FIX: Update NIDS rule.reference in common.nids pipeline #11846

2025-12-06 09:12:45 +01:00 · 2023-11-29 09:46:11 -05:00
parent 8953ffcc49
commit 0603e96c08
1 changed files with 12 additions and 12 deletions
--- a/salt/elasticsearch/files/ingest/common.nids
+++ b/salt/elasticsearch/files/ingest/common.nids
@@ -2,8 +2,8 @@
  "description" : "common.nids",
  "processors" : [
    { "convert":        { "if": "ctx.rule.uuid != null",	"field": "rule.uuid",		"type": "integer"							} },
-    { "set":            { "if": "ctx.rule?.uuid < 1000000",             "field": "rule.reference", "value": "https://www.snort.org/search?query={{rule.gid}}-{{rule.uuid}}"     } },
+    { "set":            { "if": "ctx.rule?.uuid < 1000000",	"field": "rule.reference",	"value": "https://www.snort.org/rule_docs/{{rule.gid}}-{{rule.uuid}}"	} },
-    { "set":            { "if": "ctx.rule?.uuid > 1999999",             "field": "rule.reference", "value": "https://doc.emergingthreats.net/{{rule.uuid}}"                     } },
+    { "set":            { "if": "ctx.rule?.uuid > 1999999",	"field": "rule.reference",	"value": "https://community.emergingthreats.net"			} },
    { "convert":        { "if": "ctx.rule.uuid != null",	"field": "rule.uuid",		"type": "string"							} },
    { "dissect":        { "if": "ctx.rule.name != null",	"field": "rule.name",		"pattern" : "%{rule_type} %{rest_of_rulename} ", "ignore_failure": true } },
    { "set":            { "if": "ctx.rule_type == 'GPL'",	"field": "rule.ruleset",	"value": "Snort GPL"							} },