mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
40 lines
664 B
Plaintext
40 lines
664 B
Plaintext
{
|
|
"description": "RITA DNS",
|
|
"processors": [
|
|
{
|
|
"set": {
|
|
"field": "event.dataset",
|
|
"value": "dns",
|
|
"override": true
|
|
}
|
|
},
|
|
{
|
|
"csv": {
|
|
"field": "message",
|
|
"target_fields": [
|
|
"dns.question.name",
|
|
"dns.question.subdomain_count",
|
|
"dns.question.count"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"convert": {
|
|
"field": "dns.question.subdomain_count",
|
|
"type": "integer"
|
|
}
|
|
},
|
|
{
|
|
"convert": {
|
|
"field": "dns.question.count",
|
|
"type": "integer"
|
|
}
|
|
},
|
|
{
|
|
"pipeline": {
|
|
"name": "common"
|
|
}
|
|
}
|
|
]
|
|
}
|