CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-04 10:28:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixup sigma pipelines

Browse Source
This commit is contained in:
Josh Brower
2024-02-07 15:35:31 -05:00
parent b7b501d289
commit 7e3187c0b8
5 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soc/files/soc/final_sigma_pipeline.yaml
+7
View File
@@ -0,0 +1,7 @@
name: Security Onion - Final Pipeline
priority: 95
transformations:
- id: override_field_name_mapping
type: field_name_mapping
mapping:
FieldNameToOverride: NewFieldName
salt/soc/files/soc/so_sigma_pipeline.yaml
+18
View File
@@ -0,0 +1,18 @@
name: Security Onion Baseline Pipeline
priority: 90
transformations:
- id: baseline_field_name_mapping
type: field_name_mapping
mapping:
cs-method: http.method
c-uri: http.uri
c-useragent: http.useragent
cs-version: http.version
uid: user.uid
sid: rule.uuid
answer: answers
query: dns.query.name
src_ip: destination.ip.keyword
src_port: source.port
dst_ip: destination.ip.keyword
dst_port: destination.port