crowdsecurity · julienloizelet · May 16, 2025 · May 9, 2025 · May 16, 2025 · Copilot
diff --git a/.github/workflows/keepalive.yml b/.github/workflows/keepalive.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,9 +8,23 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## SemVer public API
 
 The [public API](https://semver.org/spec/v2.0.0.html#spec-item-1) of this library consists of all code related to the
-Splunk app: i.e. all files and folders except ones that are ignored by the `.slimignore` file.
+Splunk app: i.e., all files and folders except ones that are ignored by the `.slimignore` file.
 
 
+---
+
+## [1.2.0](https://github.com/crowdsecurity/crowdsec-splunk-app/releases/tag/v1.2.0) - 2025-05-16
+
+[_Compare with previous release_](https://github.com/crowdsecurity/crowdsec-splunk-app/compare/v1.1.1...v1.2.0)
+
+### Added
+
+- Add missing CTI fields (`reputation`, `confidence`, `mitre_techniques`, `cves`, `background_noise`, `ip_range_24`, `ip_range_24_reputation`, `ip_range_24_score`)
+
+### Fixed
+
+- Fix typo for `aggressiveness` fields 
+
 ---
 
 ## [1.1.1](https://github.com/crowdsecurity/crowdsec-splunk-app/releases/tag/v1.1.1) - 2025-04-21

diff --git a/app.manifest b/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "crowdsec-splunk-app",
-      "version": "1.1.1"
+      "version": "1.2.0"
     },
     "author": [
       {

diff --git a/bin/cssmoke.py b/bin/cssmoke.py
@@ -21,9 +21,14 @@
 )
 
 def attach_resp_to_event(event, data):
+    event["crowdsec_reputation"] = data["reputation"]
+    event["crowdsec_confidence"] = data["confidence"]
     event["crowdsec_ip_range_score"] = data["ip_range_score"]
     event["crowdsec_ip"] = data["ip"]
     event["crowdsec_ip_range"] = data["ip_range"]
+    event["crowdsec_ip_range_24"] = data["ip_range_24"]
+    event["crowdsec_ip_range_24_reputation"] = data["ip_range_24_reputation"]
+    event["crowdsec_ip_range_24_score"] = data["ip_range_24_score"]
     event["crowdsec_as_name"] = data["as_name"]
     event["crowdsec_as_num"] = data["as_num"]
 
@@ -35,6 +40,9 @@ def attach_resp_to_event(event, data):
 
     event["crowdsec_behaviors"] = data["behaviors"]
 
+    event["crowdsec_mitre_techniques"] = data["mitre_techniques"]
+    event["crowdsec_cves"] = data["cves"]
+
     event["crowdsec_first_seen"] = data["history"]["first_seen"]
     event["crowdsec_last_seen"] = data["history"]["last_seen"]
     event["crowdsec_full_age"] = data["history"]["full_age"]
@@ -50,17 +58,18 @@ def attach_resp_to_event(event, data):
     event["crowdsec_target_countries"] = data["target_countries"]
 
     # background_noise_score
+    event["crowdsec_background_noise"] = data["background_noise"]
     event["crowdsec_background_noise_score"] = data["background_noise_score"]
 
     # overall
-    event["crowdsec_overall_aggresiveness"] = data["scores"]["overall"]["aggressiveness"]
+    event["crowdsec_overall_aggressiveness"] = data["scores"]["overall"]["aggressiveness"]
     event["crowdsec_overall_threat"] = data["scores"]["overall"]["threat"]
     event["crowdsec_overall_trust"] = data["scores"]["overall"]["trust"]
     event["crowdsec_overall_anomaly"] = data["scores"]["overall"]["anomaly"]
     event["crowdsec_overall_total"] = data["scores"]["overall"]["total"]
 
     # last_day
-    event["crowdsec_last_day_aggresiveness"] = data["scores"]["last_day"]["aggressiveness"]
+    event["crowdsec_last_day_aggressiveness"] = data["scores"]["last_day"]["aggressiveness"]
     event["crowdsec_last_day_threat"] = data["scores"]["last_day"]["threat"]
     event["crowdsec_last_day_trust"] = data["scores"]["last_day"]["trust"]
     event["crowdsec_last_day_anomaly"] = data["scores"]["last_day"]["anomaly"]
@@ -74,9 +83,7 @@ def attach_resp_to_event(event, data):
     event["crowdsec_last_week_total"] = data["scores"]["last_week"]["total"]
 
     # last_month
-    event["crowdsec_last_month_aggressiveness"] = data["scores"]["last_month"][
-        "aggressiveness"
-    ]
+    event["crowdsec_last_month_aggressiveness"] = data["scores"]["last_month"]["aggressiveness"]
     event["crowdsec_last_month_threat"] = data["scores"]["last_month"]["threat"]
     event["crowdsec_last_month_trust"] = data["scores"]["last_month"]["trust"]
     event["crowdsec_last_month_anomaly"] = data["scores"]["last_month"]["anomaly"]

diff --git a/default/app.conf b/default/app.conf
@@ -17,7 +17,7 @@ label = CrowdSec
 [launcher]
 author=CrowdSec
 description=This app leverages the CrowdSec's CTI API to perform lookups on IPs
-version=1.1.1
+version=1.2.0
 
 [package]
 id = crowdsec-splunk-app

diff --git a/dev/README.md b/dev/README.md
@@ -34,7 +34,7 @@ docker compose up -d
 ```
 
 When the container is created, [Splunk set all permissions](https://github.com/splunk/docker-splunk/blob/develop/docs/SECURITY.md#splunk-home-ownership) to `splunk` user and group.
-so you need to change the ownership of the folder to your user:
+That's why you need to change the ownership of the folder to your user:
 
 ```bash
 sudo chown -R $USER:$USER ../../ 
@@ -49,7 +49,7 @@ docker compose down
 
 ### Test the app
 
-Once container is up, you can browse to Splunk UI: http://localhost:8000
+Once the container is up, you can browse to Splunk UI: http://localhost:8000
 
 Username is `admin` and password is the one you set in `.env` file.