CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-11 19:52:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Add Events table columns for zeek ssl and suricata ssl #12697

Browse Source
This commit is contained in:
Doug Burks
2024-03-29 14:44:29 -04:00
committed by GitHub
parent cc2164221c
commit 0c7ba62867
1 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/soc/defaults.yaml
View File

@@ -457,7 +457,7 @@ soc:
- ssh.server - ssh.server
- log.id.uid - log.id.uid
- event.dataset - event.dataset
'::ssl': ':suricata:ssl':
- soc_timestamp - soc_timestamp
- source.ip - source.ip
- source.port - source.port
@@ -465,10 +465,30 @@ soc:
- destination.port - destination.port
- ssl.server_name - ssl.server_name
- ssl.certificate.subject - ssl.certificate.subject
- ssl.version
- log.id.uid
- event.dataset
':zeek:ssl':
- soc_timestamp
- source.ip
- source.port
- destination.ip
- destination.port
- ssl.server_name
- ssl.validation_status - ssl.validation_status
- ssl.version - ssl.version
- log.id.uid - log.id.uid
- event.dataset - event.dataset
'::ssl':
- soc_timestamp
- source.ip
- source.port
- destination.ip
- destination.port
- ssl.server_name
- ssl.version
- log.id.uid
- event.dataset
':zeek:syslog': ':zeek:syslog':
- soc_timestamp - soc_timestamp
- source.ip - source.ip