mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
183 lines
3.5 KiB
Plaintext
183 lines
3.5 KiB
Plaintext
# Updated by: Doug Burks
|
|
# Last Update: 5/16/2017
|
|
|
|
input {
|
|
file {
|
|
path => "/nsm/import/bro/conn*"
|
|
type => "bro_conn"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/dce_rpc*"
|
|
type => "bro_dce_rpc"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/dhcp*"
|
|
type => "bro_dhcp"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/dnp3*"
|
|
type => "bro_dnp3"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/dns*"
|
|
type => "bro_dns"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/dpd*"
|
|
type => "bro_dpd"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/files*"
|
|
type => "bro_files"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/ftp*"
|
|
type => "bro_ftp"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/http*"
|
|
type => "bro_http"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/intel*"
|
|
type => "bro_intel"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/irc*"
|
|
type => "bro_irc"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/kerberos*"
|
|
type => "bro_kerberos"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/modbus*"
|
|
type => "bro_modbus"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/mysql*"
|
|
type => "bro_mysql"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/notice*"
|
|
type => "bro_notice"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/ntlm*"
|
|
type => "bro_ntlm"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/pe*"
|
|
type => "bro_pe"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/radius*"
|
|
type => "bro_radius"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/rdp*"
|
|
type => "bro_rdp"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/rfb*"
|
|
type => "bro_rfb"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/signatures*"
|
|
type => "bro_signatures"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/sip*"
|
|
type => "bro_sip"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/smb_files*"
|
|
type => "bro_smb_files"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/smb_mapping*"
|
|
type => "bro_smb_mapping"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/smtp*"
|
|
type => "bro_smtp"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/snmp*"
|
|
type => "bro_snmp"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/socks*"
|
|
type => "bro_socks"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/software*"
|
|
type => "bro_software"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/ssh*"
|
|
type => "bro_ssh"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/ssl*"
|
|
type => "bro_ssl"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/syslog*"
|
|
type => "bro_syslog"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/tunnel*"
|
|
type => "bro_tunnels"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/weird*"
|
|
type => "bro_weird"
|
|
tags => ["bro", "import"]
|
|
}
|
|
file {
|
|
path => "/nsm/import/bro/x509*"
|
|
type => "bro_x509"
|
|
tags => ["bro", "import"]
|
|
}
|
|
}
|
|
filter {
|
|
if "import" in [tags] {
|
|
mutate {
|
|
#add_tag => [ "conf_file_0006"]
|
|
}
|
|
}
|
|
}
|