diff --git a/salt/elasticsearch/files/ingest/suricata.alert b/salt/elasticsearch/files/ingest/suricata.alert index 4687e1624..8de907555 100644 --- a/salt/elasticsearch/files/ingest/suricata.alert +++ b/salt/elasticsearch/files/ingest/suricata.alert @@ -1,12 +1,12 @@ { "description" : "suricata.alert", "processors" : [ - { "rename":{ "field": "message2.comunity_id", "target_field": "network.comunity_id", "ignore_failure": true } }, { "rename":{ "field": "message2.alert", "target_field": "rule", "ignore_failure": true } }, { "rename":{ "field": "rule.signature", "target_field": "rule.name", "ignore_failure": true } }, { "rename":{ "field": "rule.ref", "target_field": "rule.version", "ignore_failure": true } }, { "rename":{ "field": "rule.signature_id", "target_field": "rule.uuid", "ignore_failure": true } }, { "rename":{ "field": "rule.signature_id", "target_field": "rule.signature", "ignore_failure": true } }, + { "rename":{ "field": "message2.meta.payload_printable", "target_field": "network.data.decoded", "ignore_failure": true } }, { "pipeline": { "name": "common" } } ] } diff --git a/salt/elasticsearch/files/ingest/suricata.dhcp b/salt/elasticsearch/files/ingest/suricata.dhcp new file mode 100644 index 000000000..4e4870163 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.dhcp @@ -0,0 +1,8 @@ +{ + "description" : "suricata.dhcp", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.dnp3 b/salt/elasticsearch/files/ingest/suricata.dnp3 new file mode 100644 index 000000000..f63702337 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.dnp3 @@ -0,0 +1,8 @@ +{ + "description" : "suricata.dnp3", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns new file mode 100644 index 000000000..8da6d1903 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.dns @@ -0,0 +1,8 @@ +{ + "description" : "suricata.dns", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.fileinfo b/salt/elasticsearch/files/ingest/suricata.fileinfo new file mode 100644 index 000000000..c319b4a3c --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.fileinfo @@ -0,0 +1,8 @@ +{ + "description" : "suricata.fileinfo", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.ftp b/salt/elasticsearch/files/ingest/suricata.ftp new file mode 100644 index 000000000..a1b9ef7e3 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.ftp @@ -0,0 +1,8 @@ +{ + "description" : "suricata.ftp", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.http b/salt/elasticsearch/files/ingest/suricata.http new file mode 100644 index 000000000..53eb7b2af --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.http @@ -0,0 +1,8 @@ +{ + "description" : "suricata.http", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.ikev2 b/salt/elasticsearch/files/ingest/suricata.ikev2 new file mode 100644 index 000000000..1916f6369 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.ikev2 @@ -0,0 +1,8 @@ +{ + "description" : "suricata.ikev2", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.krb5 b/salt/elasticsearch/files/ingest/suricata.krb5 new file mode 100644 index 000000000..83e950128 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.krb5 @@ -0,0 +1,8 @@ +{ + "description" : "suricata.krb5", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.nfs b/salt/elasticsearch/files/ingest/suricata.nfs new file mode 100644 index 000000000..39ffee455 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.nfs @@ -0,0 +1,8 @@ +{ + "description" : "suricata.nfs", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.rdp b/salt/elasticsearch/files/ingest/suricata.rdp new file mode 100644 index 000000000..229c5bd86 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.rdp @@ -0,0 +1,8 @@ +{ + "description" : "suricata.rdp", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.sip b/salt/elasticsearch/files/ingest/suricata.sip new file mode 100644 index 000000000..0b0ee1e8c --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.sip @@ -0,0 +1,8 @@ +{ + "description" : "suricata.sip", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.smb b/salt/elasticsearch/files/ingest/suricata.smb new file mode 100644 index 000000000..c84dc8136 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.smb @@ -0,0 +1,8 @@ +{ + "description" : "suricata.smb", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.snmp b/salt/elasticsearch/files/ingest/suricata.snmp new file mode 100644 index 000000000..f09ad2cec --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.snmp @@ -0,0 +1,8 @@ +{ + "description" : "suricata.snmp", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.ssh b/salt/elasticsearch/files/ingest/suricata.ssh new file mode 100644 index 000000000..bf48968d7 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.ssh @@ -0,0 +1,8 @@ +{ + "description" : "suricata.ssh", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.tftp b/salt/elasticsearch/files/ingest/suricata.tftp new file mode 100644 index 000000000..cb148e9d7 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.tftp @@ -0,0 +1,8 @@ +{ + "description" : "suricata.tftp", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/suricata.tls b/salt/elasticsearch/files/ingest/suricata.tls new file mode 100644 index 000000000..e6b6081d3 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.tls @@ -0,0 +1,8 @@ +{ + "description" : "suricata.tls", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +}