Hello,
I'm looking for some help with my grok patterns, since I'm not being able to parse one of the messages that I need:
The message is:
"Variable: instrucoes | Value: some text here\r\n | Path: ["POST","json","params",0,"instrucoes"]\n########################\nDescription: (23) Detects JavaScript location/document property access and window access obfuscation\nImpact: 5 | Tags: xss, csrf\n"
With dissect I was able to parse almost everything, but when I got to the double quoted Path: It doesn't work, so I was recommended to go with grok...
The problem is, that I cannot manage to get past the Variable...
I was trying to do something like that:
variable: %{word:variable} | (?/(?<=value: )(.*)(?=path:)) | path:
But it didn't even got the "value"
Can you guys help me?
I need to get the variable, value, path, description, impact and tags
Thank you very much!