Refactor the structure of expressions in where blocks of filter kaspersky.

JocLRojas · JocLRojas · commit 599c8c64ae9f · 2025-06-09T17:04:08.000-04:00
diff --git a/filters/antivirus/kaspersky.yml b/filters/antivirus/kaspersky.yml
@@ -1,4 +1,4 @@
-# KAV module filter, version 3.0.0
+# KAV module filter, version 3.0.1
 # Based in docs and samples log provided
 # Support Syslog CEF format
 # 
@@ -1092,25 +1092,15 @@ pipeline:
           params:
             source: origin.ip
             destination: origin.geolocation
-          where:
-            variables:
-              - get: origin.ip
-                as: ip
-                ofType: string
-            expression: "ip_ok == true"
+          where: has(origin.ip)
       
       # Adding geolocation to target.ip
       - dynamic:
           plugin: com.utmstack.geolocation
           params:
             source: target.ip
             destination: target.geolocation
-          where:
-            variables:
-              - get: target.ip
-                as: ip
-                ofType: string
-            expression: "ip_ok == true"
+          where: has(target.ip)
 
       # .......................................................................#
       # Removing unused fields
