Skip to content

Fix / Improvement: Refactor parser mappings to JSON and standardize configuration #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
HermessNRJ wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix / Improvement: Refactor parser mappings to JSON and standardize configuration #37

HermessNRJ wants to merge 3 commits into from

Conversation

@HermessNRJ
Copy link

@HermessNRJ HermessNRJ commented Dec 2, 2025

Hello,

This is already a great project, and it's really interesting for testing and POCs for the AI SIEM part!

Changes

Refactoring

  • Parser mappings externalization: Moved marketplace and product parser mappings from code to parser_mappings.json file
  • Loading from a file: Updated hec_sender.py to load mappings from JSON file instead of hardcoded values

Configuration standardization #23

  • Environment variables: Standardized naming across .env.example / .env copy and docker-compose.yml
  • Documentation: Created comprehensive .env.example with detailed documentation
  • HEC configuration: Added S1_HEC_URL and related batching parameters to docker-compose and environment files

Bug fixes

  • Error handling: Display actual error messages in UI alerts instead of generic errors
  • Logging: Improved verbosity and endpoint handling in hec_sender.py for better debugging

Parser corrections

@HermessNRJ
Refactor parser mappings and update env/configs
c1a5203 
Moved marketplace and product parser mappings to a new parser_mappings.json file and updated hec_sender.py to load mappings from JSON. Updated environment variable names in .env copy, .env.example, and docker-compose files for consistency. Added S1_HEC_URL and related HEC batching configuration to docker-compose and .env.example. Improved verbosity and endpoint handling in hec_sender.py. Updated several parser config files for AWS VPC DNS, Buildkite, Cloudflare, GCP DNS, Imperva WAF, Teleport, and Zscaler Firewall (change line ending CRLF to LF).
@HermessNRJ
Improve error handling for API responses
b392b4f 
- Display real error messages in UI alerts
This was referenced Dec 2, 2025
Open
Open
@HermessNRJ HermessNRJ mentioned this pull request Dec 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HermessNRJ