CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tag & initial JSON decode for osquery logs

Browse Source
This commit is contained in:
Josh Brower
2018-12-28 13:56:06 -05:00
committed by GitHub
parent 1917b469ec
commit fff13d5861
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/logstash/files/dynamic/0006_input_beats.conf
View File

@@ -25,5 +25,16 @@ filter {
add_field => { "syslog-host_from" => "%{[beat][name]}" }
remove_field => [ "beat", "prospector", "input", "offset" ]
}
if [type] == "osquery" {
mutate {
remove_tag => ["beat"]
add_tag => ["osquery"]
}
json {
source => "message"
target => "osquery"
}
}
}