CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 15:33:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5998 from Security-Onion-Solutions/fix/hl_host_name

Browse Source 
Rename HTTP client headers and host
This commit is contained in:
weslambert
2021-10-25 13:21:11 -04:00
committed by GitHub
parent 2bfedbd581 3be0d05eea
commit 926551d398
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/logstash/pipelines/config/so/0011_input_endgame.conf
View File

@@ -3,6 +3,8 @@ input {
id => "endgame_data" id => "endgame_data"
port => 3765 port => 3765
codec => es_bulk codec => es_bulk
request_headers_target_field => client_headers
remote_host_target_field => client_host
ssl => true ssl => true
ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"] ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
ssl_certificate => "/usr/share/logstash/filebeat.crt" ssl_certificate => "/usr/share/logstash/filebeat.crt"

2
salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
View File

@@ -8,7 +8,7 @@
filter { filter {
if [event][module] =~ "endgame" { if [event][module] =~ "endgame" {
mutate { mutate {
remove_field => ["headers", "host"] remove_field => ["client_headers", "client_host"]
} }
} }
} }