From 499b5d95f2fcaf3f11ac5f4044f24cc52af75859 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Tue, 6 Dec 2022 16:01:57 +0000
Subject: [PATCH] Add 'ics' tag for 'bsap'-prefixed events/logs

---
 salt/filebeat/etc/filebeat.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index fc9b4c44e..839bd12f5 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -145,7 +145,7 @@ filebeat.inputs:
       dataset: {{ LOGNAME }}
       category: network
   processors:
-    {%- if LOGNAME is match('^bacnet*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
+    {%- if LOGNAME is match('^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
   - add_tags:
       tags: ["ics"]
     {%- endif %}
@@ -166,7 +166,7 @@ filebeat.inputs:
       category: network
       imported: true
   processors:
-    {%- if LOGNAME is match('^bacnet*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
+    {%- if LOGNAME is match('^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
   - add_tags:
       tags: ["ics"]
     {%- endif %}