From 3da93049e102d5873e3b7f0f5806d25076af365f Mon Sep 17 00:00:00 2001
From: gujinkai <gujinkai@geedgenetworks.com>
Date: Fri, 8 Nov 2024 16:26:07 +0800
Subject: [PATCH] CN 24.08.1 change groot config base 1.3.2

---
 .../24.08.1/etl_session_record_kafka_to_cn_kafka     | 12 ++++++------
 .../2024/CN-24.08/groot-stream/1.3.2/README.md       |  4 ++++
 2 files changed, 10 insertions(+), 6 deletions(-)
 create mode 100644 cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/README.md

diff --git a/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/24.08.1/etl_session_record_kafka_to_cn_kafka b/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/24.08.1/etl_session_record_kafka_to_cn_kafka
index 5e49ea0..e68ac47 100644
--- a/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/24.08.1/etl_session_record_kafka_to_cn_kafka
+++ b/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/24.08.1/etl_session_record_kafka_to_cn_kafka
@@ -186,12 +186,12 @@ processing_pipelines:
       - function: EVAL
         output_fields: [ client_zone ]
         parameters:
-          value_expression: "(flags & 8) == 8 ? 'internal' : 'external'"
+          value_expression: "flags & 8 == 8 ? 'internal' : 'external'"
 
       - function: EVAL
         output_fields: [ server_zone ]
         parameters:
-          value_expression: "(flags & 16) == 16 ? 'internal' : 'external'"
+          value_expression: "flags & 16 == 16 ? 'internal' : 'external'"
 
       - function: CN_IP_ZONE_LOOKUP
         lookup_fields: [ client_ip ]
@@ -210,22 +210,22 @@ processing_pipelines:
       - function: EVAL
         output_fields: [ sent_bytes ]
         parameters:
-          value_expression: "is_def(sent_bytes) ? sent_bytes : 0"
+          value_expression: "sent_bytes == null ? 0 : sent_bytes"
 
       - function: EVAL
         output_fields: [ sent_pkts ]
         parameters:
-          value_expression: "is_def(sent_pkts) ? sent_pkts : 0"
+          value_expression: "sent_pkts == null ? 0 : sent_pkts"
 
       - function: EVAL
         output_fields: [ received_bytes ]
         parameters:
-          value_expression: "is_def(received_bytes) ? received_bytes : 0"
+          value_expression: "received_bytes == null ? 0 : received_bytes"
 
       - function: EVAL
         output_fields: [ received_pkts ]
         parameters:
-          value_expression: "is_def(received_pkts) ? received_pkts : 0"
+          value_expression: "received_pkts == null ? 0 : received_pkts"
 
       - function: EVAL
         output_fields: [ traffic_inbound_byte ]
diff --git a/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/README.md b/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/README.md
new file mode 100644
index 0000000..02a4402
--- /dev/null
+++ b/cyber_narrator/upgrade/2024/CN-24.08/groot-stream/1.3.2/README.md
@@ -0,0 +1,4 @@
+1.3.2 -> 1.7.0
+1. Eval函数调整为AviatorScript，脚本编写细节有变化
+2. Rename函数有变更
+3. pipeline projection type 变更
\ No newline at end of file