diff --git a/bbot/core/event/base.py b/bbot/core/event/base.py index d7eabd6db..8339db51b 100644 --- a/bbot/core/event/base.py +++ b/bbot/core/event/base.py @@ -406,6 +406,19 @@ def scope_distance(self, scope_distance): if source_scope_distance >= 0 and self != self.source: self.source.scope_distance = scope_distance + 1 + @property + def scope_description(self): + """ + Returns a single word describing the scope of the event. + + "in-scope" if the event is in scope, "affiliate" if it's an affiliate, otherwise "distance-{scope_distance}" + """ + if self.scope_distance == 0: + return "in-scope" + elif "affiliate" in self.tags: + return "affiliate" + return f"distance-{self.scope_distance}" + @property def source(self): return self._source @@ -600,7 +613,7 @@ def json(self, mode="json", siem_friendly=False): dict: JSON-serializable dictionary representation of the event object. """ j = dict() - for i in ("type", "id"): + for i in ("type", "id", "scope_description"): v = getattr(self, i, "") if v: j.update({i: v}) diff --git a/bbot/scanner/preset/args.py b/bbot/scanner/preset/args.py index 75588b0eb..506b1c6bf 100644 --- a/bbot/scanner/preset/args.py +++ b/bbot/scanner/preset/args.py @@ -126,7 +126,7 @@ def preset_from_args(self): args_preset.core.merge_custom({"modules": {"stdout": {"format": "json"}}}) if self.parsed.brief: args_preset.core.merge_custom( - {"modules": {"stdout": {"event_fields": ["type", "scope_distance", "data"]}}} + {"modules": {"stdout": {"event_fields": ["type", "scope_description", "data"]}}} ) if self.parsed.event_types: args_preset.core.merge_custom({"modules": {"stdout": {"event_types": self.parsed.event_types}}})