CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1472 from Security-Onion-Solutions/fix/rename-signature_info

Browse Source 
Change rule.signature_info to rule.reference and ensure common.nids e…
This commit is contained in:
weslambert
2020-10-07 11:21:18 -04:00
committed by GitHub
parent a1866e5229 015a441e79
commit 8015676e01
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
salt/elasticsearch/files/ingest/common.nids Normal file
View File

@@ -0,0 +1,15 @@
{
"description" : "common.nids",
"processors" : [
{ "convert": { "if": "ctx.rule.uuid != null", "field": "rule.uuid", "type": "integer" } },
{ "set": { "if": "ctx.rule?.uuid < 1000000", "field": "rule.reference", "value": "https://www.snort.org/search?query={{rule.gid}}-{{rule.uuid}}" } },
{ "set": { "if": "ctx.rule?.uuid > 1999999", "field": "rule.referemce", "value": "https://doc.emergingthreats.net/{{rule.uuid}}" } },
{ "convert": { "if": "ctx.rule.uuid != null", "field": "rule.uuid", "type": "string" } },
{ "set": { "if": "ctx.rule?.name =~ /^GPL/", "field": "rule.ruleset", "value": "Snort GPL" } },
{ "set": { "if": "ctx.rule?.name =~ /^ET/", "field": "rule.ruleset", "value": "Emerging Threats" } },
{ "set": { "if": "ctx.rule.severity == 3", "field": "event.severity", "value": 1, "override": true } },
{ "set": { "if": "ctx.rule.severity == 2", "field": "event.severity", "value": 2, "override": true } },
{ "set": { "if": "ctx.rule.severity == 1", "field": "event.severity", "value": 3, "override": true } },
{ "pipeline": { "name": "common" } }
]
}