Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[cli] ERROR unable to get event details: json: cannot unmarshal string into Go struct field eventIpAddressEntity.data.entity_map.IpAddress.threat_tags of type []string #102

Closed
scottford-lw opened this issue May 12, 2020 · 1 comment

Comments

@scottford-lw
Copy link
Contributor

» lacework events show 34133 -p customerdemo --debug                                                                                                                                                                scottford@scott-fords-mbp
{"level":"debug","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/root.go:168","msg":"using configuration file","path":"/Users/scottford/.lacework.toml"}
{"level":"debug","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/cli_state.go:75","msg":"custom profile","profile":"customerdemo"}
{"level":"debug","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/cli_state.go:105","msg":"state loaded","profile":"customerdemo","account":"customerdemo","api_key":"CUSTOMER_CDD0BEDB6ACF722C7D37542F079B23F6E45F1717A62A04B","api_secret":"_21ba2c69b73b309d76df59a9c12d7b52"}
2020-05-12T09:06:33-07:00	debug	api/auth.go:45	setting up auth	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "key": "CUSTOMER_CDD0BEDB6ACF722C7D37542F079B23F6E45F1717A62A04B", "secret": "_21ba2c69b73b309d76df59a9c12d7b52"}
2020-05-12T09:06:33-07:00	info	api/client.go:101	api client created	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "url": "https://customerdemo.lacework.net", "version": "v1", "log_level": "DEBUG", "timeout": 3600}
{"level":"info","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/event.go:94","msg":"requesting event details","event_id":"34133"}
2020-05-12T09:06:33-07:00	debug	api/http.go:78	request	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "method": "POST", "url": "https://customerdemo.lacework.net", "endpoint": "/api/v1/access/tokens", "headers": {"Accept":"application/json","Content-Type":"application/json","Method":"POST","X-LW-UAKS":"_21ba2c69b73b309d76df59a9c12d7b52"}, "body": "{\"keyId\":\"CUSTOMER_CDD0BEDB6ACF722C7D37542F079B23F6E45F1717A62A04B\",\"expiryTime\":3600}\n"}
2020-05-12T09:06:34-07:00	info	api/http.go:151	response	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "from_req_url": "https://customerdemo.lacework.net/api/v1/access/tokens", "code": 201, "proto": "HTTP/1.1", "headers": {"Connection":["keep-alive"],"Content-Length":["118"],"Content-Security-Policy":["default-src 'self' *.aptrinsic.com www.googletagmanager.com www.google-analytics.com  accounts.google.com; connect-src *.aptrinsic.com *.lacework.net; style-src *.aptrinsic.com 'unsafe-inline' 'self' fonts.googleapis.com; img-src *.aptrinsic.com storage.googleapis.com 'self' *.lacework.com api.lacework.net *.amazonaws.com www.google-analytics.com data:;  script-src 'self' *.aptrinsic.com www.googletagmanager.com www.google-analytics.com www.whoisxmlapi.com apis.google.com 'nonce-EDNnf03nceIOfn39fn3e9h3sdfasadf'; object-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; font-src 'self' fonts.gstatic.com data:"],"Content-Type":["application/json"],"Date":["Tue, 12 May 2020 16:06:34 GMT"],"Feature-Policy":["geolocation 'self'"],"Referrer-Policy":["no-referrer"],"Server":["nginx/1.15.10"],"Strict-Transport-Security":["max-age=31536000; includeSubDomains;; preload"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["SAMEORIGIN"],"X-Xss-Protection":["1; mode=block"]}, "body": "{\"data\":[{\"expiresAt\":\"May 12 2020 17:06\",\"token\":\"_4d86b0f1e5484077e4dbd36bc9a0e1b9\"}],\"ok\":true,\"message\":\"SUCCESS\"}"}
2020-05-12T09:06:34-07:00	debug	api/auth.go:106	storing token	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "data": [{"expiresAt":"May 12 2020 17:06","token":"_4d86b0f1e5484077e4dbd36bc9a0e1b9"}]}
2020-05-12T09:06:34-07:00	debug	api/http.go:78	request	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "method": "GET", "url": "https://customerdemo.lacework.net", "endpoint": "/api/v1/external/events/GetEventDetails?EVENT_ID=34133", "headers": {"Accept":"application/json","Authorization":"_4d86b0f1e5484077e4dbd36bc9a0e1b9","Method":"GET"}, "body": ""}
2020-05-12T09:06:34-07:00	info	api/http.go:151	response	{"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "from_req_url": "https://customerdemo.lacework.net/api/v1/external/events/GetEventDetails?EVENT_ID=34133", "code": 200, "proto": "HTTP/1.1", "headers": {"Connection":["keep-alive"],"Content-Disposition":["inline;"],"Content-Type":["application/json;charset=utf-8"],"Date":["Tue, 12 May 2020 16:06:34 GMT"],"Server":["nginx/1.15.10"],"Strict-Transport-Security":["max-age=31536000; includeSubDomains;; preload"],"Vary":["Accept-Encoding"]}, "body": "{\"data\":[{\"START_TIME\":\"2020-05-06T23:00:00Z\",\"END_TIME\":\"2020-05-07T00:00:00Z\",\"EVENT_TYPE\":\"NewExternalClientBadIpConn\",\"EVENT_ID\":\"34133\",\"EVENT_ACTOR\":\"App\",\"EVENT_MODEL\":\"PtypeConn\",\"ENTITY_MAP\":{\"User\":[{\"MACHINE_HOSTNAME\":\"sejenkins\",\"USERNAME\":\"www-data\"}],\"IpAddress\":[{\"THREAT_TAGS\":\"Poor Reputation IP\",\"COUNTRY\":\"Russian Federation\",\"THREAT_SOURCE\":[{\"DATE\":\"2020-04-09\",\"SOURCE\":\"https://isc.sans.edu/ipsascii.html\"}],\"IP_ADDRESS\":\"5.101.0.209\",\"TOTAL_OUT_BYTES\":12511,\"TOTAL_IN_BYTES\":2213,\"REGION\":\"Moskovskaya oblast'\",\"PORT_LIST\":[]}],\"Process\":[{\"HOSTNAME\":\"sejenkins\",\"CMDLINE\":\"nginx: worker process\",\"PROCESS_START_TIME\":\"2020-05-06T20:21:02Z\",\"CPU_PERCENTAGE\":0,\"PROCESS_ID\":8351}],\"FileExePath\":[{\"EXE_PATH\":\"/usr/sbin/nginx\",\"FIRST_SEEN_TIME\":\"2020-05-06T20:00:00Z\",\"LAST_FILEDATA_HASH\":\"8300a399809de50cb903399e6084b4f766919bce01f7fb7a589e7df9f6f984f1\"}],\"Machine\":[{\"EXTERNAL_IP\":\"3.15.31.113\",\"HOSTNAME\":\"sejenkins\",\"IS_EXTERNAL\":1,\"CPU_PERCENTAGE\":0.37,\"INTERNAL_IP_ADDR\":\"10.0.1.176\",\"INSTANCE_ID\":\"i-0b5b30d51d531c160\"}]}}]}"}
Usage:
  lacework event show <event_id> [flags]

Flags:
  -h, --help   help for show

Global Flags:
  -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
  -k, --api_key string      access key id
  -s, --api_secret string   secret access key
      --debug               turn on debug logging
      --json                switch commands output from human-readable to json format
      --nocolor             turn off colors
      --noninteractive      disable interactive progress bars (i.e. 'spinners')
  -p, --profile string      switch between profiles configured at ~/.lacework.toml

ERROR unable to get event details: json: cannot unmarshal string into Go struct field eventIpAddressEntity.data.entity_map.IpAddress.threat_tags of type []string
@ghost
Copy link

ghost commented May 26, 2020

Closed by 86d8b7b

@ghost ghost closed this as completed May 26, 2020
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant