From 4765ef5f5cbfd663f0a8c77391b26b9f35183008 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Tue, 20 Oct 2020 22:14:23 -0400
Subject: [PATCH] Change rule_ruleset to rule.ruleset

---
 salt/elasticsearch/files/ingest/common.nids | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elasticsearch/files/ingest/common.nids b/salt/elasticsearch/files/ingest/common.nids
index 25d24926c..df6af7a85 100644
--- a/salt/elasticsearch/files/ingest/common.nids
+++ b/salt/elasticsearch/files/ingest/common.nids
@@ -6,7 +6,7 @@
     { "set":            { "if": "ctx.rule?.uuid > 1999999",             "field": "rule.reference", "value": "https://doc.emergingthreats.net/{{rule.uuid}}"                     } },
     { "convert":        { "if": "ctx.rule.uuid != null",                        "field": "rule.uuid",                   "type": "string"                                                                               } },
     { "dissect":        { "if": "ctx.rule.name != null",                        "field": "rule.name",                   "pattern" : "%{rule_type} %{rest_of_rulename} ",                                "ignore_failure": true  } },
-    { "set":            { "if": "ctx.rule_type == 'GPL'",       "field": "rule_ruleset", "value": "Snort GPL"                                                   } },
+    { "set":            { "if": "ctx.rule_type == 'GPL'",       "field": "rule.ruleset", "value": "Snort GPL"                                                   } },
     { "set":            { "if": "ctx.rule_type == 'ET'",        "field": "rule.ruleset", "value": "Emerging Threats"                                            } },
     { "set":            { "if": "ctx.rule.severity == 3",   "field": "event.severity", "value": 1, "override": true }  },
     { "set":            { "if": "ctx.rule.severity == 2",   "field": "event.severity", "value": 2, "override": true }  },