CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add 'ics' tag for 'bsap'-prefixed events/logs

Browse Source
This commit is contained in:
Wes
2022-12-06 16:01:57 +00:00
parent 14af1d36cb
commit 499b5d95f2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/filebeat/etc/filebeat.yml
View File

@@ -145,7 +145,7 @@ filebeat.inputs:
dataset: {{ LOGNAME }} dataset: {{ LOGNAME }}
category: network category: network
processors: processors:
{%- if LOGNAME is match('^bacnet*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %} {%- if LOGNAME is match('^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
- add_tags: - add_tags:
tags: ["ics"] tags: ["ics"]
{%- endif %} {%- endif %}
@@ -166,7 +166,7 @@ filebeat.inputs:
category: network category: network
imported: true imported: true
processors: processors:
{%- if LOGNAME is match('^bacnet*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %} {%- if LOGNAME is match('^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
- add_tags: - add_tags:
tags: ["ics"] tags: ["ics"]
{%- endif %} {%- endif %}