CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

logstash: add beats template used in latest SO

Browse Source
This commit is contained in:
Dustin Lee
2019-10-11 08:36:44 -04:00
parent 1b532cd670
commit 699371a4d7
1 changed files with 19 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
salt/logstash/etc/beats-template.json
View File

@@ -27,24 +27,6 @@
"path_match": "docker.container.labels.*" "path_match": "docker.container.labels.*"
} }
}, },
{
"event_data": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "event_data.*"
}
},
{
"user_data": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "user_data.*"
}
},
{ {
"strings_as_keyword": { "strings_as_keyword": {
"mapping": { "mapping": {
@@ -59,6 +41,14 @@
"@timestamp": { "@timestamp": {
"type": "date" "type": "date"
}, },
"event_data": {
"type":"object",
"dynamic": true
},
"beat_host": {
"type":"object",
"dynamic": true
},
"activity_id": { "activity_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
@@ -83,6 +73,14 @@
} }
} }
}, },
"username":{
"type":"text",
"fields": {
"keyword":{
"type":"keyword"
}
}
},
"computer_name": { "computer_name": {
"type": "text", "type": "text",
"fields":{ "fields":{
@@ -129,9 +127,6 @@
} }
} }
}, },
"event_data": {
"type": "object"
},
"event_id": { "event_id": {
"type": "long" "type": "long"
}, },
@@ -283,7 +278,8 @@
} }
}, },
"user_data": { "user_data": {
"type": "object" "type": "object",
"dynamic": "true"
}, },
"version": { "version": {
"type": "keyword" "type": "keyword"