From 63ce2e873276acc72706ab7282f632b43ac78ca9 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 18 Jun 2020 15:55:32 -0400 Subject: [PATCH] Fix EventTypeAnomaly spelling (#67) This fixes the spelling of anomaly (misspelled as "anomoly") is several places. Two constants in Go were changed - aucoalesce.EventTypeAnomaly - aucoalesce.EventTypeAnomalyResponse And the names associated with those constants where changed (affect "category" values in events) - "anomaly" - "anomaly-response" Fixes #49 --- CHANGELOG.md | 1 + aucoalesce/event_type.go | 12 ++++++------ aucoalesce/testdata/random-internet.json.golden | 2 +- .../testdata/ubuntu-16.10-linux-4.8.0.json.golden | 2 +- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 27f8fcb..d60317e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Added ECS categorization support for events by record type and syscall. #62 - Fixed a typo in the action value associated with ROLE_REMOVE messages. #65 - Fixed a typo in the action value associated with ANOM_LINK messages. #66 +- Fixed spelling of anomaly in aucoalesce package. #67 ### Removed diff --git a/aucoalesce/event_type.go b/aucoalesce/event_type.go index 91d30b5..73c93ae 100644 --- a/aucoalesce/event_type.go +++ b/aucoalesce/event_type.go @@ -34,9 +34,9 @@ const ( EventTypeUserLogin EventTypeAuditDaemon EventTypeMACDecision - EventTypeAnomoly + EventTypeAnomaly EventTypeIntegrity - EventTypeAnomolyResponse + EventTypeAnomalyResponse EventTypeMAC EventTypeCrypto EventTypeVirt @@ -55,9 +55,9 @@ var auditEventTypeNames = map[AuditEventType]string{ EventTypeUserLogin: "user-login", EventTypeAuditDaemon: "audit-daemon", EventTypeMACDecision: "mac-decision", - EventTypeAnomoly: "anomoly", + EventTypeAnomaly: "anomaly", EventTypeIntegrity: "integrity", - EventTypeAnomolyResponse: "anomaly-response", + EventTypeAnomalyResponse: "anomaly-response", EventTypeMAC: "mac", EventTypeCrypto: "crypto", EventTypeVirt: "virt", @@ -120,9 +120,9 @@ func GetAuditEventType(t AuditMessageType) AuditEventType { case t >= AUDIT_ANOM_PROMISCUOUS && t <= AUDIT_LAST_KERN_ANOM_MSG, t >= AUDIT_ANOM_LOGIN_FAILURES && t <= AUDIT_ANOM_RBAC_FAIL, t >= AUDIT_ANOM_CRYPTO_FAIL && t <= AUDIT_LAST_ANOM_MSG: - return EventTypeAnomoly + return EventTypeAnomaly case t >= AUDIT_RESP_ANOMALY && t <= AUDIT_LAST_ANOM_RESP: - return EventTypeAnomolyResponse + return EventTypeAnomalyResponse case t >= AUDIT_MAC_POLICY_LOAD && t <= AUDIT_LAST_SELINUX, t >= AUDIT_AA && t <= AUDIT_APPARMOR_AUDIT, t >= AUDIT_APPARMOR_HINT && t <= AUDIT_APPARMOR_STATUS, diff --git a/aucoalesce/testdata/random-internet.json.golden b/aucoalesce/testdata/random-internet.json.golden index 30079f0..fe40295 100644 --- a/aucoalesce/testdata/random-internet.json.golden +++ b/aucoalesce/testdata/random-internet.json.golden @@ -4,7 +4,7 @@ "event": { "@timestamp": "2015-02-06T15:03:14.398Z", "sequence": 911150, - "category": "anomoly", + "category": "anomaly", "record_type": "anom_abend", "result": "unknown", "session": "unset", diff --git a/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden b/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden index c6ac177..5d7a1e9 100644 --- a/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden +++ b/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden @@ -4,7 +4,7 @@ "event": { "@timestamp": "2017-04-21T00:32:22.981Z", "sequence": 753, - "category": "anomoly", + "category": "anomaly", "record_type": "anom_promiscuous", "result": "success", "session": "1",