anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

revert: undo service badge filter, parser normalization, and SSH relay

Browse Source 
Reverts commits 8c249f6, a6c7cfd, 7ff5703. The SSH log relay approach
requires container redeployment and doesn't retroactively fix existing
attacker profiles. Rolling back to reassess the approach.
This commit is contained in:
anti
2026-04-14 02:14:46 -04:00
parent 7ff5703250
commit df3f04c10e
8 changed files with 4 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/test_correlation.py
View File

@@ -155,19 +155,6 @@ class TestParserAttackerIP:
assert parse_line(line) is None
class TestParserProcidFlexibility:
def test_non_nil_procid_accepted(self):
line = '<38>1 2026-04-14T05:48:12.611006+00:00 SRV-BRAVO-13 sshd 282 - - Accepted password for root'
event = parse_line(line)
assert event is not None
assert event.service == "sshd"
assert event.decky == "SRV-BRAVO-13"
def test_nil_procid_still_works(self):
event = parse_line(_make_line())
assert event is not None
# ---------------------------------------------------------------------------
# graph.py — AttackerTraversal
# ---------------------------------------------------------------------------