mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
43 lines
4.0 KiB
Plaintext
43 lines
4.0 KiB
Plaintext
{
|
|
"description" : "bro_http",
|
|
"processors" : [
|
|
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.uid", "target_field": "uid", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.orig_h", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.orig_h", "target_field": "source.ip", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.orig_p", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.orig_p", "target_field": "source.port", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.resp_h", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.resp_h", "target_field": "destination.ip", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.resp_p", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.resp_p", "target_field": "destination.port", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.trans_depth", "target_field": "trans_depth", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.method", "target_field": "method", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.host", "target_field": "virtual_host", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.uri", "target_field": "uri", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.referrer", "target_field": "referrer", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.version", "target_field": "version", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.user_agent", "target_field": "useragent", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.request_body_len", "target_field": "request_body_length", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.response_body_len","target_field": "response_body_length", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.status_code", "target_field": "status_code", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.status_msg", "target_field": "status_message", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.info_code", "target_field": "info_code", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.info_msg", "target_field": "info_message", "ignore_missing": true } },
|
|
{ "remove": { "field": "message2.tags", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.username", "target_field": "user", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.password", "target_field": "password", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.proxied", "target_field": "proxied", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.orig_fuids", "target_field": "orig_fuids", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.orig_filenames", "target_field": "orig_filenames", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.orig_mime_types", "target_field": "orig_mime_types", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.resp_fuids", "target_field": "resp_fuids", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.resp_filenames", "target_field": "resp_filenames", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.resp_mime_types", "target_field": "resp_mime_types", "ignore_missing": true } },
|
|
{ "script": { "lang": "painless", "source": "ctx.uri_length = ctx.uri.length()", "ignore_failure": true } },
|
|
{ "script": { "lang": "painless", "source": "ctx.useragent_length = ctx.useragent.length()", "ignore_failure": true } },
|
|
{ "script": { "lang": "painless", "source": "ctx.virtual_host_length = ctx.virtual_host.length()", "ignore_failure": true } },
|
|
{ "pipeline": { "name": "bro_common" } }
|
|
]
|
|
}
|