securityonion

Author	SHA1	Message	Date
Wes	40c6b380df	Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset.	2023-01-23 21:44:46 +00:00
Doug Burks	32b71fdcac	Avoid changing _index for imported logs	2022-02-26 10:36:09 -05:00
weslambert	23fb62c0d6	Split Zeek DNS records into a separate index	2022-02-24 12:52:25 -05:00
weslambert	c5b5c5858e	Rename to prevent field conflict	2022-02-02 14:31:46 -05:00
weslambert	367b59188b	Revert back to dns.answers for now	2022-01-31 09:54:39 -05:00
weslambert	8f0a327cb5	Fix Zeek field name so it doesn't conflict with mapping of other dns.answers fields	2022-01-26 15:02:59 -05:00
doug	3467f30603	Improve support for Suricata metadata #2200	2021-02-22 10:27:24 -05:00
Wes Lambert	8f5da66335	Add null safe operator for query name	2020-06-30 03:02:38 +00:00
Doug Burks	29420da565	Only process zeek.dns.tld if dns.query.name contains a dot #734 https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/734	2020-05-19 10:08:30 -04:00
Doug Burks	60d2a0818b	Add to zeek.dns and have it send to zeek.dns.tld https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/599	2020-05-15 15:31:17 -04:00
Wes Lambert	9ad16e8c71	upadte ingest config	2020-03-11 12:13:53 +00:00