mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
20 lines
2.0 KiB
Plaintext
20 lines
2.0 KiB
Plaintext
{
|
|
"description" : "zeek.opcua_binary_create_session",
|
|
"processors" : [
|
|
{ "remove": { "field": ["host"], "ignore_failure": true } },
|
|
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
|
|
{ "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.session_id_encoding_mask", "target_field": "opcua.session_id_encoding_mask", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.session_id_namespace_idx", "target_field": "opcua.session_id_namespace_index", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.session_id_guid", "target_field": "opcua.session_id_guid", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.auth_token_encoding_mask", "target_field": "opcua.auth_token_encoding_mask", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.auth_token_namespace_idx", "target_field": "opcua.auth_token_namespace_index", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.auth_token_guid", "target_field": "opcua.auth_token_guid", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.revised_session_timeout", "target_field": "opcua.revised_session_timeout", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.server_nonce", "target_field": "opcua.server_nonce", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.endpoint_link_id", "target_field": "opcua.endpoint_link_id", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.max_req_msg_size", "target_field": "opcua.request.max_message_size", "ignore_missing": true } },
|
|
{ "pipeline": { "name": "zeek.common" } }
|
|
]
|
|
}
|