mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
10 lines
502 B
Plaintext
10 lines
502 B
Plaintext
{
|
|
"description": "zeek.ja4ssh",
|
|
"processors": [
|
|
{"set": {"field": "event.dataset","value": "ja4ssh"}},
|
|
{"remove": {"field": "host","ignore_missing": true,"ignore_failure": true}},
|
|
{"json": {"field": "message","target_field": "message2","ignore_failure": true}},
|
|
{"rename": {"field": "message2.ja4ssh", "target_field": "hash.ja4ssh", "ignore_missing": true, "if": "ctx?.message2?.ja4ssh != null && ctx.message2.ja4ssh.length() > 0" }},
|
|
{"pipeline": {"name": "zeek.common"}}
|
|
]
|
|
} |