CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/5955

Browse Source
This commit is contained in:
m0duspwnens
2021-10-25 16:29:41 -04:00
parent 7e8d74e770 c469d12a49
commit 0c679b62b2
13 changed files with 550 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/logstash/pipelines/config/so/0011_input_endgame.conf
View File

@@ -3,6 +3,8 @@ input {
id => "endgame_data"
port => 3765
codec => es_bulk
request_headers_target_field => client_headers
remote_host_target_field => client_host
ssl => true
ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
ssl_certificate => "/usr/share/logstash/filebeat.crt"

2
salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
View File

@@ -8,7 +8,7 @@
filter {
if [event][module] =~ "endgame" {
mutate {
remove_field => ["headers", "host"]
remove_field => ["client_headers", "client_host"]
}
}
}