diff --git a/backend/app/integrations/sap_siem/services/sap_siem_brute_force_same_ip.py b/backend/app/integrations/sap_siem/services/sap_siem_brute_force_same_ip.py index 50c59f46..54a2b688 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_brute_force_same_ip.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_brute_force_same_ip.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"ip": suspicious_logins.ip}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_brute_force_same_ip": "False"}}]}}, diff --git a/backend/app/integrations/sap_siem/services/sap_siem_brute_forced_failed_logins.py b/backend/app/integrations/sap_siem/services/sap_siem_brute_forced_failed_logins.py index eeead7b4..fe72420b 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_brute_forced_failed_logins.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_brute_forced_failed_logins.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"params_loginID": suspicious_logins.loginID}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_brute_force_ip": "False"}}]}}, diff --git a/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_different_geo_location.py b/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_different_geo_location.py index 5b78dbaa..096508f2 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_different_geo_location.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_different_geo_location.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"params_loginID": suspicious_logins.loginID}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_same_user_failed_diff_geo": "False"}}]}}, diff --git a/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_from_different_ip.py b/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_from_different_ip.py index e8701597..b5ff82f1 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_from_different_ip.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_failed_same_user_from_different_ip.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"params_loginID": suspicious_logins.loginID}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_same_user_failed_diff_ip": "False"}}]}}, diff --git a/backend/app/integrations/sap_siem/services/sap_siem_successful_login_same_ip_after_multiple_failures.py b/backend/app/integrations/sap_siem/services/sap_siem_successful_login_same_ip_after_multiple_failures.py index 7cdf8f58..21da2ce0 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_successful_login_same_ip_after_multiple_failures.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_successful_login_same_ip_after_multiple_failures.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"ip": suspicious_logins.ip}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_successful_login_after_failures_diff_loginID": "False"}}]}}, diff --git a/backend/app/integrations/sap_siem/services/sap_siem_successful_same_user_different_geo_location.py b/backend/app/integrations/sap_siem/services/sap_siem_successful_same_user_different_geo_location.py index f9f2db7a..ad3e2a22 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_successful_same_user_different_geo_location.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_successful_same_user_different_geo_location.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"params_loginID": suspicious_logins.loginID}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_same_user_successful_diff_geo": "False"}}]}}, diff --git a/backend/app/integrations/sap_siem/services/sap_siem_successful_user_login_after_using_different_ip.py b/backend/app/integrations/sap_siem/services/sap_siem_successful_user_login_after_using_different_ip.py index 7c23b965..1532a3e5 100644 --- a/backend/app/integrations/sap_siem/services/sap_siem_successful_user_login_after_using_different_ip.py +++ b/backend/app/integrations/sap_siem/services/sap_siem_successful_user_login_after_using_different_ip.py @@ -301,8 +301,8 @@ async def collect_user_activity(suspicious_logins: SuspiciousLogin) -> SapSiemWa """ es_client = await create_wazuh_indexer_client("Wazuh-Indexer") results = es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"params_loginID": suspicious_logins.loginID}}]}}, @@ -322,8 +322,8 @@ async def get_initial_search_results(es_client): dict: The search results. """ return es_client.search( - #index="sap_siem_*", - index="new-integrations*", + index="sap_siem_*", + #index="new-integrations*", body={ "size": 1000, "query": {"bool": {"must": [{"term": {"event_analyzed_success_login_diff_ip": "False"}}]}},