CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 11:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Zeek and Strelka

Browse Source
This commit is contained in:
Wes Lambert
2020-04-01 19:09:38 +00:00
parent 82c99edbfc
commit 1df2302287
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja → salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
View File

@@ -10,17 +10,16 @@
filter { filter {
if "zeek" in [tags] and "test_data" not in [tags] and "import" not in [tags] { if [module] =~ "zeek" {
mutate { mutate {
##add_tag => [ "conf_file_9000"] ##add_tag => [ "conf_file_9000"]
} }
} }
} }
output { output {
if "zeek" in [tags] and "test_data" not in [tags] and "import" not in [tags] { if [module] =~ "zeek" {
# stdout { codec => rubydebug }
elasticsearch { elasticsearch {
pipeline => "%{event_type}" pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}" hosts => "{{ ES }}"
index => "so-zeek-%{+YYYY.MM.dd}" index => "so-zeek-%{+YYYY.MM.dd}"
template_name => "so-zeek" template_name => "so-zeek"

3
salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
View File

@@ -10,7 +10,7 @@
filter { filter {
if [event_type] =~ "strelka" { if [module] =~ "strelka" {
mutate { mutate {
##add_tag => [ "conf_file_9000"] ##add_tag => [ "conf_file_9000"]
} }
@@ -19,6 +19,7 @@ filter {
output { output {
if [event_type] =~ "strelka" { if [event_type] =~ "strelka" {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}" hosts => "{{ ES }}"
index => "so-strelka-%{+YYYY.MM.dd}" index => "so-strelka-%{+YYYY.MM.dd}"
template_name => "so-common" template_name => "so-common"