mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
41 lines
4.1 KiB
Plaintext
41 lines
4.1 KiB
Plaintext
{
|
|
"description" : "bro_conn",
|
|
"processors" : [
|
|
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
|
{ "dot_expander": { "field": "id.orig_h", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.orig_h", "target_field": "source_ip", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.orig_p", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.orig_p", "target_field": "source_port", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.resp_h", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.resp_h", "target_field": "destination_ip", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "id.resp_p", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id.resp_p", "target_field": "destination_port", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.version", "target_field": "version", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.uid", "target_field": "uid", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.hassh", "target_field": "hassh", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.auth_success", "target_field": "authentication_success", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.auth_attempts", "target_field": "authentication_attempts", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.direction", "target_field": "direction", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.client", "target_field": "client", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.server", "target_field": "server", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.cipher_alg", "target_field": "cipher_algorithm", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.compression_alg", "target_field": "compression_algorithm", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.cshka", "target_field": "client_host_key_algorithms", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.host_key_alg", "target_field": "host_key_algorithm", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.hasshAlgorithms", "target_field": "hassh_algorithms", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.hasshServer", "target_field": "hassh_server", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.hasshVersion", "target_field": "hassh_version", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.kex_alg", "target_field": "kex_algorithm", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.mac_alg", "target_field": "mac_algorithm", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.sshka", "target_field": "server_host_key_algorithms", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.host_key", "target_field": "host_key", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.destination_region", "target_field": "destination_region", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.destination_city", "target_field": "destination_city", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.destination_latitude", "target_field": "destination_latitude", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.destination_longitude", "target_field": "destination_longitude", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.destination_country_code", "target_field": "destination_country_code", "ignore_missing": true } },
|
|
{ "rename": { "field": "message2.hasshServerAlgorithms", "target_field": "hassh_server_algorithms", "ignore_missing": true } },
|
|
{ "pipeline": { "name": "bro_common" } }
|
|
]
|
|
}
|