From 6058d438bf7d20086bfb13d2d731f6de3b0dec26 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 12 Jun 2020 12:28:29 -0400
Subject: [PATCH] Fix Protocol

---
 salt/elasticsearch/files/ingest/suricata.dhcp | 1 +
 salt/elasticsearch/files/ingest/suricata.dns  | 1 +
 salt/elasticsearch/files/ingest/suricata.http | 1 +
 salt/elasticsearch/files/ingest/suricata.smtp | 1 +
 salt/elasticsearch/files/ingest/suricata.snmp | 1 +
 salt/elasticsearch/files/ingest/suricata.ssh  | 1 +
 6 files changed, 6 insertions(+)

diff --git a/salt/elasticsearch/files/ingest/suricata.dhcp b/salt/elasticsearch/files/ingest/suricata.dhcp
index 7dd2e6acd..66ab1140e 100644
--- a/salt/elasticsearch/files/ingest/suricata.dhcp
+++ b/salt/elasticsearch/files/ingest/suricata.dhcp
@@ -2,6 +2,7 @@
   "description" : "suricata.dhcp",
   "processors" : [
     { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.dhcp.assigned_ip", 		"target_field": "dhcp.assigned_ip",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.dhcp.client_mac", 		"target_field": "host.mac",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.dhcp.dhcp_type", 		"target_field": "dhcp.message_types",		"ignore_missing": true 	} },
diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns
index 45381bfd6..0a2e1b2ae 100644
--- a/salt/elasticsearch/files/ingest/suricata.dns
+++ b/salt/elasticsearch/files/ingest/suricata.dns
@@ -2,6 +2,7 @@
   "description" : "suricata.dns",
   "processors" : [
     { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.dns.type", 		"target_field": "dns.type",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.dns.tx_id",		"target_field": "dns.id",	"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.dns.version", 		"target_field": "dns.version",		"ignore_missing": true 	} },
diff --git a/salt/elasticsearch/files/ingest/suricata.http b/salt/elasticsearch/files/ingest/suricata.http
index 32dd1f1c1..2d12a435d 100644
--- a/salt/elasticsearch/files/ingest/suricata.http
+++ b/salt/elasticsearch/files/ingest/suricata.http
@@ -2,6 +2,7 @@
   "description" : "suricata.http",
   "processors" : [
     { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.http.hostname", 		"target_field": "http.virtual_host",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.http.http_user_agent", 		"target_field": "http.useragent",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.http.url", 		"target_field": "http.uri",		"ignore_missing": true 	} },
diff --git a/salt/elasticsearch/files/ingest/suricata.smtp b/salt/elasticsearch/files/ingest/suricata.smtp
index 5a20365d5..ba2144ad5 100644
--- a/salt/elasticsearch/files/ingest/suricata.smtp
+++ b/salt/elasticsearch/files/ingest/suricata.smtp
@@ -2,6 +2,7 @@
   "description" : "suricata.smtp",
   "processors" : [
     { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.smtp.helo", 		"target_field": "smtp.helo",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.email.from", 		"target_field": "smtp.from",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.email.to", 		"target_field": "smtp.to",		"ignore_missing": true 	} },
diff --git a/salt/elasticsearch/files/ingest/suricata.snmp b/salt/elasticsearch/files/ingest/suricata.snmp
index 87f7f8452..bda17f6eb 100644
--- a/salt/elasticsearch/files/ingest/suricata.snmp
+++ b/salt/elasticsearch/files/ingest/suricata.snmp
@@ -2,6 +2,7 @@
   "description" : "suricata.snmp",
   "processors" : [
     { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.snmp.version", 		"target_field": "snmp.version",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.snmp.community", 		"target_field": "snmp.community",		"ignore_missing": true 	} },
     { "pipeline": { "name": "common" } }
diff --git a/salt/elasticsearch/files/ingest/suricata.ssh b/salt/elasticsearch/files/ingest/suricata.ssh
index 894958906..b142d94a2 100644
--- a/salt/elasticsearch/files/ingest/suricata.ssh
+++ b/salt/elasticsearch/files/ingest/suricata.ssh
@@ -2,6 +2,7 @@
   "description" : "suricata.ssh",
   "processors" : [
     { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.ssh.client.proto_version", 		"target_field": "ssh.version",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.ssh.client.software_version", 		"target_field": "ssh.client",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.ssh.server.proto_version", 		"target_field": "ssh.server",		"ignore_missing": true 	} },