folder_name}\\,%{EMAILADDRESS:lastpass.event_report.data.user_email}$"
416+
- '^%{DATA:lastpass.event_report.data.shared_folder_name},%{EMAILADDRESS:lastpass.event_report.data.user_email}$'
417417
ignore_failure: true
418418
- grok:
419419
field: lastpass.event_report.data.original
420420
if: ctx.event?.action?.contains('removed from shared folder') == true
421421
patterns:
422-
- "^\\'%{DATA:lastpass.event_report.data.shared_folder_name}\\'\\s+\\'%{EMAILADDRESS:lastpass.event_report.data.user_email}\\'$"
422+
- "^'%{DATA:lastpass.event_report.data.shared_folder_name}'\\s+'%{EMAILADDRESS:lastpass.event_report.data.user_email}'$"
423423
ignore_failure: true
424424
- set:
425425
field: user.group.name

0 commit comments

Comments
 (0)