mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
32 lines
3.1 KiB
Plaintext
32 lines
3.1 KiB
Plaintext
{
|
|
"description" : "suricata.smb",
|
|
"processors" : [
|
|
{ "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.id", "target_field": "smb.id", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.dialect", "target_field": "smb.dialect", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.command", "target_field": "smb.command", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.status", "target_field": "smb.status", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.status_code", "target_field": "smb.status_code", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.session_id", "target_field": "smb.session_id", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.tree_id", "target_field": "smb.tree_id", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.filename", "target_field": "smb.filename", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.disposition", "target_field": "smb.disposition", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.access", "target_field": "smb.access", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.created", "target_field": "smb.created", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.accessed", "target_field": "smb.accessed", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.modified", "target_field": "smb.modified ", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.changed", "target_field": "smb.changed", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.size", "target_field": "smb.size", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.share", "target_field": "smb.share", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.smb.share_type", "target_field": "smb.share_type", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.client_dialects", "target_field": "smb.client_dialects", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.client_guid", "target_field": "smb.client_guid", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.server_guid", "target_field": "smb.server_guid", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.request.native_us", "target_field": "smb.request.native_us", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.request.native_lm", "target_field": "smb.request.native_lm", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.response.native_os", "target_field": "smb.response.native_os", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.response.native_lm", "target_field": "smb.response.native_lm", "ignore_missing": true } },
|
|
{ "pipeline": { "name": "common" } }
|
|
]
|
|
} |