# Author: Justin Henderson
#         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
# Email: justin@hasecuritysolution.com
# Last Update: 12/14/2017 - Wes lambert
#
# This conf file is based on accepting logs for files.log from Bro systems
filter {
  if [type] == "bro_files" {
    # This is the initial parsing of the log
    csv {
      columns => ["timestamp","fuid","file_ip","destination_ip","connection_uids","source","depth","analyzer","mimetype","file_name","duration","local_orig","is_orig","seen_bytes","total_bytes","missing_bytes","overflow_bytes","timed_out","parent_fuid","md5","sha1","sha256","extracted"]
      separator => "	"
    }
	mutate {
		#add_tag => [ "conf_file_1104"]
	}
  }
}