Fix order

kamil-certat · kamil-certat · commit d73525d42b90 · 2025-03-03T17:23:43.000+01:00
diff --git a/intelmq/etc/harmonization.conf b/intelmq/etc/harmonization.conf
@@ -209,30 +209,18 @@
             "description": "Event data converted into foreign format, intended to be exported by output plugin.",
             "type": "JSON"
         },
-        "protocol.application": {
-            "description": "e.g. vnc, ssh, sip, irc, http or smtp.",
-            "length": 100,
-            "regex": "^[ -~]+$",
-            "type": "LowercaseString"
-        },
-        "protocol.transport": {
-            "description": "e.g. tcp, udp, icmp.",
-            "iregex": "^(ip|icmp|igmp|ggp|ipencap|st2|tcp|cbt|egp|igp|bbn-rcc|nvp(-ii)?|pup|argus|emcon|xnet|chaos|udp|mux|dcn|hmp|prm|xns-idp|trunk-1|trunk-2|leaf-1|leaf-2|rdp|irtp|iso-tp4|netblt|mfe-nsp|merit-inp|sep|3pc|idpr|xtp|ddp|idpr-cmtp|tp\\+\\+|il|ipv6|sdrp|ipv6-route|ipv6-frag|idrp|rsvp|gre|mhrp|bna|esp|ah|i-nlsp|swipe|narp|mobile|tlsp|skip|ipv6-icmp|ipv6-nonxt|ipv6-opts|cftp|sat-expak|kryptolan|rvd|ippc|sat-mon|visa|ipcv|cpnx|cphb|wsn|pvp|br-sat-mon|sun-nd|wb-mon|wb-expak|iso-ip|vmtp|secure-vmtp|vines|ttp|nsfnet-igp|dgp|tcf|eigrp|ospf|sprite-rpc|larp|mtp|ax.25|ipip|micp|scc-sp|etherip|encap|gmtp|ifmp|pnni|pim|aris|scps|qnx|a/n|ipcomp|snp|compaq-peer|ipx-in-ip|vrrp|pgm|l2tp|ddx|iatp|st|srp|uti|smp|sm|ptp|isis|fire|crtp|crdup|sscopmce|iplt|sps|pipe|sctp|fc|divert)$",
-            "length": 11,
-            "type": "LowercaseString"
-        },
         "product.full_name": {
             "description": "A human readable product name. If a machine-readable format isn't available, this field should be used. It can directly use the version identification strings presented by the product. If not given, a good enough value can usually be constructed by concatenating product.product and product.version, or by consulting external sources such as the CPE Product Dictionary. Example: openssh_/8.9",
             "type": "String"
         },
-        "product.vendor": {
-            "description": "Vendor name, recommended being as vendor in the CPE format. Example: openbsd",
-            "type": "LowercaseString"
-        },
         "product.name": {
             "description": "Product name, recommended being as the product in the CPE format. Example: openssh",
             "type": "LowercaseString"
         },
+        "product.vendor": {
+            "description": "Vendor name, recommended being as vendor in the CPE format. Example: openbsd",
+            "type": "LowercaseString"
+        },
         "product.version": {
             "description": "Product version, recommended being as version in the CPE format. Example: 8.9",
             "type": "LowercaseString"
@@ -241,6 +229,18 @@
             "description": "List of vulnerability IDs, separated by semicolons. It's recommended to use a CVE ID where available, and other easily retrievable IDs in other cases, e.g. Github Advisory Database ID. Each vulnerability should only be listed once, and multiple values should be used if there are several different vulnerabilities. However, it's not necessary for a source to list all possible vulnerabilities for a given piece of software. Example: cve-2023-38408;cve-2023-28531;cve-2008-3844;cve-2007-2768",
             "type": "LowercaseString"
         },
+        "protocol.application": {
+            "description": "e.g. vnc, ssh, sip, irc, http or smtp.",
+            "length": 100,
+            "regex": "^[ -~]+$",
+            "type": "LowercaseString"
+        },
+        "protocol.transport": {
+            "description": "e.g. tcp, udp, icmp.",
+            "iregex": "^(ip|icmp|igmp|ggp|ipencap|st2|tcp|cbt|egp|igp|bbn-rcc|nvp(-ii)?|pup|argus|emcon|xnet|chaos|udp|mux|dcn|hmp|prm|xns-idp|trunk-1|trunk-2|leaf-1|leaf-2|rdp|irtp|iso-tp4|netblt|mfe-nsp|merit-inp|sep|3pc|idpr|xtp|ddp|idpr-cmtp|tp\\+\\+|il|ipv6|sdrp|ipv6-route|ipv6-frag|idrp|rsvp|gre|mhrp|bna|esp|ah|i-nlsp|swipe|narp|mobile|tlsp|skip|ipv6-icmp|ipv6-nonxt|ipv6-opts|cftp|sat-expak|kryptolan|rvd|ippc|sat-mon|visa|ipcv|cpnx|cphb|wsn|pvp|br-sat-mon|sun-nd|wb-mon|wb-expak|iso-ip|vmtp|secure-vmtp|vines|ttp|nsfnet-igp|dgp|tcf|eigrp|ospf|sprite-rpc|larp|mtp|ax.25|ipip|micp|scc-sp|etherip|encap|gmtp|ifmp|pnni|pim|aris|scps|qnx|a/n|ipcomp|snp|compaq-peer|ipx-in-ip|vrrp|pgm|l2tp|ddx|iatp|st|srp|uti|smp|sm|ptp|isis|fire|crtp|crdup|sscopmce|iplt|sps|pipe|sctp|fc|divert)$",
+            "length": 11,
+            "type": "LowercaseString"
+        },
         "raw": {
             "description": "The original line of the event from encoded in base64.",
             "type": "Base64"
diff --git a/intelmq/tests/bin/initdb.sql b/intelmq/tests/bin/initdb.sql
@@ -47,6 +47,11 @@ CREATE TABLE events (
     "misp.attribute_uuid" varchar(36),
     "misp.event_uuid" varchar(36),
     "output" json,
+    "product.full_name" text,
+    "product.name" text,
+    "product.vendor" text,
+    "product.version" text,
+    "product.vulnerabilities" text,
     "protocol.application" varchar(100),
     "protocol.transport" varchar(11),
     "raw" text,
@@ -93,4 +98,4 @@ CREATE INDEX "idx_events_source.asn" ON events USING btree ("source.asn");
 CREATE INDEX "idx_events_source.ip" ON events USING btree ("source.ip");
 CREATE INDEX "idx_events_source.fqdn" ON events USING btree ("source.fqdn");
 CREATE INDEX "idx_events_time.observation" ON events USING btree ("time.observation");
-CREATE INDEX "idx_events_time.source" ON events USING btree ("time.source");
+CREATE INDEX "idx_events_time.source" ON events USING btree ("time.source");
