From aa767b8dc1b689047a839820d6b04a7dc57fdeae Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Tue, 29 Nov 2022 11:27:41 -0500
Subject: [PATCH] Add 'ics' tag for 'bsap'-prefixed events/logs

---
 salt/filebeat/etc/filebeat.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index e33c028ec..f87e8bb59 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -144,7 +144,7 @@ filebeat.inputs:
       dataset: {{ LOGNAME }}
       category: network
   processors:
-    {%- if LOGNAME is match('^bacnet*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
+    {%- if LOGNAME is match('^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
   - add_tags:
       tags: ["ics"]
     {%- endif %}
@@ -165,7 +165,7 @@ filebeat.inputs:
       category: network
       imported: true
   processors:
-    {%- if LOGNAME is match('^bacnet*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
+    {%- if LOGNAME is match('^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*') %}
   - add_tags:
       tags: ["ics"]
     {%- endif %}