CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-28 19:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into foxtrot

Browse Source
This commit is contained in:
William Wernert
2021-10-27 10:58:16 -04:00
parent dca30146ab a0216cea57
commit 331801eec2
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/logstash/pipelines/config/so/0011_input_endgame.conf
View File

@@ -3,6 +3,8 @@ input {
id => "endgame_data"
port => 3765
codec => es_bulk
request_headers_target_field => client_headers
remote_host_target_field => client_host
ssl => true
ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
ssl_certificate => "/usr/share/logstash/filebeat.crt"

2
salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
View File

@@ -8,7 +8,7 @@
filter {
if [event][module] =~ "endgame" {
mutate {
remove_field => ["headers", "host"]
remove_field => ["client_headers", "client_host"]
}
}
}

2
salt/pcap/init.sls
View File

@@ -117,8 +117,6 @@ so-steno:
- start: {{ STENOOPTIONS.start }}
- network_mode: host
- privileged: True
- port_bindings:
- 127.0.0.1:1234:1234
- binds:
- /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
- /opt/so/conf/steno/config:/etc/stenographer/config:rw