diff --git a/CHANGELOG.md b/CHANGELOG.md index 35d1370c70..7e30fbf497 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ Please refer to the [NEWS](NEWS.md) for a list of changes which have an affect o #### Collectors #### Parsers +- `intelmq.bots.parsers.microsoft.parser_ctip`: Use the new field `serverity` instead of `extra.severity` (PR#2662 by Sebastian Wagner). #### Experts diff --git a/intelmq/bots/parsers/microsoft/parser_ctip.py b/intelmq/bots/parsers/microsoft/parser_ctip.py index c32ba9856b..d91cea3ce9 100644 --- a/intelmq/bots/parsers/microsoft/parser_ctip.py +++ b/intelmq/bots/parsers/microsoft/parser_ctip.py @@ -83,7 +83,7 @@ "networksourceasn": "source.asn", "hostname": "destination.fqdn", "useragent": "extra.user_agent", - "severity": "extra.severity", + "severity": "severity", "tags": "extra.tags", } AZURE = { diff --git a/intelmq/tests/bots/experts/fake/severity.json b/intelmq/tests/bots/experts/fake/severity.json index 92cb9acb05..807913fe38 100644 --- a/intelmq/tests/bots/experts/fake/severity.json +++ b/intelmq/tests/bots/experts/fake/severity.json @@ -1,6 +1,6 @@ { "event_fields": { - "extra.severity": { + "severity": { "mode": "random_single_value", "values": ["critical", "high", "medium", "low", "info", "undefined"] } diff --git a/intelmq/tests/bots/experts/fake/test_expert.py b/intelmq/tests/bots/experts/fake/test_expert.py index c1d49ec70c..577c3a6c24 100644 --- a/intelmq/tests/bots/experts/fake/test_expert.py +++ b/intelmq/tests/bots/experts/fake/test_expert.py @@ -50,7 +50,7 @@ def test_random_single_value(self): self.input_message = {"__type": "Event"} self.run_bot(parameters={'database': SEVERITY_DB}) msg = json_loads(self.get_output_queue()[0]) - self.assertIn(msg['extra.severity'], ["critical", "high", "medium", "low", "info", "undefined"]) + self.assertIn(msg['severity'], ["critical", "high", "medium", "low", "info", "undefined"]) if __name__ == '__main__': # pragma: no cover