CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
65165e52f4c77a39833a1e89c00ea0b799bf1257
securityonion/salt/sensoroni/files/analyzers/localfile/README.md
Wes Lambert b93512eb01 Adjust verbiage around pillar configuration
2022-05-24 12:36:32 +00:00

888 B
Raw Blame History

Localfile

Description

Utilize a local CSV file (or multiple) for associating a value to contextual data.

Configuration Requirements

file_path - Path(s) used for CSV files containing associative data. CSV files can be dropped in the analyzer directory, with file_path specified like mycsv.csv.

  • The value in the first column is used for matching
  • Header information should be supplied, as it is used for dynamically creating result sets
  • Matches will be aggregated from the provided CSV files

The content of the CSV file(s) should be similar to the following:

Ex.

MatchValue,MatchDescription,MatchReference
abcd1234,ThisIsADescription,https://siteabouthings.abc

The file_path value(s) should be set in the sensoroni pillar, like so:

sensoroni:
  analyzers:
    localfile:
      file_path:
        - $file_path1
        - $file_path2
Reference in New Issue View Git Blame Copy Permalink