CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Several Suricata things

Browse Source
This commit is contained in:
Mike Reeves
2021-07-21 09:10:33 -04:00
parent fcde5c3c18
commit 09165daab8
3 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
HOTFIX
View File

@@ -1 +1 @@
ECSFIX HEAVYNODE_SSL_LOGSTASH_REDIS_PIPELINES FBPIPELINE CURATORAUTH

1
salt/elasticsearch/files/ingest/suricata.fileinfo
View File

@@ -13,6 +13,7 @@
{ "rename": { "field": "message2.fileinfo.size", "target_field": "file.size", "ignore_missing": true } }, { "rename": { "field": "message2.fileinfo.size", "target_field": "file.size", "ignore_missing": true } },
{ "rename": { "field": "message2.fileinfo.state", "target_field": "file.state", "ignore_missing": true } }, { "rename": { "field": "message2.fileinfo.state", "target_field": "file.state", "ignore_missing": true } },
{ "rename": { "field": "message2.fileinfo.stored", "target_field": "file.saved", "ignore_missing": true } }, { "rename": { "field": "message2.fileinfo.stored", "target_field": "file.saved", "ignore_missing": true } },
{ "rename": { "field": "message2.fileinfo.sha256", "target_field": "hash.sha256", "ignore_missing": true } },
{ "set": { "if": "ctx.network?.protocol != null", "field": "file.source", "value": "{{network.protocol}}" } }, { "set": { "if": "ctx.network?.protocol != null", "field": "file.source", "value": "{{network.protocol}}" } },
{ "pipeline": { "name": "common" } } { "pipeline": { "name": "common" } }
] ]

2
salt/suricata/suricata_meta.yaml
View File

@@ -7,7 +7,7 @@ suricata:
dir: /nsm/extracted dir: /nsm/extracted
#write-fileinfo: "yes" #write-fileinfo: "yes"
#force-filestore: "yes" #force-filestore: "yes"
#stream-depth: 0 stream-depth: 0
#max-open-files: 1000 #max-open-files: 1000
#force-hash: [sha1, md5] #force-hash: [sha1, md5]
xff: xff: