Add Suricata Flow pipeline

2025-12-29 04:13:13 +01:00 · 2020-06-02 13:40:46 -04:00
parent 617f60d472
commit 0ea2252b5b
4 changed files with 11 additions and 42 deletions
--- a/salt/elasticsearch/files/ingest/suricata.flow
+++ b/salt/elasticsearch/files/ingest/suricata.flow
@@ -0,0 +1,9 @@
+{
+  "description" : "suricata.flow",
+  "processors" : [
+    { "set":      { "field": "dataset",        "value": "conn"  } },
+    { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
+    { "pipeline": { "name": "common" } }
+  ]
+}