@@ -28,9 +28,17 @@ results[0].Overflow.Alert.Events[2].GetMeta("service") == "ssh"
2828results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "10.0.0.101"
2929results[0].Overflow.Alert.Events[2].GetMeta("target_user") == "oracle"
3030results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2026-09-30T11:40:00Z"
31+ basename(results[0].Overflow.Alert.Events[3].GetMeta("datasource_path")) == "ssh-time-based-bf.log"
32+ results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
33+ results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "ssh_failed-auth"
34+ results[0].Overflow.Alert.Events[3].GetMeta("machine") == "server"
35+ results[0].Overflow.Alert.Events[3].GetMeta("service") == "ssh"
36+ results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "10.0.0.101"
37+ results[0].Overflow.Alert.Events[3].GetMeta("target_user") == "postgres"
38+ results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2026-09-30T12:00:00Z"
3139results[0].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-time-based-bf_user-enum"
3240results[0].Overflow.Alert.Remediation == false
33- results[0].Overflow.Alert.GetEventsCount() == 3
41+ results[0].Overflow.Alert.GetEventsCount() == 4
3442"10.0.0.101" in results[1].Overflow.GetSources()
3543results[1].Overflow.Sources["10.0.0.101"].IP == "10.0.0.101"
3644results[1].Overflow.Sources["10.0.0.101"].Range == ""
@@ -60,6 +68,14 @@ results[1].Overflow.Alert.Events[2].GetMeta("service") == "ssh"
6068results[1].Overflow.Alert.Events[2].GetMeta("source_ip") == "10.0.0.101"
6169results[1].Overflow.Alert.Events[2].GetMeta("target_user") == "oracle"
6270results[1].Overflow.Alert.Events[2].GetMeta("timestamp") == "2026-09-30T11:40:00Z"
71+ basename(results[1].Overflow.Alert.Events[3].GetMeta("datasource_path")) == "ssh-time-based-bf.log"
72+ results[1].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
73+ results[1].Overflow.Alert.Events[3].GetMeta("log_type") == "ssh_failed-auth"
74+ results[1].Overflow.Alert.Events[3].GetMeta("machine") == "server"
75+ results[1].Overflow.Alert.Events[3].GetMeta("service") == "ssh"
76+ results[1].Overflow.Alert.Events[3].GetMeta("source_ip") == "10.0.0.101"
77+ results[1].Overflow.Alert.Events[3].GetMeta("target_user") == "postgres"
78+ results[1].Overflow.Alert.Events[3].GetMeta("timestamp") == "2026-09-30T12:00:00Z"
6379results[1].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-time-based-bf"
6480results[1].Overflow.Alert.Remediation == false
65- results[1].Overflow.Alert.GetEventsCount() == 3
81+ results[1].Overflow.Alert.GetEventsCount() == 4
0 commit comments