CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 07:23:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

change suricata parsers from dataset to event.dataset

Browse Source
This commit is contained in:
Doug Burks
2023-06-08 12:31:31 -04:00
parent d1c86cb9ff
commit e5f76a9c6e
5 changed files with 33 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/suricata.tls
View File

@@ -1,7 +1,7 @@
{
"description" : "suricata.tls",
"processors" : [
{ "set": { "field": "dataset", "value": "ssl" } },
{ "set": { "field": "event.dataset", "value": "ssl" } },
{ "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } },
{ "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } },
{ "rename": { "field": "message2.tls.subject", "target_field": "ssl.certificate.subject", "ignore_missing": true } },