mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Various field renames
This commit is contained in:
Wes
@@ -10,7 +10,7 @@
|
||||
{ "rename": { "field": "message2.sequence", "target_field": "bsap.function.sequence", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.app_func_code", "target_field": "bsap.application.function", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.node_status", "target_field": "bsap.node.status", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.func_code", "target_field": "bsap.application.sub.function", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.func_code", "target_field": "bsap.application.sub_function", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.variable_count", "target_field": "bsap.variable.count", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.variables", "target_field": "bsap.vector.variables", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.variable_value", "target_field": "bsap.vector.variable.value", "ignore_missing": true } },
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"processors" : [
|
||||
{ "remove": { "field": ["host"], "ignore_failure": true } },
|
||||
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
||||
{ "rename": { "field": "message2.ser", "target_field": "bsap.message.serial.number", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.ser", "target_field": "bsap.message.serial_number", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.dadd", "target_field": "bsap.destination.address", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.sadd", "target_field": "bsap.source.address", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.ctl", "target_field": "bsap.control.byte", "ignore_missing": true } },
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
{ "rename": { "field": "message2.product_code", "target_field": "cip.device.product.code", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.revision", "target_field": "cip.device.revision", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.device_status", "target_field": "cip.device.status", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.serial_number", "target_field": "cip.device.serial.number", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.serial_number", "target_field": "cip.device.serial_number", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.product_name", "target_field": "cip.device.product.name", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.device_state", "target_field": "cip.device.state", "ignore_missing": true } },
|
||||
{ "pipeline": { "name": "zeek.common" } }
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
||||
{ "rename": { "field": "message2.number", "target_field": "ecat.message.number", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.Type", "target_field": "ecat.message.type", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.req_resp", "target_field": "ecat.request.response.type", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.req_resp", "target_field": "ecat.request.response_type", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.index", "target_field": "ecat.index", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.subindex", "target_field": "ecat.sub.index", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.dataoffset", "target_field": "ecat.data_offset", "ignore_missing": true } },
|
||||
|
||||
@@ -7,8 +7,8 @@
|
||||
{ "rename": { "field": "message2.revision", "target_field": "ecat.revision", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.dev_type", "target_field": "ecat.device.type", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.build", "target_field": "ecat.build.version", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.fmmucnt", "target_field": "ecat.fieldbus.mem.mgmt.unit", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.smcount", "target_field": "ecat.sync.manager.count", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.fmmucnt", "target_field": "ecat.fieldbus.memory_mgmt_unit", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.smcount", "target_field": "ecat.sync.manager_count", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.ports", "target_field": "ecat.port", "ignore_missing": true } },
|
||||
{ "convert": { "field": "ecat.port", "type": "integer", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.dpram", "target_field": "ecat.ram.size", "ignore_missing": true } },
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"processors" : [
|
||||
{ "remove": { "field": ["host"], "ignore_failure": true } },
|
||||
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
||||
{ "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } },
|
||||
|
||||
@@ -3,12 +3,12 @@
|
||||
"processors" : [
|
||||
{ "remove": { "field": ["host"], "ignore_failure": true } },
|
||||
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
||||
{ "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.and_mask", "target_field": "modbus.and.mask", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.or_mask", "target_field": "modbus.or.maks", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.and_mask", "target_field": "modbus.and_mask", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.or_mask", "target_field": "modbus.or_mask", "ignore_missing": true } },
|
||||
{ "pipeline": { "name": "zeek.common" } }
|
||||
]
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"processors" : [
|
||||
{ "remove": { "field": ["host"], "ignore_failure": true } },
|
||||
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
||||
{ "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } },
|
||||
{ "rename": { "field": "message2.write_start_address", "target_field": "modbus.write.start.address", "ignore_missing": true } },
|
||||
|
||||
Reference in New Issue
Block a user