CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Zeek and Strelka

Browse Source
This commit is contained in:
Wes Lambert
2020-04-01 19:09:38 +00:00
parent 82c99edbfc
commit 1df2302287
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja → salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
View File

@@ -10,17 +10,16 @@
filter {
if "zeek" in [tags] and "test_data" not in [tags] and "import" not in [tags] {
if [module] =~ "zeek" {
mutate {
##add_tag => [ "conf_file_9000"]
}
}
}
output {
if "zeek" in [tags] and "test_data" not in [tags] and "import" not in [tags] {
# stdout { codec => rubydebug }
if [module] =~ "zeek" {
elasticsearch {
pipeline => "%{event_type}"
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
index => "so-zeek-%{+YYYY.MM.dd}"
template_name => "so-zeek"

3
salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
View File

@@ -10,7 +10,7 @@
filter {
if [event_type] =~ "strelka" {
if [module] =~ "strelka" {
mutate {
##add_tag => [ "conf_file_9000"]
}
@@ -19,6 +19,7 @@ filter {
output {
if [event_type] =~ "strelka" {
elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
index => "so-strelka-%{+YYYY.MM.dd}"
template_name => "so-common"