From e8e39a71053fa9bb85a49215f0f2d9cc874ad6a8 Mon Sep 17 00:00:00 2001 From: Wes Date: Tue, 29 Nov 2022 21:32:05 +0000 Subject: [PATCH] Various field renames --- .../files/ingest/zeek.bsap_ip_rdb | 2 +- .../files/ingest/zeek.bsap_serial_header | 2 +- .../files/ingest/zeek.cip_identity | 2 +- .../files/ingest/zeek.ecat_coe_info | 2 +- .../files/ingest/zeek.ecat_dev_info | 22 +++++++++---------- .../files/ingest/zeek.modbus_detailed | 2 +- .../ingest/zeek.modbus_mask_write_register | 14 ++++++------ .../zeek.modbus_read_write_multiple_registers | 2 +- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb b/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb index 7139983cf..f5ebd3a0a 100644 --- a/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb +++ b/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb @@ -10,7 +10,7 @@ { "rename": { "field": "message2.sequence", "target_field": "bsap.function.sequence", "ignore_missing": true } }, { "rename": { "field": "message2.app_func_code", "target_field": "bsap.application.function", "ignore_missing": true } }, { "rename": { "field": "message2.node_status", "target_field": "bsap.node.status", "ignore_missing": true } }, - { "rename": { "field": "message2.func_code", "target_field": "bsap.application.sub.function", "ignore_missing": true } }, + { "rename": { "field": "message2.func_code", "target_field": "bsap.application.sub_function", "ignore_missing": true } }, { "rename": { "field": "message2.variable_count", "target_field": "bsap.variable.count", "ignore_missing": true } }, { "rename": { "field": "message2.variables", "target_field": "bsap.vector.variables", "ignore_missing": true } }, { "rename": { "field": "message2.variable_value", "target_field": "bsap.vector.variable.value", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.bsap_serial_header b/salt/elasticsearch/files/ingest/zeek.bsap_serial_header index e4262b3c3..e04862783 100644 --- a/salt/elasticsearch/files/ingest/zeek.bsap_serial_header +++ b/salt/elasticsearch/files/ingest/zeek.bsap_serial_header @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.ser", "target_field": "bsap.message.serial.number", "ignore_missing": true } }, + { "rename": { "field": "message2.ser", "target_field": "bsap.message.serial_number", "ignore_missing": true } }, { "rename": { "field": "message2.dadd", "target_field": "bsap.destination.address", "ignore_missing": true } }, { "rename": { "field": "message2.sadd", "target_field": "bsap.source.address", "ignore_missing": true } }, { "rename": { "field": "message2.ctl", "target_field": "bsap.control.byte", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.cip_identity b/salt/elasticsearch/files/ingest/zeek.cip_identity index 8a9cacb29..a3522f86a 100644 --- a/salt/elasticsearch/files/ingest/zeek.cip_identity +++ b/salt/elasticsearch/files/ingest/zeek.cip_identity @@ -13,7 +13,7 @@ { "rename": { "field": "message2.product_code", "target_field": "cip.device.product.code", "ignore_missing": true } }, { "rename": { "field": "message2.revision", "target_field": "cip.device.revision", "ignore_missing": true } }, { "rename": { "field": "message2.device_status", "target_field": "cip.device.status", "ignore_missing": true } }, - { "rename": { "field": "message2.serial_number", "target_field": "cip.device.serial.number", "ignore_missing": true } }, + { "rename": { "field": "message2.serial_number", "target_field": "cip.device.serial_number", "ignore_missing": true } }, { "rename": { "field": "message2.product_name", "target_field": "cip.device.product.name", "ignore_missing": true } }, { "rename": { "field": "message2.device_state", "target_field": "cip.device.state", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_coe_info b/salt/elasticsearch/files/ingest/zeek.ecat_coe_info index 79721c920..e425e3173 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_coe_info +++ b/salt/elasticsearch/files/ingest/zeek.ecat_coe_info @@ -5,7 +5,7 @@ { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "rename": { "field": "message2.number", "target_field": "ecat.message.number", "ignore_missing": true } }, { "rename": { "field": "message2.Type", "target_field": "ecat.message.type", "ignore_missing": true } }, - { "rename": { "field": "message2.req_resp", "target_field": "ecat.request.response.type", "ignore_missing": true } }, + { "rename": { "field": "message2.req_resp", "target_field": "ecat.request.response_type", "ignore_missing": true } }, { "rename": { "field": "message2.index", "target_field": "ecat.index", "ignore_missing": true } }, { "rename": { "field": "message2.subindex", "target_field": "ecat.sub.index", "ignore_missing": true } }, { "rename": { "field": "message2.dataoffset", "target_field": "ecat.data_offset", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_dev_info b/salt/elasticsearch/files/ingest/zeek.ecat_dev_info index aab20781b..d01289e9a 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_dev_info +++ b/salt/elasticsearch/files/ingest/zeek.ecat_dev_info @@ -2,17 +2,17 @@ "description" : "zeek.ecat_dev_info", "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.slave_id", "target_field": "ecat.slave.address", "ignore_missing": true } }, - { "rename": { "field": "message2.revision", "target_field": "ecat.revision", "ignore_missing": true } }, - { "rename": { "field": "message2.dev_type", "target_field": "ecat.device.type", "ignore_missing": true } }, - { "rename": { "field": "message2.build", "target_field": "ecat.build.version", "ignore_missing": true } }, - { "rename": { "field": "message2.fmmucnt", "target_field": "ecat.fieldbus.mem.mgmt.unit", "ignore_missing": true } }, - { "rename": { "field": "message2.smcount", "target_field": "ecat.sync.manager.count", "ignore_missing": true } }, - { "rename": { "field": "message2.ports", "target_field": "ecat.port", "ignore_missing": true } }, - { "convert": { "field": "ecat.port", "type": "integer", "ignore_missing": true } }, - { "rename": { "field": "message2.dpram", "target_field": "ecat.ram.size", "ignore_missing": true } }, - { "rename": { "field": "message2.features", "target_field": "ecat.features", "ignore_missing": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, + { "rename": { "field": "message2.slave_id", "target_field": "ecat.slave.address", "ignore_missing": true } }, + { "rename": { "field": "message2.revision", "target_field": "ecat.revision", "ignore_missing": true } }, + { "rename": { "field": "message2.dev_type", "target_field": "ecat.device.type", "ignore_missing": true } }, + { "rename": { "field": "message2.build", "target_field": "ecat.build.version", "ignore_missing": true } }, + { "rename": { "field": "message2.fmmucnt", "target_field": "ecat.fieldbus.memory_mgmt_unit", "ignore_missing": true } }, + { "rename": { "field": "message2.smcount", "target_field": "ecat.sync.manager_count", "ignore_missing": true } }, + { "rename": { "field": "message2.ports", "target_field": "ecat.port", "ignore_missing": true } }, + { "convert": { "field": "ecat.port", "type": "integer", "ignore_missing": true } }, + { "rename": { "field": "message2.dpram", "target_field": "ecat.ram.size", "ignore_missing": true } }, + { "rename": { "field": "message2.features", "target_field": "ecat.features", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.modbus_detailed b/salt/elasticsearch/files/ingest/zeek.modbus_detailed index 723027679..635566c6a 100644 --- a/salt/elasticsearch/files/ingest/zeek.modbus_detailed +++ b/salt/elasticsearch/files/ingest/zeek.modbus_detailed @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } }, + { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } }, { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, { "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register b/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register index b03ff569a..d548fe615 100644 --- a/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register +++ b/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register @@ -2,13 +2,13 @@ "description" : "zeek.modbus_mask_write_register", "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } }, - { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, - { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, - { "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } }, - { "rename": { "field": "message2.and_mask", "target_field": "modbus.and.mask", "ignore_missing": true } }, - { "rename": { "field": "message2.or_mask", "target_field": "modbus.or.maks", "ignore_missing": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, + { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } }, + { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, + { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, + { "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } }, + { "rename": { "field": "message2.and_mask", "target_field": "modbus.and_mask", "ignore_missing": true } }, + { "rename": { "field": "message2.or_mask", "target_field": "modbus.or_mask", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers b/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers index c0b37fa99..234faa34f 100644 --- a/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers +++ b/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } }, + { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } }, { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, { "rename": { "field": "message2.write_start_address", "target_field": "modbus.write.start.address", "ignore_missing": true } },