CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3bfc3b89430449898c15de573a5af1eec665bce3
securityonion/salt/elasticsearch/files/ingest/zeek.pe
Wes Lambert 9ad16e8c71 upadte ingest config
2020-03-11 12:13:53 +00:00

25 lines
2.2 KiB
Plaintext
Raw Blame History

{
"description" : "zeek.pe",
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.id", "target_field": "log.id.fuid", "ignore_missing": true } },
{ "rename": { "field": "message2.machine", "target_field": "file.machine", "ignore_missing": true } },
{ "rename": { "field": "message2.compile_ts", "target_field": "file.compile_timestamp", "ignore_missing": true } },
{ "rename": { "field": "message2.os", "target_field": "file.os", "ignore_missing": true } },
{ "rename": { "field": "message2.subsystem", "target_field": "file.subsystem", "ignore_missing": true } },
{ "rename": { "field": "message2.is_exe", "target_field": "file.is_exe", "ignore_missing": true } },
{ "rename": { "field": "message2.is_64bit", "target_field": "file.is_64bit", "ignore_missing": true } },
{ "rename": { "field": "message2.uses_aslr", "target_field": "file.aslr", "ignore_missing": true } },
{ "rename": { "field": "message2.uses_dep", "target_field": "file.dep", "ignore_missing": true } },
{ "rename": { "field": "message2.uses_code_integrity","target_field": "file.code_integrity","ignore_missing": true } },
{ "rename": { "field": "message2.uses_seh", "target_field": "file.seh", "ignore_missing": true } },
{ "rename": { "field": "message2.has_import_table", "target_field": "file.table.import", "ignore_missing": true } },
{ "rename": { "field": "message2.has_export_table", "target_field": "file.table.export", "ignore_missing": true } },
{ "rename": { "field": "message2.has_cert_table", "target_field": "file.table.cert", "ignore_missing": true } },
{ "rename": { "field": "message2.has_debug_data", "target_field": "file.debug_data", "ignore_missing": true } },
{ "rename": { "field": "message2.section_names", "target_field": "file.section_names", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}
Reference in New Issue View Git Blame Copy Permalink