Merge pull request #5057 from Security-Onion-Solutions/bravo

Several Suricata things
2025-12-07 17:52:46 +01:00 · 2021-08-04 12:26:11 -04:00
parent 54a3b754e0 71bbb41b5f
commit 84fdc1e690
3 changed files with 3 additions and 1 deletions
--- a/1
+++ b/1
@@ -0,0 +1 @@
+
--- a/salt/elasticsearch/files/ingest/suricata.fileinfo
+++ b/salt/elasticsearch/files/ingest/suricata.fileinfo
@@ -13,6 +13,7 @@
    { "rename": 	{ "field": "message2.fileinfo.size", 		"target_field": "file.size",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.fileinfo.state", 		"target_field": "file.state",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.fileinfo.stored", 		"target_field": "file.saved",		"ignore_missing": true 	} },
+    { "rename":   { "field": "message2.fileinfo.sha256",   "target_field": "hash.sha256", "ignore_missing": true } },
    { "set":		{ "if": "ctx.network?.protocol != null", 	"field": "file.source",	"value": "{{network.protocol}}"  	} },
    { "pipeline": { "name": "common" } }
  ]
--- a/salt/suricata/suricata_meta.yaml
+++ b/salt/suricata/suricata_meta.yaml
@@ -7,7 +7,7 @@ suricata:
          dir: /nsm/extracted
          #write-fileinfo: "yes"
          #force-filestore: "yes"
-          #stream-depth: 0
+          stream-depth: 0
          #max-open-files: 1000
          #force-hash: [sha1, md5]
          xff: