CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix long vs float for pe version

Browse Source
This commit is contained in:
weslambert
2023-07-13 09:38:09 -04:00
committed by GitHub
parent 727d0443a2
commit 85bb5a327c
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticsearch/files/ingest/strelka.file
View File

@@ -64,6 +64,7 @@
{ "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 70 && ctx.rule?.score <=89", "field": "event.severity", "value": 3, "override": true } },
{ "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 90", "field": "event.severity", "value": 4, "override": true } },
{ "set": { "if": "ctx.scan?.entropy?.entropy == 0", "field": "scan.entropy.entropy", "value": 0.0, "override": true } },
{ "set": { "if": "ctx.scan?.pe?.image_version == 0", "field": "scan.pe.image_version", "value": 0.0, "override": true } },
{ "set": { "field": "observer.name", "value": "{{agent.name}}" }},
{ "convert" : { "field" : "scan.exiftool","type": "string", "ignore_missing":true }},
{ "remove": { "field": ["host", "path", "message", "exiftool", "scan.yara.meta"], "ignore_missing": true } },