mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
27 lines
696 B
Plaintext
27 lines
696 B
Plaintext
# Author: Justin Henderson
|
|
# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
|
|
# Email: justin@hasecuritysolution.com
|
|
# Last Update: 12/9/2016
|
|
#
|
|
# This file looks for McAfee EPO logs
|
|
filter {
|
|
if [type] == "mcafee" {
|
|
# NXLog should be sending the logs in JSON format so they auto parse
|
|
json {
|
|
source => "message"
|
|
}
|
|
# This section converts the UTC fields to the proper time format
|
|
date {
|
|
match => [ "ReceivedUTC", "YYYY-MM-dd HH:mm:ss" ]
|
|
target => [ "ReceivedUTC" ]
|
|
}
|
|
date {
|
|
match => [ "DetectedUTC", "YYYY-MM-dd HH:mm:ss" ]
|
|
target => [ "DetectedUTC" ]
|
|
}
|
|
mutate {
|
|
#add_tag => [ "conf_file_1032"]
|
|
}
|
|
}
|
|
}
|