Tag group not populating correctly in event document

PaloAltoNetworks / SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->

https://gitlab.com/panw-gse/as/SafeNetworking/

Apache License 2.0

12 stars 10 forks source link

Tag group not populating correctly in event document #24

Closed punisherVX closed 6 years ago

punisherVX commented 6 years ago

Expected behavior and actual behavior.

Tag group is always "Undefined" in SFN-DNS Threat event documents

Steps to reproduce the problem.

All visualizations and discovery show SFN.tag_group as "Undefined" for all events

Specifications like the version of the project, operating system, or hardware.

SFN3.0

punisherVX commented 6 years ago

The tag group default dictionary was causing errors that we did not catch and thus it always became "Undefined" in the logic. Fixed the default dict and added error checking for certain errors to change the course if encountered.