CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-22 00:43:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

zeek traceroute & ntp

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2025-03-03 10:48:06 -06:00
parent 573a2a5595
commit 4bd83f8983
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/elasticsearch/files/ingest/zeek.traceroute Normal file
View File

@@ -0,0 +1,10 @@
{
"description":"zeek.traceroute",
"processors":[
{"set": {"field":"event.dataset", "value":"traceroute" }},
{"json": {"field":"message", "target_field":"message2" }},
{"rename": {"field":"message2.src", "target_field":"source.ip", "ignore_missing":true,"ignore_failure":true}},
{"rename": {"field":"message2.dst", "target_field":"destination.ip", "ignore_missing":true,"ignore_failure":true}},
{"pipeline": {"name":"zeek.common"}}
]
}