CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix zeek opcua pipelines

Browse Source
This commit is contained in:
doug
2022-11-23 10:56:32 -05:00
parent 08d5f494ab
commit bc620b7def
22 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/zeek.opcua → salt/elasticsearch/files/ingest/zeek.opcua_binary
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua", "description" : "zeek.opcua_binary",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_activate_session → salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua.activate_session", "description" : "zeek.opcua_binary_activate_session",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_activate_session_client_software_cert → salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_client_software_cert
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua.activate_session_client_software_cert", "description" : "zeek.opcua_binary_activate_session_client_software_cert",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_activate_session_diagnostic_info → salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_diagnostic_info
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua.activate_session_diagnostic_info", "description" : "zeek.opcua_binary_activate_session_diagnostic_info",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_activate_session_locale_id → salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_locale_id
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua.activate_session_locale_id", "description" : "zeek.opcua_binary_activate_session_locale_id",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_browse → salt/elasticsearch/files/ingest/zeek.opcua_binary_browse
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua.browse", "description" : "zeek.opcua_binary_browse",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_browse_description → salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_description
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua.browse_description", "description" : "zeek.opcua_binary_browse_description",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },

2
salt/elasticsearch/files/ingest/zeek.opcua_browse_response_references → salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_response_references
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_browse_response_references", "description" : "zeek.opcua_binary_browse_response_references",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_browse_result → salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_result
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_browse_result", "description" : "zeek.opcua_binary_browse_result",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_create_session → salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_create_session", "description" : "zeek.opcua_binary_create_session",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_create_session_endpoints → salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session_endpoints
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua", "description" : "zeek.opcua_binary",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_create_session_user_token → salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session_user_token
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_create_session_user_token", "description" : "zeek.opcua_binary_create_session_user_token",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_create_subscription → salt/elasticsearch/files/ingest/zeek.opcua_binary_create_subscription
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_create_subscription", "description" : "zeek.opcua_binary_create_subscription",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints → salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_get_endpoints", "description" : "zeek.opcua_binary_get_endpoints",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description → salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints_description
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_get_endpoints_description", "description" : "zeek.opcua_binary_get_endpoints_description",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_user_token → salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints_user_token
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_get_endpoints_user_token", "description" : "zeek.opcua_binary_get_endpoints_user_token",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_opensecure_channel → salt/elasticsearch/files/ingest/zeek.opcua_binary_opensecure_channel
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_opensecure_channel", "description" : "zeek.opcua_binary_opensecure_channel",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_read → salt/elasticsearch/files/ingest/zeek.opcua_binary_read
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_read", "description" : "zeek.opcua_binary_read",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read → salt/elasticsearch/files/ingest/zeek.opcua_binary_read_nodes_to_read
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_read_nodes_to_read", "description" : "zeek.opcua_binary_read_nodes_to_read",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_read_results → salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_read_results", "description" : "zeek.opcua_binary_read_results",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_read_results_link → salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results_link
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_read_results_link", "description" : "zeek.opcua_binary_read_results_link",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },

2
salt/elasticsearch/files/ingest/zeek.opcua_status_code_detail → salt/elasticsearch/files/ingest/zeek.opcua_binary_status_code_detail
View File

@@ -1,5 +1,5 @@
{ {
"description" : "zeek.opcua_stats_code_detail", "description" : "zeek.opcua_binary_stats_code_detail",
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },