Hi,
We are evaluating Checkmarx tool that export data in XML.
It has multiple paths or depths, and essecial information is presented only on "parent" path.
I can parse via props.conf only on path at a time, and have to choose the best approach to ingest all data.
Here is my current props.conf
[risk_checkmarx]
KV_MODE = xml
BREAK_ONLY_BEFORE = \
NO_BINARY_CHECK = true
TRUNCATE = 0
category = Application
description = Checkmarx
disabled = false
pulldown_type = true
MAX_EVENTS = 99999
What we need:
- Parse XML to "duplicate each line" in a depth. (Ex: "Query\Result\Path")
- Props and Transforms (index time)
What we tried:
- props = kv_mode
- transforms = report / regex
- search = xpath...
Here is a xml sample
C:\CxAuditSrc\cacti-0.8.8h\include\csrf\csrf-magic.php 26 10 350524 _x0024_NS_csrf_magic_1465816182._x0024_Cls_csrf_magic_1465816182.csrf 5 C:\CxAuditSrc\cacti-0.8.8h\include\csrf\csrf-magic.php 33 10 350530 _x0024_NS_csrf_magic_1465816182._x0024_Cls_csrf_magic_1465816182.csrf 5 C:\CxAuditSrc\cacti-0.8.8h\include\csrf\csrf-magic.php 144 5 350670 6 C:\CxAuditSrc\cacti-0.8.8h\lib\adodb\adodb-error.inc.php 94 5 329459 6
↧
