CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/3933

Browse Source
This commit is contained in:
m0duspwnens
2021-10-05 12:12:56 -04:00
parent 96d783b158 a3e0fb127a
commit 748f0f2a1d
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
salt/elasticsearch/files/ingest/common
View File

@@ -21,6 +21,26 @@
"properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"]
}
},
{
"geoip": {
"field": "destination.ip",
"target_field": "destination_geo",
"database_file": "GeoLite2-ASN.mmdb",
"ignore_missing": true,
"ignore_failure": true,
"properties": ["ip", "asn", "organization_name", "network"]
}
},
{
"geoip": {
"field": "source.ip",
"target_field": "source_geo",
"database_file": "GeoLite2-ASN.mmdb",
"ignore_missing": true,
"ignore_failure": true,
"properties": ["ip", "asn", "organization_name", "network"]
}
},
{ "set": { "if": "ctx.event?.severity == 1", "field": "event.severity_label", "value": "low", "override": true } },
{ "set": { "if": "ctx.event?.severity == 2", "field": "event.severity_label", "value": "medium", "override": true } },
{ "set": { "if": "ctx.event?.severity == 3", "field": "event.severity_label", "value": "high", "override": true } },