events: use tag evebox.auto_archive instead of evebox.auto-archive

Names with - in the get analyzed by Elastic as 2 terms, not a single term. This makes it easier to add a filter like '-tags:evebox.auto_archived`.
jasonish · Jun 30, 2024 · 96da2af · 96da2af
1 parent b7a254f
commit 96da2af
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/src/eve/filters.rs b/src/eve/filters.rs
@@ -153,12 +153,12 @@ impl AutoArchiveFilter {
                 match &mut event["tags"] {
                     serde_json::Value::Array(tags) => {
                         tags.push("evebox.archived".into());
-                        tags.push("evebox.auto-archived".into());
+                        tags.push("evebox.auto_archived".into());
                     }
                     serde_json::Value::Null => {
                         event["tags"] = serde_json::Value::Array(vec![
                             "evebox.archived".into(),
-                            "evebox.auto-archived".into(),
+                            "evebox.auto_archived".into(),
                         ]);
                     }
                     _ => {

diff --git a/webapp/src/Alerts.tsx b/webapp/src/Alerts.tsx
@@ -1070,7 +1070,8 @@ export function AlertDescription(props: { event: EventWrapper }) {
       <Show
         when={
           props.event._source.tags &&
-          props.event._source.tags.indexOf("evebox.auto-archived") > -1
+          (props.event._source.tags.indexOf("evebox.auto-archived") > -1 ||
+            props.event._source.tags.indexOf("evebox.auto_archived") > -1)
         }
       >
         <span class="badge text-bg-secondary me-2">auto-archived</span>