Skip to content

Commit

Permalink
Fix EventTypeAnomaly spelling (#67)
Browse files Browse the repository at this point in the history
This fixes the spelling of anomaly (misspelled as "anomoly") is several places.

Two constants in Go were changed

- aucoalesce.EventTypeAnomaly
- aucoalesce.EventTypeAnomalyResponse

And the names associated with those constants where changed (affect "category" values in events)

- "anomaly"
- "anomaly-response"

Fixes #49
  • Loading branch information
andrewkroh authored Jun 18, 2020
1 parent d94d465 commit 63ce2e8
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Added ECS categorization support for events by record type and syscall. #62
- Fixed a typo in the action value associated with ROLE_REMOVE messages. #65
- Fixed a typo in the action value associated with ANOM_LINK messages. #66
- Fixed spelling of anomaly in aucoalesce package. #67

### Removed

Expand Down
12 changes: 6 additions & 6 deletions aucoalesce/event_type.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ const (
EventTypeUserLogin
EventTypeAuditDaemon
EventTypeMACDecision
EventTypeAnomoly
EventTypeAnomaly
EventTypeIntegrity
EventTypeAnomolyResponse
EventTypeAnomalyResponse
EventTypeMAC
EventTypeCrypto
EventTypeVirt
Expand All @@ -55,9 +55,9 @@ var auditEventTypeNames = map[AuditEventType]string{
EventTypeUserLogin: "user-login",
EventTypeAuditDaemon: "audit-daemon",
EventTypeMACDecision: "mac-decision",
EventTypeAnomoly: "anomoly",
EventTypeAnomaly: "anomaly",
EventTypeIntegrity: "integrity",
EventTypeAnomolyResponse: "anomaly-response",
EventTypeAnomalyResponse: "anomaly-response",
EventTypeMAC: "mac",
EventTypeCrypto: "crypto",
EventTypeVirt: "virt",
Expand Down Expand Up @@ -120,9 +120,9 @@ func GetAuditEventType(t AuditMessageType) AuditEventType {
case t >= AUDIT_ANOM_PROMISCUOUS && t <= AUDIT_LAST_KERN_ANOM_MSG,
t >= AUDIT_ANOM_LOGIN_FAILURES && t <= AUDIT_ANOM_RBAC_FAIL,
t >= AUDIT_ANOM_CRYPTO_FAIL && t <= AUDIT_LAST_ANOM_MSG:
return EventTypeAnomoly
return EventTypeAnomaly
case t >= AUDIT_RESP_ANOMALY && t <= AUDIT_LAST_ANOM_RESP:
return EventTypeAnomolyResponse
return EventTypeAnomalyResponse
case t >= AUDIT_MAC_POLICY_LOAD && t <= AUDIT_LAST_SELINUX,
t >= AUDIT_AA && t <= AUDIT_APPARMOR_AUDIT,
t >= AUDIT_APPARMOR_HINT && t <= AUDIT_APPARMOR_STATUS,
Expand Down
2 changes: 1 addition & 1 deletion aucoalesce/testdata/random-internet.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"event": {
"@timestamp": "2015-02-06T15:03:14.398Z",
"sequence": 911150,
"category": "anomoly",
"category": "anomaly",
"record_type": "anom_abend",
"result": "unknown",
"session": "unset",
Expand Down
2 changes: 1 addition & 1 deletion aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"event": {
"@timestamp": "2017-04-21T00:32:22.981Z",
"sequence": 753,
"category": "anomoly",
"category": "anomaly",
"record_type": "anom_promiscuous",
"result": "success",
"session": "1",
Expand Down

0 comments on commit 63ce2e8

Please sign in to comment.