CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

add cip_identity to hunt.evenfields.json

Browse Source
This commit is contained in:
Doug Burks
2022-11-22 10:55:39 -05:00
committed by GitHub
parent 80e50fa7b4
commit 07a53db09a
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/soc/files/soc/hunt.eventfields.json
View File

@@ -63,6 +63,7 @@
"::enip": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "enip.command", "enip.status_code", "log.id.uid", "event.dataset" ],
"::modbus_detailed": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "modbus.function", "log.id.uid" ],
"::s7comm": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "s7.ros.control.name", "s7.function.name", "log.id.uid" ],
"::cip_identity": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "cip.device.type.name", "cip.vendor.name", "log.id.uid" ],
"::ecat_arp_info": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "ecat.arp.type", "log.id.uid" ],
"::tds_sql_batch": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "tds.header_type", "log.id.uid", "event.dataset" ]