CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b81223eb64c643fd7b1b45ab1ed76638b71d48c
securityonion/salt/elasticsearch/files/ingest/bro_pe

24 lines
2.0 KiB
Plaintext
Raw Blame History

{
"description" : "bro_pe",
"processors" : [
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.id", "target_field": "fuid", "ignore_missing": true } },
{ "rename": { "field": "message2.machine", "target_field": "machine", "ignore_missing": true } },
{ "rename": { "field": "message2.compile_ts", "target_field": "compile_ts", "ignore_missing": true } },
{ "rename": { "field": "message2.os", "target_field": "os", "ignore_missing": true } },
{ "rename": { "field": "message2.subsystem", "target_field": "subsystem", "ignore_missing": true } },
{ "rename": { "field": "message2.is_exe", "target_field": "is_exe", "ignore_missing": true } },
{ "rename": { "field": "message2.is_64bit", "target_field": "is_64bit", "ignore_missing": true } },
{ "rename": { "field": "message2.uses_aslr", "target_field": "uses_aslr", "ignore_missing": true } },
{ "rename": { "field": "message2.uses_dep", "target_field": "uses_dep", "ignore_missing": true } },
{ "rename": { "field": "message2.uses_code_integrity","target_field": "uses_code_integrity","ignore_missing": true } },
{ "rename": { "field": "message2.uses_seh", "target_field": "uses_seh", "ignore_missing": true } },
{ "rename": { "field": "message2.has_import_table", "target_field": "has_import_table", "ignore_missing": true } },
{ "rename": { "field": "message2.has_export_table", "target_field": "has_export_table", "ignore_missing": true } },
{ "rename": { "field": "message2.has_cert_table", "target_field": "has_cert_table", "ignore_missing": true } },
{ "rename": { "field": "message2.has_debug_data", "target_field": "has_debug_data", "ignore_missing": true } },
{ "rename": { "field": "message2.section_names", "target_field": "section_names", "ignore_missing": true } },
{ "pipeline": { "name": "bro_common" } }
]
}
Reference in New Issue View Git Blame Copy Permalink