CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3462 from Security-Onion-Solutions/delta

Browse Source 
Fixes IP & Port mappings
This commit is contained in:
Josh Brower
2021-03-16 12:05:23 -04:00
committed by GitHub
parent 05ec7dba21 4d6cac4a2a
commit 7b748128ea
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/common
View File

@@ -32,8 +32,6 @@
{ "rename": { "field": "category", "target_field": "event.category", "ignore_failure": true, "ignore_missing": true } }, { "rename": { "field": "category", "target_field": "event.category", "ignore_failure": true, "ignore_missing": true } },
{ "rename": { "field": "message2.community_id", "target_field": "network.community_id", "ignore_failure": true, "ignore_missing": true } }, { "rename": { "field": "message2.community_id", "target_field": "network.community_id", "ignore_failure": true, "ignore_missing": true } },
{ "lowercase": { "field": "event.dataset", "ignore_failure": true, "ignore_missing": true } }, { "lowercase": { "field": "event.dataset", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "destination.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "source.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "log.id.uid", "type": "string", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "log.id.uid", "type": "string", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "agent.id", "type": "string", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "agent.id", "type": "string", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "event.severity", "type": "integer", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "event.severity", "type": "integer", "ignore_failure": true, "ignore_missing": true } },

19
salt/elasticsearch/templates/so/so-common-template.json
View File

@@ -51,16 +51,29 @@
"match_mapping_type": "string", "match_mapping_type": "string",
"path_match": "*.ip", "path_match": "*.ip",
"mapping": { "mapping": {
"type": "ip" "type": "ip",
"fields" : {
"keyword" : {
"ignore_above" : 45,
"type" : "keyword"
}
}
} }
} }
}, },
{ {
"port": { "port": {
"match_mapping_type": "string",
"path_match": "*.port", "path_match": "*.port",
"mapping": { "mapping": {
"type": "integer" "type": "integer",
"fields" : {
"keyword" : {
"ignore_above" : 6,
"type" : "keyword"
}
}
} }
} }
}, },