Merge pull request #1930 from utmstack/backlog/changeset_filters

AlexSanchez-bit · web-flow · commit 4d6e1dd6df75 · 2026-03-16T13:30:29.000-07:00
changeset[backend](filters): updated o365, crowdstrike, system_linux and azure filters
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260316003_update_filter_azure.xml b/backend/src/main/resources/config/liquibase/changelog/20260316003_update_filter_azure.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260316003" author="Alex">
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            UPDATE public.utm_logstash_filter
+            SET filter_version = '2.0.4',
+                updated_at = now(),
+                logstash_filter = $$# Azure Event-Hub filter, version 2.0.4
+# Documentations: filters/azure/azure-eventhub.yml
+pipeline:
+  - dataTypes:
+      - azure
+    steps:
+      - json:
+          source: raw
+      # ... (updated filter logic)
+$$
+            WHERE module_name = 'AZURE';
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260316004_update_filter_crowdstrike.xml b/backend/src/main/resources/config/liquibase/changelog/20260316004_update_filter_crowdstrike.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260316004" author="Alex">
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            UPDATE public.utm_logstash_filter
+            SET filter_version = '1.1.2',
+                updated_at = now(),
+                logstash_filter = $$# Crowdstrike module filter, version 1.1.2
+# Documentations: filters/crowdstrike/crowdstrike.yml
+pipeline:
+  - dataTypes:
+      - crowdstrike
+    steps:
+      - json:
+          source: raw
+      # ... (updated filter logic)
+$$
+            WHERE module_name = 'CROWDSTRIKE';
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260316005_update_filter_linux.xml b/backend/src/main/resources/config/liquibase/changelog/20260316005_update_filter_linux.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260316005" author="Alex">
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            UPDATE public.utm_logstash_filter
+            SET filter_version = '2.0.2',
+                updated_at = now(),
+                logstash_filter = $$# Linux System filter, version 2.0.2
+# Documentations: filters/filebeat/system_linux_module.yml
+pipeline:
+  - dataTypes:
+      - linux
+    steps:
+      - json:
+          source: raw
+      # ... (updated filter logic)
+$$
+            WHERE module_name = 'LINUX_AGENT';
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260316006_update_filter_o365.xml b/backend/src/main/resources/config/liquibase/changelog/20260316006_update_filter_o365.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260316006" author="Alex">
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            UPDATE public.utm_logstash_filter
+            SET filter_version = '1.0.4',
+                updated_at = now(),
+                logstash_filter = $$# Microsoft 365 filter, version 1.0.4
+# Documentations: filters/office365/o365.yml
+pipeline:
+  - dataTypes:
+      - o365
+    steps:
+      - json:
+          source: raw
+      # ... (updated filter logic)
+$$
+            WHERE module_name = 'O365';
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/master.xml b/backend/src/main/resources/config/liquibase/master.xml
@@ -515,5 +515,13 @@
 
     <include file="/config/liquibase/changelog/20260316002_modify_crowdstrike_rules.xml" relativeToChangelogFile="false"/>
 
+    <include file="/config/liquibase/changelog/20260316003_update_filter_azure.xml" relativeToChangelogFile="false"/>
+
+    <include file="/config/liquibase/changelog/20260316004_update_filter_crowdstrike.xml" relativeToChangelogFile="false"/>
+
+    <include file="/config/liquibase/changelog/20260316005_update_filter_linux.xml" relativeToChangelogFile="false"/>
+
+    <include file="/config/liquibase/changelog/20260316006_update_filter_o365.xml" relativeToChangelogFile="false"/>
+
 
 </databaseChangeLog>
