Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suser view problem #24

Open
cporcell opened this issue May 2, 2024 · 0 comments
Open

suser view problem #24

cporcell opened this issue May 2, 2024 · 0 comments

Comments

@cporcell
Copy link

cporcell commented May 2, 2024

Hi,
I have a problem with the info about the user at the last version of the firepower.
The Estreamer is sending info to Sentinel with the cef format, and the info about the user is not correct, i can't see the user, instead i see 9999999 or 9999997 (sometimes other numbers, but mostly are that ones).

image

I was diving into the last version that I'm testing and the productive one and i found some changes. one of them is that at the file view.py was a user ID part commented:

#            self.__addValueIfAvailable(
#                View.USER_ID,
#                [ Cache.USERS, record['userId']] )

I change it and then change at the cef.py the view.USER to View.USER_ID and started to see the data but not correctly parsed. like this:
'blockLength': 8, 'blockType': 0, 'data': 'username'

If i change at the cef.py the userId parse configuration adding .data the estreamer stops working. It does not start.
'userId': 'suser' ---> 'userId.data': 'suser'

Do you know how it can show the real userID, like the old version?

Thank you so much!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cporcell