Several Suricata things

2025-12-06 09:12:45 +01:00 · 2021-07-21 09:10:33 -04:00
parent fcde5c3c18
commit 09165daab8
3 changed files with 3 additions and 2 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-ECSFIX HEAVYNODE_SSL_LOGSTASH_REDIS_PIPELINES FBPIPELINE CURATORAUTH
+
--- a/salt/elasticsearch/files/ingest/suricata.fileinfo
+++ b/salt/elasticsearch/files/ingest/suricata.fileinfo
@@ -13,6 +13,7 @@
    { "rename": 	{ "field": "message2.fileinfo.size", 		"target_field": "file.size",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.fileinfo.state", 		"target_field": "file.state",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.fileinfo.stored", 		"target_field": "file.saved",		"ignore_missing": true 	} },
+    { "rename":   { "field": "message2.fileinfo.sha256",   "target_field": "hash.sha256", "ignore_missing": true } },
    { "set":		{ "if": "ctx.network?.protocol != null", 	"field": "file.source",	"value": "{{network.protocol}}"  	} },
    { "pipeline": { "name": "common" } }
  ]
--- a/salt/suricata/suricata_meta.yaml
+++ b/salt/suricata/suricata_meta.yaml
@@ -7,7 +7,7 @@ suricata:
          dir: /nsm/extracted
          #write-fileinfo: "yes"
          #force-filestore: "yes"
-          #stream-depth: 0
+          stream-depth: 0
          #max-open-files: 1000
          #force-hash: [sha1, md5]
          xff:
				`@@ -1 +1 @@`
				`ECSFIX HEAVYNODE_SSL_LOGSTASH_REDIS_PIPELINES FBPIPELINE CURATORAUTH`